winupgro.exe Winword.exe auto-start

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

winupgro.exe Winword.exe auto-start, Then my Symantec Antivirus is blocked.

Options

happynut View Member Profile	Dec 25 2008, 04:54 PM Post #1
New Member Group: Members Posts: 1 Joined: 25-December 08 Member No.: 273,947	A couple days ago, I downloaded some software online. Now I realize the auto-protection of my Symantec is blocked, i.e., I cannot see the icon in the task tray. In the task manager process list, winupgro.exe and winword.exe takes a lot of CPU usage. But I never auto-start winword.exe. I end these two processes and search for winupgro.exe in my C: drive. I find in "C:\Documents and Settings\wangxian1\Application Data\drivers", there are 3 items-winupgro.exe, srosa2.sys, and a folder called downld. further, in folder downld, there are many .exe files. The following is my Hijackthis result. Thank you very much for your help. DDS (Version 1.1.0) - NTFSx86 Run by wangxian1 at 13:34:25.18 on Thu 12/25/2008 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.5.0_14 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.412 [GMT -8:00] AV: Symantec AntiVirus Corporate Edition On-access scanning enabled (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe F:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\Explorer.EXE E:\Program Files\LogMeIn\x86\RaMaint.exe E:\Program Files\LogMeIn\x86\LogMeIn.exe E:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Symantec\Ghost\ngserver.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\Lexmark 2300 Series\lxcgmon.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Lexmark 2300 Series\ezprint.exe F:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe C:\JWPack\ScreenMark.exe C:\WINDOWS\System32\svchost.exe -k imgsvc E:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\WINDOWS\system32\Pen_Tablet.exe E:\Acrobat\Acrobat\Acrotray.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\WINDOWS\system32\Wacom_Tablet.exe E:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Messenger\msmsgs.exe F:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\Symantec\Ghost\bin\dbserv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\lxcgcoms.exe C:\Program Files\Symantec\Ghost\bin\rteng7.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\notepad.exe C:\Documents and Settings\wangxian1\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = www.zhidao.la mDefault_Page_URL = www.zhidao.la mStart Page = www.zhidao.la uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = localhost uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://ie.search.msn.com mCustomizeSearch = hxxp://ie.search.msn.com BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - e:\program files\flashget\jccatch.dll BHO: Microsoft Web Test Recorder Helper: {62355041-605d-4469-84fd-5d66ed67a7e3} - e:\program files\common7 \ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_14\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - e:\acrobat\acrobat\AcroIEFavClient.dll BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - e:\program files\flashget\getflash.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - e:\acrobat\acrobat\AcroIEFavClient.dll TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File TB: {89FDCC4B-8D91-49B0-81A6-18BCFF582735} - No File uRun: [PPS Accelerator] c:\program files\ppstream\ppsap.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [DAEMON Tools Lite] "f:\program files\daemon tools lite\daemon.exe" -autorun uRun: [Universal Installer] "c:\program files\comcastui\universal installer\uinstaller.exe" /fromrun /starthidden uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [drvsyskit] c:\documents and settings\wangxian1\application data\drivers\winupgro.exe mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16 mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_14\bin\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe mRun: [lxcgmon.exe] "c:\program files\lexmark 2300 series\lxcgmon.exe" mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s mRun: [EzPrint] "c:\program files\lexmark 2300 series\ezprint.exe" mRun: [Adobe Photo Downloader] "f:\program files\adobe\photoshop elements 6.0\apdproxy.exe" mRun: [SMKRun] c:\jwpack\ScreenMark.exe -i mRun: [JWOSetup] JWOSetup.exe -en mRun: [LogMeIn GUI] "e:\program files\logmein\x86\LogMeInSystray.exe" mRun: [RegistryMechanic] mRun: [vptray] c:\progra~1\symant~1\\vptray.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [<NO NAME>] mRun: [Acrobat Assistant 8.0] "e:\acrobat\acrobat\Acrotray.exe" mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [NGServer] c:\program files\symantec\ghost\ngserver.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [Alcmtr] ALCMTR.EXE mRun: [AlcWzrd] ALCWZRD.EXE mRun: [SoundMan] SOUNDMAN.EXE mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\KEM.