Annoying popups

C:\qoobox\quarentine\C\Program Files\Drmupgds\Drmupgds.exe.vir

Can you upload that file here please:

http://www.bleepingcomputer.com/subm...php?channel=20[/QUOTE]

When I got to Drmupgds.exe.vir and click on it it says that I cannot open it and if I want to use the web service to find the appropriate program.

 

Hi,

Don't try running that program --- its malware! lol
It has been renamed so you or I can't accidently run it and infect the computer.

Go to this site:

http://www.bleepingcomputer.com/submit-malware.php?channel=20

Beside the "browse" box paste in this:

C:\qoobox\quarentine\C\Program Files\Drmupgds\Drmupgds.exe.vir

In the comments section paste in the URL from this thread.

Then hit "send "

Site should tell you success.

thanks

 

Sorry it took me so long to get back to you I've been out of the office. But I am going to resume doing everything that you said to do.

 

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-02-22 13:14
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/02/2008
Kaspersky Anti-Virus database records: 575848
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
H:\
Y:\

Scan Statistics:
Total number of scanned objects: 74165
Number of viruses found: 23
Number of infected objects: 70
Number of suspicious objects: 2
Duration of the scan process: 01:10:59

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\137747f71be92f642ba5f49b9a14d0b4_7b71fbce-dff3-42c2-9259-d2367eb8daa9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e328c7fc9493bfb28c6ae52f63904b1a_7b71fbce-dff3-42c2-9259-d2367eb8daa9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f92423a720e72cfdb391c064cf17c481_7b71fbce-dff3-42c2-9259-d2367eb8daa9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-08272007-103131.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\YazzleSudoku.zip/Yazzle1549OinUninstaller.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\YazzleSudoku.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01500000.VBN Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01DC0000.VBN Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\025C0000.VBN Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03780000.VBN Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\reception\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\reception\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\reception\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\reception\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\reception\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\reception\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{90E9E2A5-72D5-4B61-9DB7-7DA39777F7A4} Object is locked skipped
C:\Documents and Settings\reception\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\reception\Local Settings\History\History.IE5\MSHist012008022220080223\index.dat Object is locked skipped
C:\Documents and Settings\reception\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\reception\Local Settings\Temp\~DF12B5.tmp Object is locked skipped
C:\Documents and Settings\reception\Local Settings\Temp\~DF12C2.tmp Object is locked skipped
C:\Documents and Settings\reception\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\reception\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\reception\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\LOG\ERRORLOG Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinAdmin.exe.vir Infected: Trojan.Win32.Scapur.k skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinUninstaller.exe.vir/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinUninstaller.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\Program Files\Drmupgds\Drmupgds.exe.vir Infected: Trojan-Downloader.Win32.Adload.qy skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir Infected: Trojan-Downloader.Win32.Agent.jig skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.vir Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\awmhdvwv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bxepbdgt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fcajpnde.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\himcrumo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nGpxx01\nGpxx011065.exe.vir Infected: Trojan-Downloader.Win32.VB.cge skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xxxntouu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-08_153044.68.zip/hgghfdd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-08_153044.68.zip/jkhfd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-08_153044.68.zip ZIP: infected - 2 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP10\A0000415.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP12\A0001464.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP12\A0001465.0XE Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP12\A0001466.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP12\A0001466.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP12\A0001467.0XE Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP12\A0001468.0XE Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP12\A0001469.0XE Infected: Trojan-Downloader.Win32.Agent.jig skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP12\A0001471.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP12\A0001472.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP12\A0001473.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP12\A0001474.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP12\A0001475.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP12\A0001482.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP12\A0001483.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP16\A0001856.0XE Infected: Trojan-Downloader.Win32.Adload.qy skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP16\A0001858.0XE Infected: Trojan-Downloader.Win32.VB.cge skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP21\A0003500.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP21\A0003501.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP21\A0003503.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP21\A0003504.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP21\A0003505.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000084.0XE Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000085.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000086.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000087.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000088.0LL Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000089.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000090.0XE Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000091.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000092.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP31\change.log Object is locked skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000112.0XE Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000114.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000114.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP6\A0000116.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP6\A0000117.exe/DFv5_6.exe Infected: Trojan-Downloader.Win32.VB.chy skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP6\A0000117.exe/mst455101.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP6\A0000117.exe/mst455101.exe Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP6\A0000117.exe InstallCreator: infected - 3 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP6\A0000117.exe UPX: infected - 3 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP6\A0000118.0XE Infected: Trojan-Downloader.Win32.VB.chy skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP6\A0000119.0XE Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP6\A0000120.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP6\A0000120.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP6\A0000121.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP6\A0000126.0XE Infected: Trojan-Downloader.Win32.Agent.hcn skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP6\A0000137.0XE Infected: Trojan-Downloader.Win32.Agent.hcm skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP6\A0000173.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP9\A0000341.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\CSC\00000002 Object is locked skipped
C:\WINDOWS\CSC\00000003 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\ODiag.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\OSession.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Windows_OneCare_Evt.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_574.dat Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

Hi,

Glad to see you back

Log looks good.
Everything is either in quarentine or system restore.
That we'll clean up shortly.

How is the system running?

Can you post me a fresh hijackthis log please?

Thanks

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24, on 2008-02-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\AOL\1202766964\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mlsstratus.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1202766964\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
O4 - HKUS\S-1-5-21-396450923-1856223948-1690079322-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/sis/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dartcapital.local
O17 - HKLM\Software\..\Telephony: DomainName = dartcapital.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dartcapital.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dartcapital.local
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8311 bytes
-----------------------------------------------------------
Hey B. The computer is still running pretty good. I think I am just going to go ahead and uninstall symantec anitivirus because my boss doesnt have a copy of it and every morning it gives me that message before I sign on and after I sign on.

 

Hi,

Sorry about the delay ..

Symantec still acting up eh?
Yeah -- best uninstall it. We can install a different antivirus if you can't find the install CD for your Symantec.

Once you get it uninstalled -- go for one of these: (all are free)

Avast:
http://www.avast.com/eng/avast_4_home.html
Tutorial:
http://www.bleepingcomputer.com/tutorials/tutorial104.html

AVG:
http://free.grisoft.com/doc/1

AntiVir:
http://www.free-av.com/antivirus/allinonen.html

Pick one of the above> install it> update it> run system scan with it and let it fix what it wants.
Reboot if anything fixed.

-------------------

Cleaning up our battle-tools:

Click start> run> type combofix /u and hit enter.
Follow prompts.
Reboot if told.

This will uninstall combofix, cleans up the files/folders it dropped along with some of the other tools we used and finally resets your system restore.

Let me know how things are running at this point.
AV running OK? Updates and stays resident?

Thanks

 

Hey Blender I did the clean up and my computer is still running really good. I almost dont even want to say it and jinx it. Thank you

 

Hi,

good to hear things are running fair well.
Were you able to get some of those old user accounts removed OK?

 

Hey,
About those user names when I go to Control Panel then User Accounts I dont see those user names. All I see is Administrator, Aspnet, and Reception.