Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winupgro infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 andreasro

andreasro

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 22 June 2011 - 02:12 AM

Hi,

I had Winupgro.exe in two locations:

C:/Documents and settings/..../drivers
and
D:/StrongDC/Downloads

Combofix, as you'll see in the log file, has deleted the exe from C, but it remained in D and I deleted it myself after Combofix has finished the job. It's clean now, isn't it?





Log file:

ComboFix 11-06-21.06 - daoresearch 22.06.2011 9:42.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.40.1033.18.503.184 [GMT 3:00]
Running from: c:\documents and settings\daoresearch\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\daoresearch\Application Data\drivers\downld
c:\documents and settings\daoresearch\Application Data\drivers\downld\1363015.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1364890.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1365812.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1368859.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1372312.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1373406.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1399015.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1399390.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1399578.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1403171.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1406453.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1406921.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1407500.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1407906.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1408234.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1408906.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1409593.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1411171.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1412531.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1412984.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1413765.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1415718.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1417312.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1417937.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1420562.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1422031.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1422812.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1423218.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1423687.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1424671.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1425656.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1427484.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1428828.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1429312.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1429796.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1430406.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1431140.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1431781.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1432656.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1432953.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1433437.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1433703.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1434031.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1435203.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1436046.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1436718.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1437296.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1438156.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1439093.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1439281.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1439828.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1440187.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1440765.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1441406.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1442500.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1442968.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1443375.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1444265.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1445343.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1446109.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1449687.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1450234.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1450515.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1450890.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1451171.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1451468.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1452265.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1452890.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1453234.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1455328.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1457015.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1459984.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1462734.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1462968.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1463375.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1463687.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1464062.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1464531.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1464968.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1465484.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1466234.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1466968.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1467406.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1467796.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1468171.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1468531.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1468781.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1469046.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1469343.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1469671.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1470062.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1470406.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1470796.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1471156.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1471421.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1471546.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1471718.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1472015.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1472281.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1472703.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1473171.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1473312.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1515453.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1515609.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1515875.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1516109.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1516359.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1516468.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1516640.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1516859.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1517203.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1517843.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1518343.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1519062.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1519671.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1519906.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1520062.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1520390.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1520765.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1521203.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1521593.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1521953.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1522375.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1523031.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1523718.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1523906.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1524203.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1524343.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1554578.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1554812.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1555218.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1555796.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1556703.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1556984.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1557296.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1557765.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1558484.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1559031.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1559609.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1560703.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1561718.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1561828.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1561984.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1562406.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1562718.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1564984.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1567218.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1567593.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1568015.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1568359.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1568781.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1568921.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1569125.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1569265.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1569453.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1569593.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1569781.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1570218.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1570718.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1571250.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1571843.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1572031.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1572281.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1572968.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1573328.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1573453.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1573640.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1574000.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1574453.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1574562.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1574750.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1575015.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1575234.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1575390.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1575546.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1576093.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1576671.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1577312.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1577859.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1578250.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1578593.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1578765.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1578953.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1579062.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1579250.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1580093.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1580921.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1581031.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1581203.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1581390.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1581656.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1581921.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1582265.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1582484.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1582687.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1583062.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1583484.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1583593.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1583750.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1587078.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1589671.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1589859.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1590093.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1590203.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1590390.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1590625.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1590937.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1592046.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1593234.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1593421.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1593781.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1595078.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1596421.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1596796.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1598375.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1598671.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1599015.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1599406.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1600015.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1600984.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1601953.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1603484.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1605140.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1605296.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1605656.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1606125.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1606656.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1607171.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1607765.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1607953.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1608203.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1608343.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1608515.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1609234.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1609781.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1610203.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1610656.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1611234.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1611828.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1611968.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1612171.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1612500.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1612890.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1613484.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1613781.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1614140.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1614500.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1615312.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1616140.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1616609.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1617109.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1617203.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1617343.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1617375.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1617453.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1617609.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1617828.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1618250.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1618562.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1619609.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1620703.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1626296.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1628703.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1629062.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1629234.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1629359.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1629515.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1629734.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1630031.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1630515.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1631031.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1631375.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1631781.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1632031.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1632359.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1632484.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1632656.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1632781.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1633031.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1633281.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1633578.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1633750.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1633984.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1634125.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1634312.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1634406.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1634562.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1634937.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1635140.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1635531.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1635984.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1636156.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1678296.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1678453.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1678640.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1678828.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1679046.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1679250.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1679390.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1679562.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1679781.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1680203.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1680656.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1681203.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1681781.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1681906.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1682046.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1682359.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1682734.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1683062.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1683421.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1683781.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1684203.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1684828.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1685484.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1685687.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1685937.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1686078.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1716296.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1716578.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1716890.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1717421.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1718031.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1718406.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1718718.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1718828.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1718984.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1719515.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1720093.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1721093.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1722781.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1722906.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1723062.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1723359.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1725265.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1727500.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1729671.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1730453.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1730890.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1731234.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1731625.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1731765.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1731953.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1732093.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1732312.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1732468.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1732671.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1733093.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1733531.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1734078.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1734671.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1734843.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1735109.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1735421.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1735796.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1735921.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1736093.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1736437.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1736875.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1736984.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1737156.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1737328.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1737609.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1737750.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1737937.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1738531.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1739093.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1739578.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1740109.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1740453.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1741015.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1741140.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1741390.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1741515.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1741687.exe
c:\documents and settings\daoresearch\Application Data\drivers\downld\1742484.exe
c:\documents and settings\daoresearch\Application Data\drivers\winupgro.exe
c:\documents and settings\daoresearch\My Documents\Readiris.DUS
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\srosa2.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-05-22 to 2011-06-22 )))))))))))))))))))))))))))))))
.
.
2011-06-22 05:43 . 2011-06-22 05:43 -------- d-----w- c:\documents and settings\daoresearch\Application Data\GrabPro
2011-06-22 05:09 . 2011-06-22 06:55 -------- d--h--w- c:\documents and settings\daoresearch\Application Data\drivers
2011-06-22 05:04 . 2011-06-22 05:04 -------- d-----w- C:\Output Files
2011-06-22 04:59 . 2001-10-28 22:42 116224 ----a-w- c:\windows\system32\pdfmonnt.dll
2011-06-22 04:59 . 2011-06-22 04:59 -------- d-----w- c:\windows\system32\pdfconverter
2011-06-22 04:58 . 2011-06-22 04:58 -------- d-----w- c:\windows\system32\psconv
2011-06-22 04:58 . 2011-06-22 04:58 -------- d-----w- c:\program files\psconvert
2011-05-27 04:58 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:10 . 2010-09-19 10:02 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-09-19 10:02 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2010-09-19 10:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-09-19 10:03 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2010-09-19 10:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2010-09-19 10:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2010-09-19 10:03 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-09-19 10:02 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2010-09-19 10:03 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-02 15:31 . 2010-08-19 13:16 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2009-11-05 12:53 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:09 . 2009-12-08 17:07 919552 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:09 . 2009-12-08 17:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 16:09 . 2009-11-05 12:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 11:36 . 2009-11-05 12:53 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 11:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-05-06 06:59 . 2011-05-06 06:59 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-11-05 . 600D58665D16BFBB776EFEFB0E80532D . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-01 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"SigmatelSysTrayApp"="stsystra.exe" [2005-08-24 393216]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 729178]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"IE8"="advpack.dll" [2009-11-05 128512]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Kituri\\sdc230\\StrongDC.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.08.2010 18:10 717296]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27.05.2011 07:58 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19.09.2010 13:03 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.09.2010 13:03 19544]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport în Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{5F38C378-0FF0-46AF-B199-448B3E5A07FE}: NameServer = 82.76.253.115 82.76.253.125
FF - ProfilePath - c:\documents and settings\daoresearch\Application Data\Mozilla\Firefox\Profiles\j3v3qned.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-22 09:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-220523388-879983540-1177238915-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(684)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2011-06-22 10:05:51
ComboFix-quarantined-files.txt 2011-06-22 07:05
.
Pre-Run: 1.204.281.344 bytes free
Post-Run: 1.392.168.960 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - BACCEF0F01E246C38956D075AFC4C47C

Edited by andreasro, 22 June 2011 - 02:14 AM.


BC AdBot (Login to Remove)

 


#2 andreasro

andreasro
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 22 June 2011 - 02:49 AM

Avast Antivirus is working without problems now, so I think it's a sign the infection is gone, thanks to Combofix designers.:thumbsup: (When infected, if Avast tried to scan something the computer would restart.)

Edited by andreasro, 22 June 2011 - 02:49 AM.


#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:30 PM

Posted 27 June 2011 - 04:42 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users