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{14fcfe7c-ab86-428a -9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE mPolicies-system: EnableLUA = 0 (0x0) IE: &Access Internet Keyword - c:\program files\ocins\cnrbtn.html IE: &Download All with FlashGet - e:\program files\flashget\jc_all.htm IE: &Download with FlashGet - e:\program files\flashget\jc_link.htm IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: Append to existing PDF - e:\acrobat\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: Convert link target to Adobe PDF - e:\acrobat\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - e:\acrobat\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - e:\acrobat\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - e:\acrobat\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - e:\acrobat\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - e:\acrobat\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - e:\acrobat\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: ??-??MP3 - c:\program files\baidu\bar\BaiduBar.DLL/BAIDUMP3.HTM IE: ??-???? - c:\program files\baidu\bar\BaiduBar.DLL/BAIDUIMG.HTM IE: ??-???? - c:\program files\baidu\bar\BaiduBar.DLL/BAIDUNEWS.HTM IE: ??-???? - c:\program files\baidu\bar\BaiduBar.DLL/BAIDULYRIC.HTM IE: ??-???? - c:\program files\baidu\bar\BaiduBar.DLL/BAIDUSEARCH.HTM IE: ??-???? - c:\program files\baidu\bar\BaiduBar.DLL/BAIDUPOST.HTM IE: ??-???? - c:\program files\baidu\bar\BaiduBar.DLL/BAIDU_DIC.HTM IE: ?????? - c:\program files\cnnic\cdn\cnnic.htm IE: ????? PDF IE: ???????? Adobe PDF IE: ?????????? PDF IE: ????? Adobe PDF IE: ??????? PDF IE: ??????? Adobe PDF IE: ????????? PDF IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\program files\flashget\FlashGet.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_14\bin\ssv.dll Notify: igfxcui - igfxsrvc.dll Notify: LMIinit - LMIinit.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - f:\program files\qualcomm\eudora\EuShlExt.dll ============= SERVICES / DRIVERS =============== R1 SAVRT;SAVRT;\??\c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592] R1 SAVRTPEL;SAVRTPEL;\??\c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968] R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;f:\program files\adobe\photoshop elements 6.0 \PhotoshopElementsFileAgent.exe [2007-9-11 124832] R2 LMIInfo;LogMeIn Kernel Information Provider;\??\e:\program files\logmein\x86\RaInfo.sys [2008-2-28 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2008-7-11 47640] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-17 3032360] R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2008-12-22 1373480] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-5 99376] R3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20081219.005\naveng.sys [2008-12-19 89104] R3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20081219.005\navex15.sys [2008-12-19 876112] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-12-17 15144] S1 sK9Ou0s;sK9Ou0s;\??\c:\documents and settings\wangxian1\application data\drivers\srosa2.sys [2008-12-25 7168] S1 srosa;srosa;\??\c:\documents and settings\wangxian1\application data\drivers\srosa.sys [] S2 aawservice;Lavasoft Ad-Aware Service;"f:\program files\lavasoft\ad-aware\aawservice.exe" [2008-6-2 611664] S2 MATLAB License Server;MATLAB License Server;"c:\matlab7\flexlm\lmgrd.exe" [2005-10-20 659456] S2 Symantec AntiVirus;Symantec AntiVirus;"c:\program files\symantec antivirus\Rtvscan.exe" [2007-3-14 1816768] S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\NSDriver.sys [2008-4-29 15648] S3 SavRoam;SAVRoam;"c:\program files\symantec antivirus\SavRoam.exe" [2007-3-14 116416] S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys [2005-1-26 280344] S3 VSPerfDrv;Performance Tools Driver;\??\e:\program files\team tools\performance tools\VSPerfDrv.sys [2006-12-2 48128] S4 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccEvtMgr.exe" [2006-11-21 192104] S4 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccSetMgr.exe" [2006-11-21 169576] S4 LMIRfsClientNP;LMIRfsClientNP; [] S4 msvsmon80;Visual Studio 2005 Remote Debugger;"e:\program files\common7\ide\remote debugger\x86\msvsmon.exe" /service msvsmon80 [2006-12-2 2805000] ============== File Associations =============== txtfile="c:\program files\jgsoft\editpadpro6\EditPadPro.exe" "%1" =============== Created Last 30 ================ 2008-12-25 12:49 <DIR> --d----- c:\program files\Trend Micro 2008-12-25 12:37 54,156 a---h--- c:\windows\QTFont.qfn 2008-12-25 12:37 1,409 a------- c:\windows\QTFont.for 2008-12-24 19:46 <DIR> --d-h--- c:\windows\PIF 2008-12-24 16:57 <DIR> --d----- c:\program files\AskBarDis 2008-12-24 16:56 <DIR> --d----- c:\docume~1\wangxi~1\applic~1\Foxit 2008-12-24 15:52 <DIR> --d-h--- c:\docume~1\wangxi~1\applic~1\drivers 2008-12-23 00:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\espionServerData 2008-12-23 00:21 <DIR> --d----- c:\windows\MSSecurityNS 