Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help with gebcb.dll [RESOLVED]


  • This topic is locked This topic is locked

#1
sweets35

sweets35

    Member

  • Member
  • PipPip
  • 59 posts
Hi there...2 weeks ago I posted for help for the wvvwa worm and got rid of it, but we did see this gebcb worm in there also. Haven't heard back as to what to do about it, but this morning I ran Nortons and it said I had one infection, that gebcb thing but it can't fix it, so it is in quarantine. Would appreciated any help to get rid of it. Didn't know if I should post it under my old problem, which is named "think I have wvvwa worm" or start a new one, but here is the latest log.

Here is my log from Hijack...Thanx in advance!!!
************************************************************************

Logfile of HijackThis v1.99.1
Scan saved at 11:00:36 AM, on 11/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.snet.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Compaq Organize.lnk = ?
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi Sweets35

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Double-click the file to install it as follows:
    • Click "Next", read the agreement, Click "Next"
    • Choose "Custom" click "Next".
    • Leave the default installation directory as it is, then click "Next".
    • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
    • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
    • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

  • 0

#3
sweets35

sweets35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
It asks me if I want to run...save or cancel, do I click on save or run? Sorry, but a computer dummy I am.

I clicked on run and it started to download to a temp folder. I am totally lost here. If I am to save it, where do I save it to??

Edited by sweets35, 13 November 2005 - 12:29 PM.

  • 0

#4
sweets35

sweets35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
It took awhile, but hopefully I did it right. Thanx again......:tazz:





********
2:49 PM: | Start of Session, Sunday, November 13, 2005 |
2:49 PM: Spy Sweeper started
2:49 PM: Sweep initiated using definitions version 572
2:49 PM: Starting Memory Sweep
2:52 PM: Memory Sweep Complete, Elapsed Time: 00:02:44
2:52 PM: Starting Registry Sweep
2:52 PM: Registry Sweep Complete, Elapsed Time:00:00:34
2:52 PM: Starting Cookie Sweep
2:52 PM: Found Spy Cookie: casalemedia cookie
2:52 PM: owner@casalemedia[1].txt (ID = 2354)
2:52 PM: Found Spy Cookie: fastclick cookie
2:52 PM: owner@fastclick[1].txt (ID = 2651)
2:52 PM: Found Spy Cookie: gostats cookie
2:52 PM: owner@gostats[2].txt (ID = 2747)
2:52 PM: Found Spy Cookie: statcounter cookie
2:52 PM: owner@statcounter[1].txt (ID = 3447)
2:52 PM: Found Spy Cookie: tribalfusion cookie
2:52 PM: owner@tribalfusion[1].txt (ID = 3589)
2:52 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
2:53 PM: Starting File Sweep
3:10 PM: Warning: Invalid file - not a PKZip file
3:11 PM: File Sweep Complete, Elapsed Time: 00:18:11
3:11 PM: Full Sweep has completed. Elapsed time 00:21:39
3:11 PM: Traces Found: 5
3:11 PM: Removal process initiated
3:11 PM: Quarantining All Traces: casalemedia cookie
3:11 PM: Quarantining All Traces: fastclick cookie
3:11 PM: Quarantining All Traces: gostats cookie
3:11 PM: Quarantining All Traces: statcounter cookie
3:11 PM: Quarantining All Traces: tribalfusion cookie
3:12 PM: Removal process completed. Elapsed time 00:00:12
********
2:36 PM: | Start of Session, Sunday, November 13, 2005 |
2:36 PM: Spy Sweeper started
2:46 PM: Your spyware definitions have been updated.
2:49 PM: | End of Session, Sunday, November 13, 2005 |
  • 0

#5
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,will you copy the Panda Results from your other post with the Vundo file thats still showing.
  • 0

#6
sweets35

sweets35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
This is all I could find, as I don't see any vundo report. If need be, I can give U the link to my original post.


Hope I did this right, as it made me go thru quite abit of things! This is the Panda report:

Incident Status Location

Spyware:spyware/searchcentrix No disinfected Windows Registry
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\system32\gebcb.dll

Now I will go run Hijack and file a report.
*********************************************************

I just re read my post about the other worm, and don't think I was able to run the Vundo thing Here is the link to my last problem:

http://www.geekstogo...3&hl=wvvwa worm

Edited by sweets35, 13 November 2005 - 03:19 PM.

  • 0

#7
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,lets see if we can locate and delete that file

Make sure Windows is Showing Hidden Files
http://www.bleepingc...al62.html#winxp


Now navigate to--> C:\WINDOWS\System32

Open the System32 folder-> Locate and Delete--> gebcb.dll

Once that file is deleted,the bulk of all your issues is resolved.

The searchcentrix entries that Panda is Identifying in the registry are dead entries from a previous Infection.

Programs such as Ad Aware and Spybot will usually locate and remove these.

You can also use Trend Micros Anti-Spyware for the Web
http://www.trendmicr...m/spyware-scan/


Try that AntiSpyware Scan and see what results it yields.

Post back with any results you can save.
  • 0

#8
sweets35

sweets35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hi again...I don't have an icon called my computer on my desktop, but went from start to my computer and all those items were checked off already, as a friend had me check them off when we were running a search for the other worm I had. I went to C and located system folder 32 and the only thing I find is 2 icons, one is named ntdll.dll and smss.exe. Now I am totally lost!!!....... :tazz:


Did a search for gebcb.dll and it came back with C:\Docs&Settings\owner\local settings\temp internet files.

I went there, and all I could find was gebcb.dll and along side it was what I posted here before:

I just re read my post about the other worm, and don't think I was able to run the Vundo thing.

It was listed as a JSP file.
*******************************************

Ran Trendmicro...Results:

Fastclick.net 1 item
IE cache\fastclick.net

Profiling cookie 1 item
IE cache\casalemedia.com

2020 search item 1 item
IE KCU\Software\Dynamic Toolbar\

Hotbar.com Inc. 1 item
c:\Docs& Settings\owner\mydocs\mypictures\smiley gifs\smileyflower.gif

I didn't delete anything as I was unsure what to do.

Edited by sweets35, 13 November 2005 - 08:04 PM.

  • 0

#9
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,download CCleaner from here
http://www.filehippo...d_ccleaner.html
This is to help keep those Temporary Files Cleaned Up!

All you will want to use on this is the Opening Page(Windows Tab)Just Click Run Cleaner and let it do its thing


Open Internet Explorer,
Select Tools,
Select Internet Options
Select Delete Cookies and Delete Files(Check the box for Delete all offline content)

Go to Start,
Select All Programs
Select Accessories
Select System Tools
Select and Run Disk Cleanup(Make sure that all boxes are checked for cleaning)


Now locate and Delete--> C:\Documents and Settings\Owner\My Documents\MyPictures\smiley gifs\smileyflower.gif


Next,Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Post back with a fresh HijackThis log and the results of the Online Scan.
  • 0

#10
sweets35

sweets35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Cretemonster, U have been extremely helpful, but on this post I am lost. I really don't understand what U want me to download. When I click on the link I see Ccleaner, registry cleaner and a bunch of other things, so I don't want to just guess at what to download. Also, did U want me to run this thing before I do these things?:

Open Internet Explorer,
Select Tools,
Select Internet Options
Select Delete Cookies and Delete Files(Check the box for Delete all offline content)

Go to Start,
Select All Programs
Select Accessories
Select System Tools
Select and Run Disk Cleanup(Make sure that all boxes are checked for cleaning)

Sorry I have so many questions, but as I said before, I am not familiar with doing this stuff and have noone to ask but the person who is instructing me. When I download this thing, do I pick where I download it to, or does it automatically go where is pleases? Is this thing run online or off?

I thank U in advance for your patience, as I know U are trying to be extremely helpful, I just am getting very confused. Guess I am just one of those folks who needs step by step instructions. When I click on the Ccleaner I get taken to 2 other pages, one says download registry cleaner and asks to save or run, and I think I am suppose to save it, that is where I am totally lost, save it to what?

Again, I truly thank you, and am sorry for so many questions....... :tazz:
  • 0

Advertisements


#11
sweets35

sweets35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Ok, I downloaded where it says download lastest version, it is on my desktop. When I go to install it, it asks me where, so I put C, then when I go to the next, it gives me a whole bunch of clicked off things to install, like add desktop shortcut, add menu shortcuts, add run cleaner option to recycling bin menu, add open cleaner, automatically check for updates to ccleaner, but may not work with firewall. I have a firewall, and U just wanted me to run the cleaner, so what should I option off, or did I download the wrong thing?

When I get to the install part I just hit cancel, as until I know exactly what to do, I am not installing it. Please advice where to install, and what to check off before installing. Thanx a million!!!

Edited by sweets35, 14 November 2005 - 01:57 PM.

  • 0

#12
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
CC is a normal install,just uncheck the boxes by Add cc to the recycle bin.

If I remember right,theres 5 boxes with checks in them,I only leave the checks for

Desktop Shortcut and Automatically Update.

The other 3 I uncheck.

The fact that you wait before clicking,tells me you have learned an awful lot about the Internet in a short period of time!

Good for You! :tazz:

Post back with any other questions and feel free to PM me if you need to.
  • 0

#13
sweets35

sweets35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hi Crete.....Yes, I learned from a previous experience NOT to download anything unless I know what it is. I was even suspicious to download the stuff I have from here, especially since I am not familiar with this stuff.

Here is the Kaspesky report, could this be the quarantined thing I left in my Nortons box?? Will do another Hijack report and post. Thanx again for your help and understanding....... :tazz:

**********************************************************

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, November 15, 2005 11:52:50
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 15/11/2005
Kaspersky Anti-Virus database records: 159940
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 59156
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 3486 sec

Infected Object Name - Virus Name
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\794A101D.dll Infected: Trojan-Downloader.Win32.Agent.yf

Scan process completed.

*********************************************************************
Hijack report:

Logfile of HijackThis v1.99.1
Scan saved at 12:03:40 PM, on 11/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.snet.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Compaq Organize.lnk = ?
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by sweets35, 15 November 2005 - 11:06 AM.

  • 0

#14
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi sweets35, my name is Trevuren. Cretemonster has to be away from the site for a bit and has asked me to step in and try and assisst you.

What is your problem exactly? Is it just the Kaspersky report?

Please describe your problem to me in as much detail as possible.

Regards,

Trevuren

  • 0

#15
sweets35

sweets35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hi there.....Sunday my Norton ran as usual and said it found the gebcb.dll thingy and shoved it in quarantine, so I just left it there. I try to send it but as usual I get Norton's is aware of it, so I don't bother.

About 4 weeks ago I had Tampabelle help me get rid of the wvvwa.dll worm and when I ran Panda it said I had this new one but I never heard back. Now since Nortons found it, I asked for help with it and have done what Cretemonster asked and posted the results.

When I had the wvvwa thing my puter wouldn't stay in the standby mode, but since getting rid of it, that has finally stopped...THANK GOD!! Now I'm just wondering if the report I got today from Kaspersky is the result of me still having the thing in quarantine, or is it elsewhere. Guess I am really looking for a clean bill of health for this thing, I have downloaded so much, I have icons all over the place, which I need to get rid of as soon as I get the all clear. Crete has been great helping me, as I told him, I am not familiar with the technical part of computers, so U folks get alot of questions...... :)

I've posted what Crete asked, so guess it is up to U to see if I am free of this thing or what, GOOD LUCK! Thanx so much for stepping in, I am very grateful for all the help, and tell Cretemonster I said HI.. :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP