Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Gadcom.exe and Possibly other things

Started by astaroth189 , Dec 24 2008 10:24 AM

Please log in to reply

#16
kahdah

Posted 06 January 2009 - 06:01 PM

GeekU Teacher

Retired Staff
15,822 posts

Hmm that is strange I would like to run one more scan to double check.
==============
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer
This will start the program and scan your system.
The scan will take a while, so be patient and let it run.
Once the scan is complete, click on View scan report
Now, click on the Save Report as button.
Save the file to your desktop.
Copy and paste that information in your next post.

#17
astaroth189

Posted 08 January 2009 - 06:51 AM

Member

Topic Starter
Member
28 posts

K woo, scan took almost 8 hours haha. Here is the report that came back.

KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, January 8, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, January 07, 2009 12:39:17
Records in database: 1577944
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 185766
Threat name: 35
Infected objects: 52
Suspicious objects: 0
Duration of the scan: 07:53:45

File name / Threat name / Threats count
C:\Documents and Settings\HP_Owner\.housecall6.6\Quarantine\1360296.exe.bac_a36564 Infected: Trojan-Mailfinder.Win32.Bagle.e 1
C:\Documents and Settings\HP_Owner\.housecall6.6\Quarantine\16173640.exe.bac_a36564 Infected: Trojan-Mailfinder.Win32.Bagle.e 1
C:\Documents and Settings\HP_Owner\.housecall6.6\Quarantine\1773937.exe.bac_a36564 Infected: Trojan-Mailfinder.Win32.Bagle.e 1
C:\Documents and Settings\HP_Owner\.housecall6.6\Quarantine\1961734.exe.bac_a36564 Infected: Trojan-Mailfinder.Win32.Bagle.e 1
C:\Documents and Settings\HP_Owner\.housecall6.6\Quarantine\907671.exe.bac_a36564 Infected: Trojan-Mailfinder.Win32.Bagle.e 1
C:\Documents and Settings\HP_Owner\.housecall6.6\Quarantine\bkbegfwp.dll.bac_a36564 Infected: Trojan.Win32.BHO.g 1
C:\Documents and Settings\HP_Owner\.housecall6.6\Quarantine\ejrtfcsw.dll.bac_a36564 Infected: not-a-virus:AdWare.Win32.Virtumonde.ar 1
C:\Documents and Settings\HP_Owner\.housecall6.6\Quarantine\jrsoyiqh.dll.bac_a21324 Infected: Trojan-Spy.Win32.VBStat.h 1
C:\Documents and Settings\HP_Owner\.housecall6.6\Quarantine\newdotnet3_88.dll.bac_a36564 Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Documents and Settings\HP_Owner\.housecall6.6\Quarantine\ravpbteg.dll.bac_a21324 Infected: Trojan-Spy.Win32.VBStat.h 1
C:\Documents and Settings\HP_Owner\.housecall6.6\Quarantine\xmywjjor.exe.bac_a36564 Infected: not-a-virus:AdWare.Win32.Agent.at 1
C:\Documents and Settings\HP_Owner\My Documents\My eBooks\abcl1024wp.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Documents and Settings\HP_Owner\My Documents\My eBooks\abcl1024wp.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 2
C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\QooBox\Quarantine\C\Documents and Settings\HP_Owner\Application Data\gadcom\gadcom.exe.vir Infected: Trojan.Win32.Agent.axoc 1
C:\QooBox\Quarantine\C\RECYCLER\is67168.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hl 1
C:\QooBox\Quarantine\C\RECYCLER\mc-110-12-0002228.exe.vir Infected: Trojan-Downloader.Win32.Adload.jm 1
C:\QooBox\Quarantine\C\RECYCLER\te-110-12-0000387.exe.vir Infected: Trojan-Downloader.Win32.Adload.jm 1
C:\QooBox\Quarantine\C\WINDOWS\cru629.dat.vir Infected: Backdoor.Win32.Small.cyb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\abhgef.dll.vir Infected: Trojan.Win32.Monder.afdj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\cru629.dat.vir Infected: Backdoor.Win32.Small.cyb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\dhjskkju.dll.vir Infected: Trojan.Win32.Monder.afdj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\__.zip Infected: Backdoor.Win32.TDSS.bkw 1
C:\QooBox\Quarantine\C\WINDOWS\system32\iifcBrpp.dll.vir Infected: Trojan.Win32.Monder.afdk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jkse73hedfdgf.dll.vir Infected: Trojan.Win32.Pakes.mgk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lmrjrmbu.dll.vir Infected: Trojan.Win32.Monder.afdh 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJddebB.dll.vir Infected: Trojan.Win32.Monder.agvv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\prunnet.exe.vir Infected: Trojan-Clicker.Win32.VB.cqq 1
C:\QooBox\Quarantine\C\WINDOWS\system32\qoMeFyxu.dll.vir Infected: Trojan.Win32.Monderb.aaiq 1
C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSarxx.dll.vir Infected: Backdoor.Win32.TDSS.asz 1
C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSnvuo.dll.vir Infected: Trojan.Win32.Agent.arvz 1
C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSoitt.dll.vir Infected: Backdoor.Win32.TDSS.blh 1
C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSvoqm.dll.vir Infected: Backdoor.Win32.TDSS.atb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvTmLDu.dll.vir Infected: Trojan.Win32.Monderb.aake 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tyshb36rfjdf.dll.vir Infected: Trojan-Downloader.Win32.Small.ahmz 1
C:\QooBox\Quarantine\C\WINDOWS\system32\users32.dat.vir Infected: not-a-virus:AdWare.Win32.Agent.zo 1
C:\VundoFix Backups\avcfochn.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb 1
C:\VundoFix Backups\awtsqnn.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.id 1
C:\VundoFix Backups\clwocnpn.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb 1
C:\VundoFix Backups\dbibdcjq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb 1
C:\VundoFix Backups\ddayx.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ic 1
C:\VundoFix Backups\efccyyw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ib 1
C:\VundoFix Backups\gebawur.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.in 1
C:\VundoFix Backups\iedrppnw.dll.bad Infected: Trojan.Win32.BHO.g 1
C:\VundoFix Backups\nnnmkjk.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.bq 1
C:\VundoFix Backups\pmkji.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fp 1
C:\VundoFix Backups\rqrppmm.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.bq 1
C:\VundoFix Backups\sstqp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ic 1
C:\VundoFix Backups\vtsqn.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fp 1
C:\VundoFix Backups\yayaaaw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.id 1
C:\VundoFix Backups\ykugramq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ir 1

The selected area was scanned.

#18
kahdah

Posted 08 January 2009 - 07:40 AM

GeekU Teacher

Retired Staff
15,822 posts

Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:files
C:\Documents and Settings\HP_Owner\.housecall6.6
C:\Documents and Settings\HP_Owner\My Documents\My eBooks\abcl1024wp.exe 
C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE

Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
===================================
AFter that post one more Hijackthis log and let me know if things are back to normal?

#19
astaroth189

Posted 08 January 2009 - 08:06 AM

Member

Topic Starter
Member
28 posts

Here are the reports. Everything is functioning fine after the boot up. But As far as how it's loading up it's still doing the 3 minute blank screen before anything shows up. After timin it, it takes about 6 minutes for the whole boot up. But after that every thing is as normal.

========== FILES ==========
C:\Documents and Settings\HP_Owner\.housecall6.6\Update\AU_Cache\housecall65.trendmicro.com moved successfully.
C:\Documents and Settings\HP_Owner\.housecall6.6\Update\AU_Cache moved successfully.
C:\Documents and Settings\HP_Owner\.housecall6.6\Update moved successfully.
C:\Documents and Settings\HP_Owner\.housecall6.6\Quarantine moved successfully.
C:\Documents and Settings\HP_Owner\.housecall6.6\Pattern\AU_Backup\3\2048 moved successfully.
C:\Documents and Settings\HP_Owner\.housecall6.6\Pattern\AU_Backup\3 moved successfully.
C:\Documents and Settings\HP_Owner\.housecall6.6\Pattern\AU_Backup moved successfully.
C:\Documents and Settings\HP_Owner\.housecall6.6\Pattern moved successfully.
C:\Documents and Settings\HP_Owner\.housecall6.6\log moved successfully.
C:\Documents and Settings\HP_Owner\.housecall6.6\Licences moved successfully.
C:\Documents and Settings\HP_Owner\.housecall6.6\jars moved successfully.
C:\Documents and Settings\HP_Owner\.housecall6.6\AU_Temp moved successfully.
C:\Documents and Settings\HP_Owner\.housecall6.6\AU_Log moved successfully.
C:\Documents and Settings\HP_Owner\.housecall6.6\AU_Backup\3\536875008 moved successfully.
C:\Documents and Settings\HP_Owner\.housecall6.6\AU_Backup\3 moved successfully.
C:\Documents and Settings\HP_Owner\.housecall6.6\AU_Backup moved successfully.
C:\Documents and Settings\HP_Owner\.housecall6.6 moved successfully.
C:\Documents and Settings\HP_Owner\My Documents\My eBooks\abcl1024wp.exe moved successfully.
C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01082009_084500

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:38 AM, on 1/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\FlexiSIGN-PRO 7.6v1\Program\App.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\HP_Owner\Desktop\Protect\OTMoveIt3.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.103:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.aka...vex-2.0.5.1.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 11977 bytes

#20
kahdah

Posted 08 January 2009 - 08:08 AM

GeekU Teacher

Retired Staff
15,822 posts

Hi let's try this for that issue:

Go to Start >Run type in cmd then hit ok.
THen type in this chkdsk /r /f then hit enter.
Type in Y at the prompt and then restart the computer.
Let it run through this check and then let me know how it goes.

#21
astaroth189

Posted 08 January 2009 - 08:36 AM

Member

Topic Starter
Member
28 posts

it ran through the process but to no avail. Still does the slow start up. Needless to say I'm fresh out of ideas.

#22
kahdah

Posted 08 January 2009 - 12:41 PM

GeekU Teacher

Retired Staff
15,822 posts

After doing the below cleanup head over to this forum and post a new topic there they will help with that issue:
http://www.geekstogo...2003-NT-f5.html
============
Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 11...allows end-users to run Java applications".
Click the "Download" button to the right.
Select your Platform: "Windows".
Select your Language: "Multi-language".
Read the License Agreement, and then check the box that says: "Accept License Agreement".
Click Continue and the page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.

======================
Delete\uninstall anything else that we have used.

Including this folder C:\Rsit

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingc...143.html#manual
=====================================
After that your log is clean.

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

#23
astaroth189

Posted 14 January 2009 - 06:54 AM

Member

Topic Starter
Member
28 posts

Hey, Appreciate it! Still havent found a solution for the slow deal yet but everything else is still working fine so. Thanks!

#24
kahdah

Posted 14 January 2009 - 07:46 AM

GeekU Teacher

Retired Staff
15,822 posts

Hi try posting in the Xp forum the link is in my previous post.
They should be able to sort it out.

If you don't have any further questions I will close this thread.