2008-12-23 00:21 <DIR> --d----- c:\windows\MSSecurityNi 2008-12-23 00:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Corel 2008-12-22 20:34 1,910,035 -------- c:\windows\system32\WacomTablet.znc 2008-12-22 20:34 3,499,304 -------- c:\windows\system32\WacomTablet.cpl 2008-12-22 20:33 128,296 -------- c:\windows\system32\Wacom_Tablet.dll 2008-12-22 20:33 1,373,480 -------- c:\windows\system32\Wacom_Tablet.exe 2008-12-21 12:07 157,696 a------- c:\windows\system32\stikynot.exe 2008-12-21 12:06 <DIR> --d----- c:\program files\Windows Journal 2008-12-21 11:49 94,208 a------- c:\windows\system32\tabbtn.dll 2008-12-21 11:29 51,712 a------- c:\windows\system32\tabcal.exe 2008-12-20 22:48 1,690,112 a------- c:\windows\system32\inkball.exe 2008-12-20 22:34 34,304 a------- c:\windows\system32\tabsrv.dll 2008-12-20 22:34 6,144 a------- c:\windows\system32\softkbd.exe 2008-12-20 22:34 2,560 a------- c:\windows\system32\PipRes.dll 2008-12-20 22:34 207,360 a------- c:\windows\system32\InkEd.dll 2008-12-20 22:34 141,312 a------- c:\windows\system32\TipRes.dll 2008-12-20 22:34 293,376 a------- c:\windows\system32\wisptis.exe 2008-12-20 22:34 30,208 a------- c:\windows\system32\tpgwlnot.dll 2008-12-20 20:41 12,730 a------- C:\EXCEPTION_LOG.DOC 2008-12-17 23:42 492 a------- c:\windows\JustWrite.INI 2008-12-17 23:40 891 a------- c:\windows\ScreenMark.INI 2008-12-17 23:39 <DIR> --d----- c:\program files\Wintone 2008-12-17 23:36 <DIR> --d----- c:\docume~1\wangxi~1\applic~1\JustWrite Office 2008-12-17 23:36 2,076,672 a------- c:\windows\system32\CommandBars1030vc60.dll 2008-12-17 23:36 69,632 a------- c:\windows\system32\JWPath.dll 2008-12-17 23:36 184,320 a------- c:\windows\system32\JustWrite.dll 2008-12-17 23:35 168,448 a------- c:\windows\JwPackP2.ppa 2008-12-17 23:35 117,248 a------- c:\windows\JwPackP1.ppa 2008-12-17 23:35 43,016 a------- c:\windows\JwPackP.ppam 2008-12-17 23:35 90,112 a------- c:\windows\JWOSetup.exe 2008-12-17 22:01 <DIR> --d----- c:\docume~1\wangxi~1\applic~1\WTablet 2008-12-17 22:00 1,532,082 -------- c:\windows\system32\PenTablet.znc 2008-12-17 22:00 3,708,200 -------- c:\windows\system32\PenTablet.cpl 2008-12-17 22:00 11,440 a------- c:\windows\system32\drivers\WacomVKHid.sys 2008-12-17 22:00 12,848 a------- c:\windows\system32\drivers\wacomvhid.sys 2008-12-17 22:00 11,312 a------- c:\windows\system32\drivers\wacommousefilter.sys 2008-12-17 22:00 15,144 a------- c:\windows\system32\drivers\wacmoumonitor.sys 2008-12-17 22:00 <DIR> --d----- c:\windows\system32\WTablet 2008-12-17 22:00 181,544 -------- c:\windows\system32\Wintab32.dll 2008-12-17 22:00 128,296 -------- c:\windows\system32\Pen_Tablet.dll 2008-12-17 22:00 3,032,360 -------- c:\windows\system32\Pen_Tablet.exe 2008-12-17 21:59 <DIR> --d----- c:\program files\Tablet 2008-12-17 21:55 36,864 a------- c:\windows\system32\TaskKeyHook.dll 2008-12-17 21:55 25,088 a------- c:\windows\system32\Wintab10.ocx 2008-12-17 21:55 <DIR> --d----- C:\JWPack 2008-12-16 20:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Rosetta Stone 2008-12-15 20:55 <DIR> --d----- c:\docume~1\wangxi~1\applic~1\DAEMON Tools Pro 2008-12-15 20:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite 2008-12-15 20:46 717,296 a------- c:\windows\system32\drivers\sptd.sys 2008-12-15 20:46 <DIR> --d----- c:\docume~1\wangxi~1\applic~1\DAEMON Tools Lite 2008-12-15 20:37 86,016 a------- c:\windows\unvise32qt.exe 2008-12-15 20:36 <DIR> --d----- c:\windows\system32\QuickTime 2008-12-10 10:48 <DIR> --d----- c:\docume~1\wangxi~1\applic~1\GrabPro ==================== Find3M ==================== 2008-12-23 00:10 9,464 -------- c:\windows\system32\drivers\cdralw2k.sys 2008-12-23 00:10 9,336 -------- c:\windows\system32\drivers\cdr4_xp.sys 2008-12-23 00:10 129,784 -------- c:\windows\system32\pxafs.dll 2008-12-23 00:10 116,472 -------- c:\windows\system32\pxcpyi64.exe 2008-12-23 00:10 118,520 -------- c:\windows\system32\pxinsi64.exe 2008-12-23 00:10 43,528 -------- c:\windows\system32\drivers\PxHelp20.sys 2008-10-23 23:27 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2008-10-23 04:36 286,720 a------- c:\windows\system32\gdi32.dll 2008-10-17 09:47 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll 2008-10-17 09:47 87,352 a------- c:\windows\system32\LMIinit.dll 2008-10-17 09:47 28,984 a------- c:\windows\system32\LMIport.dll 2008-10-17 09:47 23,736 a------- c:\windows\system32\lmimirr.dll 2008-10-17 09:47 10,040 a------- c:\windows\system32\lmimirr2.dll 2008-10-16 12:38 826,368 a------- c:\windows\system32\wininet.dll 2008-10-03 02:02 247,326 a------- c:\windows\system32\strmdll.dll 2008-06-24 12:12 16,384 a--sh--- c:\windows\temp\cookies\index.dat 2008-06-24 12:12 32,768 a--sh--- c:\windows\temp\history\history.ie5\index.dat 2008-06-24 12:12 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 13:35:05.10 =============== Attached File(s) Attach.txt ( 10.96k ) Number of downloads: 0

Thunder View Member Profile	Dec 30 2008, 09:39 AM Post #2
Forum Addict Group: HJT Team Posts: 3,294 Joined: 12-December 05 From: Belgium Member No.: 44,294	Hello Happynut and welcome to BleepingComputer, 1. * Clean your Cache and Cookies in IE: Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tab Under Browsing History, click Delete. Click Delete Files, Delete cookies and Delete history Click Close below. * Clean your Cache and Cookies in Firefox (In case you also have Firefox installed): Go to Tools > Options. Click Privacy in the menu.. Click the Clear now button below.. A new window will popup what to clear. Select all and click the Clear button again. Click OK to close the Options window * Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked. Press OK to remove them. 2. Please download Malwarebytes' Anti-Malware from Here or Here Doubleclick mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply along with a fresh HijackThis log. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. 3. Please download ComboFix from one of the locations below, and save it to your Desktop. Link Link Link Double click the ComboFix icon to run it. If ComboFix askes you to install the Recovery Console, please do so.. The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. Once the Recovery Console is installed, continue with the malware scan. Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze. Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !! Greetings, Thunder -------------------- Whatever happens, make believe it was intended to ... ----------------------------------------------------------------------- - If I have helped you in any way, please consider a donation to help me continue the fight against malware. ----------------------------------------------------------------------- Stand Up & Be Counted --> <-- And make a difference

Thunder View Member Profile	Jan 22 2009, 05:22 AM Post #3
Forum Addict Group: HJT Team Posts: 3,294 Joined: 12-December 05 From: Belgium Member No.: 44,294	Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed. If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic. -------------------- Whatever happens, make believe it was intended to ... ----------------------------------------------------------------------- - If I have helped you in any way, please consider a donation to help me continue the fight against malware. ----------------------------------------------------------------------- Stand Up & Be Counted --> <-- And make a difference

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 8th November 2009 - 06:11 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides