winupgro.exe help

Computing.Net > Forums > Security and Virus > winupgro.exe help

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

winupgro.exe help

Name: DakotaJune
Date: December 25, 2008 at 01:41:07 Pacific
OS: Windows XP
CPU/Ram: Celeron 2.53GHZ
Product: Dell / DIMENSION 1100

Comment:

Hi everyone, I recently got infected with the winupgro.exe like some others on this forum. I followed the steps in this thread: http://www.computing.net/answers/se...
to run combofix. I obtained the following log file:
ComboFix 08-12-24.01 - Administrator 2008-12-25 4:08:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.338 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\tool.exe
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Application Data\drivers\downld
c:\documents and settings\Administrator\Application Data\drivers\downld\126218.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\171781.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\172187.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\172203.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\174250.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\176171.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\176265.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\183640.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\184671.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\185109.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\185671.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\185984.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\186250.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\186703.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\214921.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\215828.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\216500.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\246796.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\361765.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\362140.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\362203.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\380593.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\381437.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\381812.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\382406.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\382984.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\383453.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\414484.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\416406.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\416750.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\426437.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\427546.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\428031.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\453250.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\470328.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\472093.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\472546.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\52718.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\54031.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\54062.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\62921.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\92781.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\93968.exe
c:\documents and settings\Administrator\Application Data\drivers\downld\94312.exe
c:\documents and settings\Administrator\Application Data\drivers\srosa.sys
c:\documents and settings\Administrator\Application Data\drivers\srosa2.sys
c:\documents and settings\Administrator\Application Data\drivers\winupgro.exe
c:\documents and settings\Administrator\Application Data\m
c:\documents and settings\Administrator\Application Data\m\data.oct
c:\documents and settings\Administrator\Application Data\m\flec006.exe
c:\documents and settings\Administrator\Application Data\m\list.oct
c:\documents and settings\Administrator\Application Data\m\shared\Advantage Web Log Analyzer 5.0.5b.zip
c:\documents and settings\Administrator\Application Data\m\shared\Agogo Video To Zune Converter 7.36.zip
c:\documents and settings\Administrator\Application Data\m\shared\Andrew's Plugins Volume 17 'GXEdged' 17.0.5.zip
c:\documents and settings\Administrator\Application Data\m\shared\Annivrem Anniversary Reminder 1.2.0.0.zip
c:\documents and settings\Administrator\Application Data\m\shared\Avast.Professional.v4.6.731.zip
c:\documents and settings\Administrator\Application Data\m\shared\Bandwidth Graph 1.0.zip
c:\documents and settings\Administrator\Application Data\m\shared\BassBang 1.1.zip
c:\documents and settings\Administrator\Application Data\m\shared\Child Guard 1.65.zip
c:\documents and settings\Administrator\Application Data\m\shared\Clipper 1.5.zip
c:\documents and settings\Administrator\Application Data\m\shared\csson Nokia s60 n6600 (t610 v600))(1).zip
c:\documents and settings\Administrator\Application Data\m\shared\DOVICO Timesheet 9.0.zip
c:\documents and settings\Administrator\Application Data\m\shared\Easy Chart Designer 1.0.zip
c:\documents and settings\Administrator\Application Data\m\shared\Fast Track Room Booking 2.1.zip
c:\documents and settings\Administrator\Application Data\m\shared\FathUpload 1.3.zip
c:\documents and settings\Administrator\Application Data\m\shared\FusionCharts Free -.zip
c:\documents and settings\Administrator\Application Data\m\shared\GMail Bookmark 1.0.2105.28462.zip
c:\documents and settings\Administrator\Application Data\m\shared\GoldScrap 1.0.zip
c:\documents and settings\Administrator\Application Data\m\shared\Google Sidebar 2.0.czip
c:\documents and settings\Administrator\Application Data\m\shared\Google Sidebar 2.0.zip
c:\documents and settings\Administrator\Application Data\m\shared\IE-WHUB 1.1.2.22.zip
c:\documents and settings\Administrator\Application Data\m\shared\Image Processing Plugin 1.0.zip
c:\documents and settings\Administrator\Application Data\m\shared\ManageEngine Security Manager Plus 5.zip
c:\documents and settings\Administrator\Application Data\m\shared\MP Palette 1.0.zip
c:\documents and settings\Administrator\Application Data\m\shared\NOD32.v2.50.25.Crack_a.tester.apres.FIX.si.marche.pas.zip
c:\documents and settings\Administrator\Application Data\m\shared\Old style clock 1.0.zip
c:\documents and settings\Administrator\Application Data\m\shared\Panda Antivirus Titanium 2006 - Crack - Serial.zip
c:\documents and settings\Administrator\Application Data\m\shared\PDF Image Extractor 1.1.0.zip
c:\documents and settings\Administrator\Application Data\m\shared\Plot2PDF 1.4.zip
c:\documents and settings\Administrator\Application Data\m\shared\Plugin Galaxy 2.0.zip
c:\documents and settings\Administrator\Application Data\m\shared\PrecisionID Code 39 Fonts 2.1.zip
c:\documents and settings\Administrator\Application Data\m\shared\PSPad 4.5.4 Build 2335 Beta.zip
c:\documents and settings\Administrator\Application Data\m\shared\QuickTime Alternative 2.7.0.zip
c:\documents and settings\Administrator\Application Data\m\shared\Radio Caroline Yahoo Widget 2.0.zip
c:\documents and settings\Administrator\Application Data\m\shared\Red Nightmare 1.0.zip
c:\documents and settings\Administrator\Application Data\m\shared\Rules of engagement 1.0.zip
c:\documents and settings\Administrator\Application Data\m\shared\Sage 1.3.10.zip
c:\documents and settings\Administrator\Application Data\m\shared\SBridge 1.25.zip
c:\documents and settings\Administrator\Application Data\m\shared\Shopping.com (UK) Compact Search 1.1.zip
c:\documents and settings\Administrator\Application Data\m\shared\Symantec.Web.Security.v3.0.Retail-SHOCK.ShareReactor.zip
c:\documents and settings\Administrator\Application Data\m\shared\TaskSwitcher 1.06.zip
c:\documents and settings\Administrator\Application Data\m\shared\Tweak-O-Matic 1.4.0.0.zip
c:\documents and settings\Administrator\Application Data\m\shared\TyphoonInstaller 1.0.zip
c:\documents and settings\Administrator\Application Data\m\shared\UnZip Me 2.0.zip
c:\documents and settings\Administrator\Application Data\m\shared\Vigorous Enterprise Messenger 5.0.zip
c:\documents and settings\Administrator\Application Data\m\shared\Wave Wash and Polish 1.1.2.zip
c:\documents and settings\Administrator\Application Data\m\shared\Web Builder Deluxe 3.0.zip
c:\documents and settings\Administrator\Application Data\m\shared\Whale Screensaver.zip
c:\documents and settings\Administrator\Application Data\m\shared\Xilisoft ISO Burner 1.0.52.1114.zip
c:\documents and settings\Administrator\Application Data\m\srvlist.oct
c:\program files\DAEMON Tools Lite\daemon.exe
c:\windows\system32\ban_list.txt
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SROSA
-------\Legacy_SROSA

