Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winfixer Ad Popup And Possibly Others


  • Please log in to reply
5 replies to this topic

#1 dib

dib

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 23 November 2005 - 11:11 PM

Definitely have the WinFixer popup, but popups for other sites also occur. Don't know if all due to WinFixer or not. Below is HijackThis log file for this computer (also have problem on another computer). Thanks for your help!

Logfile of HijackThis v1.99.1
Scan saved at 8:59:28 PM, on 11/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\cms.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\Common Files\Business Objects\3.0\bin\crystalras.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\win32_x86\cacheserver.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\pageserver.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\procDest.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\EventServer.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\inputfileserver.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\JobServer.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\pageserver.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\outputfileserver.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\procLov.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\ProgramServer.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\procWebi.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\WIReportServer.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\geebx.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Business Objects\JRE\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132543106409
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - http://transfers.one.microsoft.com/FTM/Tra...ransferCtrl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: geebx - C:\WINDOWS\system32\geebx.dll
O23 - Service: Central Management Server (BOBJCentralMS) - Unknown owner - C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\cms.exe" -service -name colorado.cms -restart -noauditor (file missing)
O23 - Service: Report Application Server (BOBJCrystalReportApplicationServer) - Unknown owner - C:\Program Files\Common Files\Business Objects\3.0\bin\crystalras.exe" -service -name colorado.RAS -ns colorado -ipport -restart (file missing)
O23 - Service: Crystal Reports Cache Server (BOBJCrystalReportsCacheServer) - Unknown owner - C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\win32_x86\cacheserver.exe" -service -name colorado.cacheserver -cache -nops -deleteCache -ns colorado -restart (file missing)
O23 - Service: Crystal Reports Page Server (BOBJCrystalReportspageserver) - Unknown owner - C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\pageserver.exe" -service -name colorado.pageserver -ns colorado -restart (file missing)
O23 - Service: Destination Job Server (BOBJDestinationServer) - Unknown owner - C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\procDest.exe" -service -name colorado.destinationjobserver -ns colorado -objectType CrystalEnterprise.Destination -lib procDest -restart -jsTypeDescription "Destination Job Server (file missing)
O23 - Service: Event Server (BOBJEventServer) - Unknown owner - C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\EventServer.exe" -service -name colorado.eventserver -ns colorado -restart (file missing)
O23 - Service: Input File Repository Server (BOBJInputFileServer) - Unknown owner - C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\inputfileserver.exe" -service -name Input.colorado -ns colorado -restart (file missing)
O23 - Service: Crystal Reports Job Server (BOBJJobServer_Report) - Unknown owner - C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\JobServer.exe" -service -name colorado.reportjobserver -ns colorado -objectType CrystalEnterprise.Report -lib procReport -restart -jsTypeDescription "Crystal Reports Job Server (file missing)
O23 - Service: Output File Repository Server (BOBJOutputFileServer) - Unknown owner - C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\outputfileserver.exe" -service -name Output.colorado -ns colorado -restart (file missing)
O23 - Service: List of Values Job Server (BOBJProcessServer) - Unknown owner - C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\procLov.exe" -service -name colorado.ListOfValuesJobServer -ns colorado -objectType CrystalEnterprise.MetaData.MetaDataRepositoryInfo -lib procLOV -restart -jsTypeDescription "List of Values Job Server (file missing)
O23 - Service: Program Job Server (BOBJProgramServer) - Unknown owner - C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\ProgramServer.exe" -service -name colorado.programjobserver -ns colorado -objectType CrystalEnterprise.Program -lib procProgram -restart -jsTypeDescription "Program Job Server (file missing)
O23 - Service: Web Intelligence Job Server (BOBJWebiServer) - Unknown owner - C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\procWebi.exe" -service -name colorado.Web_IntelligenceJobServer -ns colorado -objectType CrystalEnterprise.Webi -lib procwebi -restart -jsTypeDescription "Web Intelligence Job Server (file missing)
O23 - Service: Web Intelligence Report Server (BOBJWICDZ) - Unknown owner - C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\WIReportServer.exe" -service -name colorado.Web_IntelligenceReportServer -ns colorado -restart (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:20 AM

Posted 25 November 2005 - 02:53 PM

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Then reboot your computer - IMPORTANT
Then post a new HJT log

David

#3 dib

dib
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 27 November 2005 - 04:49 PM

Here is the SpySeeper log, followed by the updated HJT log - thanks!:

1:37 PM: | Start of Session, Sunday, November 27, 2005 |
1:37 PM: Spy Sweeper started
1:37 PM: Sweep initiated using definitions version 575
1:37 PM: Starting Memory Sweep
1:38 PM: Found Adware: virtumonde
1:38 PM: Detected running threat: C:\WINDOWS\system32\geebx.dll (ID = 77)
1:45 PM: Memory Sweep Complete, Elapsed Time: 00:07:44
1:45 PM: Starting Registry Sweep
1:45 PM: Registry Sweep Complete, Elapsed Time:00:00:37
1:45 PM: Starting Cookie Sweep
1:45 PM: Found Spy Cookie: pointroll cookie
1:45 PM: administrator@ads.pointroll[2].txt (ID = 3148)
1:45 PM: Found Spy Cookie: adultfriendfinder cookie
1:45 PM: administrator@adultfriendfinder[1].txt (ID = 2165)
1:45 PM: Found Spy Cookie: nextag cookie
1:45 PM: administrator@nextag[2].txt (ID = 5014)
1:45 PM: Found Spy Cookie: tribalfusion cookie
1:45 PM: administrator@tribalfusion[1].txt (ID = 3589)
1:45 PM: Found Spy Cookie: adserver cookie
1:45 PM: administrator@z1.adserver[1].txt (ID = 2142)
1:45 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
1:46 PM: Starting File Sweep
2:04 PM: File Sweep Complete, Elapsed Time: 00:18:38
2:04 PM: Full Sweep has completed. Elapsed time 00:27:11
2:04 PM: Traces Found: 6
2:18 PM: Removal process initiated
2:18 PM: Quarantining All Traces: virtumonde
2:19 PM: virtumonde is in use. It will be removed on reboot.
2:19 PM: C:\WINDOWS\system32\geebx.dll is in use. It will be removed on reboot.
2:19 PM: Quarantining All Traces: adserver cookie
2:19 PM: Quarantining All Traces: adultfriendfinder cookie
2:19 PM: Quarantining All Traces: nextag cookie
2:19 PM: Quarantining All Traces: pointroll cookie
2:19 PM: Quarantining All Traces: tribalfusion cookie
2:19 PM: Removal process completed. Elapsed time 00:01:02
********
1:35 PM: | Start of Session, Sunday, November 27, 2005 |
1:35 PM: Spy Sweeper started
1:37 PM: Your spyware definitions have been updated.
1:37 PM: | End of Session, Sunday, November 27, 2005 |

____________________________________________________


Logfile of HijackThis v1.99.1
Scan saved at 2:32:32 PM, on 11/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\geebx.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Business Objects\JRE\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132543106409
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - http://transfers.one.microsoft.com/FTM/Tra...ransferCtrl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: geebx - C:\WINDOWS\system32\geebx.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Central Management Server (BOBJCentralMS) - Unknown owner - C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\cms.exe" -service -name colorado.cms -restart -noauditor (file missing)
O23 - Service: Report Application Server (BOBJCrystalReportApplicationServer) - Unknown owner - C:\Program Files\Common Files\Business Objects\3.0\bin\crystalras.exe" -service -name colorado.RAS -ns colorado -ipport -restart (file missing)
O23 - Service: Crystal Reports Cache Server (BOBJCrystalReportsCacheServer) - Unknown owner - C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\win32_x86\cacheserver.exe" -service -name colorado.cacheserver -cache -nops -deleteCache -ns colorado -restart (file missing)
O23 - Service: Crystal Reports Page Server (BOBJCrystalReportspageserver) - Unknown owner - C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\pageserver.exe" -service -name colorado.pageserver -ns colorado -restart (file missing)
O23 - Service: Destination Job Server (BOBJDestinationServer) - Unknown owner - C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\procDest.exe" -service -name colorado.destinationjobserver -ns colorado -objectType CrystalEnterprise.Destination -lib procDest -restart -jsTypeDescription "Destination Job Server (file missing)
O23 - Service: Event Server (BOBJEventServer) - Unknown owner - C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\EventServer.exe" -service -name colorado.eventserver -ns colorado -restart (file missing)
O23 - Service: Input File Repository Server (BOBJInputFileServer) - Unknown owner - C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\inputfileserver.exe" -service -name Input.colorado -ns colorado -restart (file missing)
O23 - Service: Crystal Reports Job Server (BOBJJobServer_Report) - Unknown owner - C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\JobServer.exe" -service -name colorado.reportjobserver -ns colorado -objectType CrystalEnterprise.Report -lib procReport -restart -jsTypeDescription "Crystal Reports Job Server (file missing)
O23 - Service: Output File Repository Server (BOBJOutputFileServer) - Unknown owner - C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\outputfileserver.exe" -service -name Output.colorado -ns colorado -restart (file missing)
O23 - Service: List of Values Job Server (BOBJProcessServer) - Unknown owner - C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\procLov.exe" -service -name colorado.ListOfValuesJobServer -ns colorado -objectType CrystalEnterprise.MetaData.MetaDataRepositoryInfo -lib procLOV -restart -jsTypeDescription "List of Values Job Server (file missing)
O23 - Service: Program Job Server (BOBJProgramServer) - Unknown owner - C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\ProgramServer.exe" -service -name colorado.programjobserver -ns colorado -objectType CrystalEnterprise.Program -lib procProgram -restart -jsTypeDescription "Program Job Server (file missing)
O23 - Service: Web Intelligence Job Server (BOBJWebiServer) - Unknown owner - C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\procWebi.exe" -service -name colorado.Web_IntelligenceJobServer -ns colorado -objectType CrystalEnterprise.Webi -lib procwebi -restart -jsTypeDescription "Web Intelligence Job Server (file missing)
O23 - Service: Web Intelligence Report Server (BOBJWICDZ) - Unknown owner - C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\WIReportServer.exe" -service -name colorado.Web_IntelligenceReportServer -ns colorado -restart (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:20 AM

Posted 28 November 2005 - 11:51 AM

With IE closed, run Hijack This again.
Put a checkmark on these entries and hit "fix checked":

O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\geebx.dll (file missing)
O20 - Winlogon Notify: geebx - C:\WINDOWS\system32\geebx.dll (file missing)


How's everything running>

David

#5 dib

dib
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 28 November 2005 - 09:50 PM

Appears to have solved it. Thanks so much for your help!

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:20 AM

Posted 29 November 2005 - 01:51 PM

Ok! Glad i was able to help you! :thumbsup:

The log is clean! :flowers:

If i have helped you please consider making a donation using the "make a donation" button in my signature. My help is free, but please consider it to keep me fighting spyware for you and others! :trumpet: :inlove:

Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users