((((((((((((((((((((((((( Files Created from 2008-11-25 to 2008-12-25 )))))))))))))))))))))))))))))))
.
2008-12-25 02:01 . 2008-12-25 04:09 <DIR> d--h----- c:\documents and settings\Administrator\Application Data\drivers
2008-12-25 02:01 . 2008-12-25 02:01 <DIR> d-------- C:\Copistar
2008-12-24 16:53 . 2008-12-24 16:53 <DIR> d-------- c:\temp\Crime and Investigation Network
2008-12-23 16:24 . 2008-12-24 03:41 <DIR> d-------- c:\temp\Cloverfield.DVDR-Replica
2008-12-23 02:35 . 2008-12-23 10:40 <DIR> d-------- c:\temp\Man.On.Wire.2008.NTSC.DVDR-VoMiT
2008-12-23 00:19 . 2008-12-23 00:29 <DIR> d-------- c:\temp\Replay Media Catcher v3.0.1
2008-12-22 23:55 . 2008-12-23 00:29 237,568 --a------ c:\windows\system32\rmc_rtspdl.dll
2008-12-22 23:55 . 2008-12-23 00:29 156,672 --a------ c:\windows\system32\rmc_fixasf.exe
2008-12-22 23:54 . 2008-12-22 23:54 <DIR> d-------- c:\windows\Replay Media Catcher
2008-12-22 23:54 . 2008-12-23 00:29 323,584 --a------ c:\windows\system32\AUDIOGENIE2.DLL
2008-12-22 23:53 . 2008-12-23 08:12 <DIR> d-------- c:\program files\Replay Media Catcher
2008-12-22 23:50 . 2008-12-22 23:53 <DIR> d-------- c:\temp\Replay_Media_Catcher_v3.01-DIGERATI
2008-12-22 17:13 . 2008-12-22 17:14 <DIR> d-------- c:\temp\Jimmy.Kimmel.2008.12.10.Brian.Austin.Green.PDTV.XViD-YesTV
2008-12-22 17:13 . 2008-12-22 17:13 <DIR> d-------- c:\temp\Jimmy.Kimmel.2008.12.09.Molly.Shannon.PDTV.XViD-YesTV
2008-12-22 17:13 . 2008-12-22 17:13 <DIR> d-------- c:\temp\Jimmy.Kimmel.2008.11.26.Reese.Witherspoon.PDTV.XViD-YesTV
2008-12-22 15:03 . 2008-12-22 15:04 <DIR> d-------- c:\temp\NBA.2008.12.17.Wizards.vs.Pistons.PDTV.XviD-T0nK4
2008-12-22 12:56 . 2008-04-13 22:39 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2008-12-21 23:58 . 2008-12-22 02:31 <DIR> d-------- C:\Nandub
2008-12-21 15:00 . 2008-12-21 15:00 <DIR> d---s---- c:\documents and settings\Administrator\UserData
2008-12-21 12:33 . 2008-12-22 23:17 69 --a------ c:\windows\NeroDigital.ini
2008-12-20 18:19 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2008-12-20 18:19 . 2001-08-17 22:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2008-12-20 18:19 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2008-12-20 18:19 . 2001-08-17 22:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2008-12-20 18:19 . 2008-04-14 05:39 6,144 --a------ c:\windows\system32\kbd106.dll
2008-12-20 18:19 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2008-12-20 18:19 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2008-12-20 18:19 . 2008-04-14 05:39 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2008-12-20 18:19 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2008-12-20 18:19 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2008-12-20 18:19 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll
2008-12-20 18:19 . 2001-08-17 14:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll
2008-12-20 18:08 . 2008-12-20 18:08 <DIR> d-------- c:\program files\Southwest Airlines
2008-12-20 18:08 . 2008-12-20 18:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Southwest Airlines
2008-12-20 18:07 . 2008-12-20 18:07 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-20 15:27 . 2008-12-20 15:27 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Nero
2008-12-20 15:26 . 2008-12-20 15:27 <DIR> d-------- c:\program files\Nero
2008-12-20 15:26 . 2008-12-20 15:26 <DIR> d-------- c:\program files\Common Files\Nero
2008-12-20 15:26 . 2008-12-20 15:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2008-12-20 15:26 . 2006-03-17 11:45 1,757,184 --a------ c:\windows\system32\imagX7.dll
2008-12-20 15:26 . 2006-03-17 11:45 802,816 --a------ c:\windows\system32\imagXRA7.dll
2008-12-20 15:26 . 2006-03-17 11:45 497,296 --a------ c:\windows\system32\imagXpr7.dll
2008-12-20 15:26 . 2006-03-17 14:49 368,640 --a------ c:\windows\system32\TwnLib4.dll
2008-12-20 15:26 . 2006-03-17 11:45 258,048 --a------ c:\windows\system32\imagXR7.dll
2008-12-20 13:40 . 2007-04-09 06:23 28,040 --a------ c:\windows\system32\mdimon.dll
2008-12-20 13:38 . 2008-12-20 13:38 <DIR> d-------- c:\program files\Microsoft ActiveSync
2008-12-20 13:37 . 2008-12-20 13:38 <DIR> d-------- c:\windows\SHELLNEW
2008-12-20 13:12 . 2008-12-24 16:53 <DIR> d-------- C:\TEMP
2008-12-20 00:56 . 2008-12-20 13:40 520 --a------ c:\windows\ODBC.INI
2008-12-20 00:55 . 2008-12-20 00:55 <DIR> d-------- c:\windows\system32\js
2008-12-20 00:55 . 2008-12-20 00:55 <DIR> d-------- c:\windows\system32\images
2008-12-20 00:55 . 2008-12-20 00:55 <DIR> d-------- c:\windows\system32\html
2008-12-20 00:55 . 2008-12-20 00:55 <DIR> d-------- c:\windows\system32\css
2008-12-20 00:55 . 2008-12-20 00:55 <DIR> d-------- c:\program files\Business Objects
2008-12-20 00:49 . 2008-12-20 00:49 <DIR> d-------- c:\program files\MSXML 6.0
2008-12-20 00:48 . 2008-12-20 00:53 <DIR> d-------- c:\program files\Microsoft SQL Server
2008-12-20 00:46 . 2008-12-20 00:46 <DIR> d-------- c:\program files\Microsoft Device Emulator
2008-12-20 00:45 . 2008-12-20 00:46 <DIR> d-------- c:\program files\Windows Mobile 5.0 SDK R2
2008-12-20 00:44 . 2008-12-20 00:45 <DIR> d-------- c:\program files\mIRC
2008-12-20 00:44 . 2008-12-20 00:44 <DIR> d-------- c:\program files\Microsoft Synchronization Services
2008-12-20 00:44 . 2008-12-20 00:44 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-12-20 00:44 . 2008-12-22 17:07 <DIR> d-------- c:\documents and settings\Administrator\Application Data\mIRC
2008-12-20 00:35 . 2008-12-20 00:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\PreEmptive Solutions
2008-12-20 00:29 . 2008-12-20 00:29 <DIR> d-------- c:\windows\symbols
2008-12-20 00:27 . 2008-12-20 00:50 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-20 00:27 . 2008-12-20 00:55 <DIR> d-------- c:\program files\Microsoft Visual Studio 9.0
2008-12-20 00:27 . 2008-12-20 00:27 <DIR> d-------- c:\program files\Microsoft SDKs
2008-12-20 00:27 . 2008-12-20 00:30 <DIR> d-------- c:\program files\HTML Help Workshop
2008-12-20 00:27 . 2008-12-20 00:35 <DIR> d-------- c:\program files\Common Files\Merge Modules
2008-12-20 00:27 . 2008-12-20 00:27 <DIR> d-------- c:\program files\CE Remote Tools
2008-12-20 00:25 . 2008-12-20 00:25 <DIR> d-------- c:\program files\Microsoft Web Designer Tools
2008-12-20 00:24 . 2008-12-20 00:24 <DIR> dr-h----- C:\MSOCache
2008-12-20 00:23 . 2008-12-20 00:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-20 00:22 . 2008-12-20 00:22 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-20 00:22 . 2008-12-20 00:22 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-20 00:22 . 2008-12-20 00:30 <DIR> d-------- c:\program files\MSBuild
2008-12-20 00:21 . 2006-06-29 13:07 22,752 --a------ c:\windows\system32\spupdsvc.exe
2008-12-20 00:21 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-12-20 00:10 . 2008-12-25 02:00 <DIR> d-------- c:\program files\eMule
2008-12-20 00:09 . 2008-12-20 00:09 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro
2008-12-20 00:09 . 2008-12-20 00:09 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DAEMON Tools
2008-12-20 00:08 . 2008-12-25 04:09 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-12-20 00:08 . 2008-12-20 00:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2008-12-20 00:07 . 2008-12-20 00:11 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2008-12-20 00:07 . 2008-12-20 00:07 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-12-20 00:04 . 2008-12-20 01:58 <DIR> d-------- C:\RatioMaster
2008-12-20 00:00 . 2008-12-20 00:00 <DIR> d-------- c:\program files\AC3Filter
2008-12-20 00:00 . 2008-07-09 03:05 421,888 --a------ c:\windows\system32\ac3filter.acm
2008-12-19 23:59 . 2008-12-19 23:59 <DIR> d-------- c:\program files\Xvid
2008-12-19 23:59 . 2008-12-04 21:42 815,104 --a------ c:\windows\system32\xvidcore.dll
2008-12-19 23:59 . 2008-12-04 21:46 180,224 --a------ c:\windows\system32\xvidvfw.dll
2008-12-19 23:59 . 2008-12-13 20:01 77,824 --a------ c:\windows\system32\xvid.ax
2008-12-19 23:58 . 2008-12-19 23:58 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Media Player Classic
2008-12-19 23:44 . 2008-12-19 23:46 <DIR> d-------- c:\program files\Winamp
2008-12-19 23:44 . 2008-12-19 23:46 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Winamp
2008-12-19 23:37 . 2008-12-19 23:37 0 --a------ c:\windows\nsreg.dat
2008-12-19 23:35 . 2008-12-23 01:55 <DIR> d-------- c:\program files\uTorrent
2008-12-19 23:35 . 2008-12-25 04:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\uTorrent
2008-12-19 23:34 . 2008-12-24 16:44 <DIR> d-------- C:\Downloads
2008-12-19 23:28 . 2008-12-19 23:28 <DIR> d-------- C:\drvrtmp
2008-12-19 23:28 . 2004-02-10 15:49 154,112 --a------ c:\windows\system32\drivers\e100b325.sys
2008-12-19 23:28 . 2004-02-10 15:49 154,112 --a--c--- c:\windows\system32\dllcache\e100b325.sys
2008-12-19 23:28 . 2003-11-21 15:26 118,784 --a------ c:\windows\system32\Prounstl.exe
2008-12-19 23:28 . 2003-07-28 06:55 24,064 --a------ c:\windows\system32\IntelNic.dll
2008-12-19 23:28 . 2004-02-18 17:40 12,288 --a------ c:\windows\system32\e100bmsg.dll
2008-12-19 23:28 . 2002-06-27 05:53 5,110 --a------ c:\windows\system32\e100b325.din
2008-12-19 23:28 . 2003-04-09 19:58 1,902 --------- c:\windows\system32\SetupBD.din
2008-12-19 23:23 . 2005-04-05 14:18 135,168 --a------ c:\windows\system32\igfxres.dll
2008-12-19 23:21 . 2008-12-19 23:21 <DIR> d-------- c:\program files\Analog Devices
2008-12-19 23:20 . 2008-12-19 23:20 <DIR> d--h----- c:\program files\InstallShield Installation Information
2008-12-19 23:20 . 2008-12-19 23:20 <DIR> d-------- c:\program files\Common Files\InstallShield
2008-12-19 23:20 . 2001-09-19 12:47 765,952 --a------ c:\windows\system\crlds3d.dll
2008-12-19 23:20 . 2004-09-17 09:02 732,928 --a------ c:\windows\system32\drivers\senfilt.sys
2008-12-19 23:20 . 2004-09-23 07:55 311,296 --a------ c:\windows\system32\Edcrypt.dll
2008-12-19 23:20 . 2005-03-22 11:08 260,224 --a------ c:\windows\system32\drivers\smwdm.sys
2008-12-19 23:20 . 2004-10-05 16:10 23,040 --a------ c:\windows\system32\PostProc.dll
2008-12-19 23:15 . 2008-12-19 23:15 <DIR> d-------- c:\program files\Intel
2008-12-19 23:14 . 2008-12-19 23:14 <DIR> d-------- C:\dell
2008-12-19 23:14 . 2008-04-14 00:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-12-19 23:05 . 2008-12-19 23:05 <DIR> d---s---- c:\windows\system32\Microsoft
2008-12-19 23:05 . 2008-12-19 23:05 <DIR> d--hs---- c:\documents and settings\NetworkService
2008-12-19 23:05 . 2008-12-19 23:05 <DIR> d--hs---- c:\documents and settings\LocalService
2008-12-19 23:05 . 2008-12-21 15:00 <DIR> d-------- c:\documents and settings\Administrator
2008-12-19 23:05 . 2008-12-19 23:05 8,192 --a------ c:\windows\REGLOCS.OLD
2008-12-19 23:02 . 2003-03-24 16:52 618,605 --a--c--- c:\windows\system32\dllcache\fp4autl.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-06-22 462848]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ee5541f-ce4b-11dd-8f5e-ea94e6723c1c}]
\Shell\AutoRun\command - f:\wd_windows_tools\WDSetup.exe
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe

.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhbgwuai.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-25 04:10:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srosa]
.
Completion time: 2008-12-25 4:11:36
ComboFix-quarantined-files.txt 2008-12-25 09:11:34
Pre-Run: 89,463,087,104 bytes free
Post-Run: 89,558,421,504 bytes free
310
----
Can someone tell me what my next step should be?
Thanks!

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: December 25, 2008 at 17:17:40 Pacific

Reply:

Just a reminder for other posters, using any tools recommended for another poster can render your computer useless in one click, especially Combofix, SDFix, and Hijack This but others also. Preferable state the problem you are having then we will recommend a procedure to follow.
Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Response Number 2

Name: DakotaJune
Date: December 25, 2008 at 19:42:04 Pacific

Reply:

hi jabuck, thanks for the reply.. the reason I initially ran combofix.exe was that winupgro.exe was showing up in my process list. After I ran combofix.exe once, I noticed that winupgro.exe was no longer showing up in my process list. This was yesterday before you posted. After reading your post, I did another reboot and followed your instructions. Here is the log file for hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:54 PM, on 12/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
--
End of file - 2440 bytes

Response Number 3

Name: jabuck
Date: December 25, 2008 at 20:35:52 Pacific

Reply:

I don't see an antivirus program running.
I use the free version of AVG antivirus, you can download it at this link:
AVG Free Antivirus
Update it once you get it installed.
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner
Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
3.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
4. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
5. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
6. Click View scan report at the bottom.
7. Click the Save Report As... button.
8. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**
To optimize scanning time and produce a more sensible report for review:
Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Sponsored Link

Ads by Google

PDF FONT EXTRACTOR xpnetdiag.exe winupgro.exe	winupgro.exe winupgro.exe winupgro
See More

First sinowal now symante...

Vundo Problem

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: winupgro.exe help

winupgro.exe virus(mdelk.exe)

Summary

www.computing.net/answers/security/winupgroexe-virusmdelkexe/24057.html

winupgro.exe virus

Summary

www.computing.net/answers/security/winupgroexe-virus/24101.html

infected: winupgro.exe

Summary

www.computing.net/answers/security/infected-winupgroexe/24122.html

From the Geek Dictionary
PCB - Acronym for Printed Circuit Board. PCB is the base layer for motherboards, ...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 7 Days.
Discuss in The Lounge
Poll History

Recent Posts
Unable to open individual folder

dmi pool data

KIS10 - Black List is Corrupt

Dropdown menus don't work in IE8

memory eror

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE