Virus infection Packed.Monder need help

View previous topic View next topic Go down

Virus infection Packed.Monder need help

Post by marfinn on Fri Oct 09, 2009 2:48 pm

Hello - I have a laptop PC running windowsXP SP3 and have been infected with the Packed.monder virus. AVG finds the virus but cannot eliminate it and the webbrowser is messed up; so I have been unable to download any files or virus removers. I followed instructions and was able to get a HJT log file shown below. Please help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:09 PM, on 10/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: ICQSys (IE PlugIn) - {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} - C:\WINDOWS\system32\dddesot.dll (file missing)
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AntipyProex (AntipPro2009_100) - Unknown owner - C:\WINDOWS\svchasts.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SQL Server Browser (SQLBrowser) - Unknown owner - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10115 bytes

marfinn
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-10-07
Gender Gender : Male
OS OS : xp
Points Points : 26161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus infection Packed.Monder need help

Post by Dr Jay on Fri Oct 09, 2009 3:33 pm

Hi

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus infection Packed.Monder need help

Post by marfinn on Fri Oct 09, 2009 4:13 pm

Thank you for the information - As the internet access on the infected computer is difficult and sometimes does not let me download files; should I download the file on another computer and save it to a flash drive and then load it onto the infected computer from the flash drive? Also should I save the file as a different name and then put it on the infected computer?
Thanks

marfinn
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-10-07
Gender Gender : Male
OS OS : xp
Points Points : 26161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus infection Packed.Monder need help

Post by Dr Jay on Fri Oct 09, 2009 8:38 pm

absoƖute. That was my next suggestion. Let's do the following instead:

Please download ComboFix from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective
    programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : [You must be registered and logged in to see this link.]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Do not mouse-click Combofix's window while it is running. That may cause it to stall.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus infection Packed.Monder need help

Post by marfinn on Sat Oct 10, 2009 12:53 pm

Thanks for the help. Ran combofix and the log file is:

ComboFix 09-10-08.04 - Owner 10/10/2009 8:28.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.589 [GMT -4:00]
Running from: G:\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Local Settings\Temporary Internet Files\head_firmware.inf
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\T10.GIF
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\T10_0x4102_0x1113_ENG.ZIP
c:\recycler\S-1-5-21-1216576308-2523670748-3372669220-1003
c:\windows\Installer\1324b.msi
c:\windows\Installer\3e03ff.msi
c:\windows\Installer\962d8f.msp
c:\windows\Installer\962d90.msp
c:\windows\Installer\962d91.msp
c:\windows\Installer\962d92.msp
c:\windows\Installer\962d93.msp
c:\windows\Installer\962d94.msp
c:\windows\Installer\962d95.msp
c:\windows\Installer\962d96.msp
c:\windows\Installer\962d97.msp
c:\windows\Installer\962d98.msp
c:\windows\Installer\b8caf.msi
c:\windows\Installer\b8cb0.msp
c:\windows\Installer\b8cb1.msp
c:\windows\Installer\b8cb2.msp
c:\windows\Installer\b8cb3.msp
c:\windows\Installer\b8cb4.msp
c:\windows\Installer\b8cb5.msp
c:\windows\Installer\b8cb6.msp
c:\windows\Installer\b8cb7.msp
c:\windows\Installer\b8cb8.msp
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\system32\bennuar.old
c:\windows\system32\bincd32.dat
c:\windows\system32\drivers\rotscxufnmxnqw.sys
c:\windows\system32\onhelp.htm
c:\windows\system32\rotscxbccpxtqc.dat
c:\windows\system32\rotscxevmodkri.dll
c:\windows\system32\rotscxfwmepyoe.dll
c:\windows\system32\rotscxrcvnvoqk.dll
c:\windows\system32\rotscxrwwudqjb.dll
c:\windows\system32\rotscxvxxovbir.dat
c:\windows\system32\sonhelp.htm
c:\windows\system32\sysnet.dat
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_rotscxmuiqmqpq
-------\Legacy_rotscxmuiqmqpq
-------\Legacy_ANTIPPRO2009_100
-------\Service_AntipPro2009_100


((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 )))))))))))))))))))))))))))))))
.

2009-10-07 23:19 . 2009-10-07 23:19 -------- d-----w- c:\program files\Trend Micro
2009-10-06 23:56 . 2009-10-06 23:56 44360 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-04 12:44 . 2009-10-04 12:44 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-04 12:41 . 2009-10-04 12:41 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-10-04 12:39 . 2009-10-04 12:39 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-10-04 12:36 . 2009-10-07 00:06 -------- d-----w- c:\windows\ie8updates
2009-10-04 12:35 . 2009-06-29 16:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-04 12:35 . 2009-06-29 16:12 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-10-04 12:33 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-04 12:33 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-04 12:33 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-13 17:53 . 2009-09-14 01:06 -------- d-----w- c:\program files\Windows Porocko

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-10 04:02 . 2008-06-03 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-07 00:25 . 2009-03-30 11:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-04 12:34 . 2009-01-11 23:26 -------- d-----w- c:\documents and settings\Owner\Application Data\HPAppData
2009-10-01 00:48 . 2008-12-12 20:28 38 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2009-09-30 23:24 . 2009-09-03 19:18 45 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences2.dat
2009-09-27 21:00 . 2008-12-13 03:36 38 ----a-w- c:\documents and settings\Jack\jagex_runescape_preferences.dat
2009-09-27 18:24 . 2009-09-09 19:29 45 ----a-w- c:\documents and settings\Jack\jagex_runescape_preferences2.dat
2009-09-27 18:23 . 2009-01-18 20:53 -------- d-----w- c:\documents and settings\Jack\Application Data\HPAppData
2009-09-06 14:54 . 2007-05-18 21:57 52664 ----a-w- c:\documents and settings\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-20 15:12 . 2009-01-19 18:33 -------- d-----w- c:\documents and settings\Phoebe\Application Data\HPAppData
2009-08-20 02:27 . 2007-05-18 12:56 52664 ----a-w- c:\documents and settings\Phoebe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-15 15:52 . 2006-03-21 21:09 52664 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-15 01:35 . 2009-08-15 01:35 -------- d-----w- c:\program files\MSBuild
2009-08-15 01:35 . 2009-08-15 01:35 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 23:24 . 2004-08-26 18:01 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-26 18:01 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-08-26 18:01 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-08-26 18:01 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-26 16:11 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-26 18:01 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2004-08-26 18:01 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-26 16:12 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-30 12:57 . 2009-03-30 11:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-30 12:57 . 2009-03-30 11:43 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-30 12:57 . 2009-03-30 11:42 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-17 19:01 . 2004-08-26 16:11 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-26 16:12 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2006-11-02 12:35 . 2006-11-02 12:29 56 --sh--r- c:\windows\system32\3D2CA714E8.sys
2007-04-25 14:55 . 2007-04-25 14:55 88 --sh--r- c:\windows\system32\E814A72C3D.sys
2007-10-31 16:54 . 2006-11-02 12:29 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 15:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-29 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-26 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-29 2023704]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-30 12:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"PSI_SVC_2"=2 (0x2)
"PrismXL"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [3/30/2009 7:43 AM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/30/2009 7:43 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/30/2009 7:43 AM 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/30/2009 7:42 AM 297752]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/10/2007 5:29 AM 29178224]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/28/2005 5:09 AM 200576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-10-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-12 00:07]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
SafeBoot-svcWRSSSDK



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-10 08:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(596)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\WLTRAY.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-10-10 8:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-10 12:45

Pre-Run: 27,863,547,904 bytes free
Post-Run: 28,489,019,392 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

273 --- E O F --- 2009-10-05 01:08

marfinn
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-10-07
Gender Gender : Male
OS OS : xp
Points Points : 26161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus infection Packed.Monder need help

Post by Dr Jay on Sat Oct 10, 2009 7:34 pm

Hi

Open notepad and copy/paste the text (including the URL) in the quotebox below into it:

[You must be registered and logged in to see this link.]

Suspect::
c:\program files\Windows Porocko

Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.


==

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

**Uninstall any previous versions you may have**

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus infection Packed.Monder need help

Post by marfinn on Mon Oct 12, 2009 8:08 pm

Hello - I have the log file from both the Combo Fix and Malware

ComboFix 09-10-11.03 - Owner 10/12/2009 8:46.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.314 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.

2009-10-07 23:19 . 2009-10-07 23:19 -------- d-----w- c:\program files\Trend Micro
2009-10-06 23:56 . 2009-10-06 23:56 44360 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-04 12:44 . 2009-10-04 12:44 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-04 12:41 . 2009-10-04 12:41 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-10-04 12:39 . 2009-10-04 12:39 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-10-04 12:36 . 2009-10-07 00:06 -------- d-----w- c:\windows\ie8updates
2009-10-04 12:35 . 2009-06-29 16:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-04 12:35 . 2009-06-29 16:12 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-10-04 12:33 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-04 12:33 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-04 12:33 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-13 17:53 . 2009-09-14 01:06 -------- d-----w- c:\program files\Windows Porocko

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 11:57 . 2008-06-03 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-07 00:25 . 2009-03-30 11:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-04 12:34 . 2009-01-11 23:26 -------- d-----w- c:\documents and settings\Owner\Application Data\HPAppData
2009-10-01 00:48 . 2008-12-12 20:28 38 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2009-09-30 23:24 . 2009-09-03 19:18 45 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences2.dat
2009-09-27 21:00 . 2008-12-13 03:36 38 ----a-w- c:\documents and settings\Jack\jagex_runescape_preferences.dat
2009-09-27 18:24 . 2009-09-09 19:29 45 ----a-w- c:\documents and settings\Jack\jagex_runescape_preferences2.dat
2009-09-27 18:23 . 2009-01-18 20:53 -------- d-----w- c:\documents and settings\Jack\Application Data\HPAppData
2009-09-06 14:54 . 2007-05-18 21:57 52664 ----a-w- c:\documents and settings\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-20 15:12 . 2009-01-19 18:33 -------- d-----w- c:\documents and settings\Phoebe\Application Data\HPAppData
2009-08-20 02:27 . 2007-05-18 12:56 52664 ----a-w- c:\documents and settings\Phoebe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-15 15:52 . 2006-03-21 21:09 52664 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-15 01:35 . 2009-08-15 01:35 -------- d-----w- c:\program files\MSBuild
2009-08-15 01:35 . 2009-08-15 01:35 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 23:24 . 2004-08-26 18:01 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-26 18:01 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-08-26 18:01 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-08-26 18:01 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-26 16:11 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-26 18:01 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2004-08-26 18:01 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-26 16:12 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-30 12:57 . 2009-03-30 11:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-30 12:57 . 2009-03-30 11:43 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-30 12:57 . 2009-03-30 11:42 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-17 19:01 . 2004-08-26 16:11 58880 ----a-w- c:\windows\system32\atl.dll
2006-11-02 12:35 . 2006-11-02 12:29 56 --sh--r- c:\windows\system32\3D2CA714E8.sys
2007-04-25 14:55 . 2007-04-25 14:55 88 --sh--r- c:\windows\system32\E814A72C3D.sys
2007-10-31 16:54 . 2006-11-02 12:29 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 15:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-29 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-26 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-29 2023704]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-30 12:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"PSI_SVC_2"=2 (0x2)
"PrismXL"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [3/30/2009 7:43 AM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/30/2009 7:43 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/30/2009 7:43 AM 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/30/2009 7:42 AM 297752]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/10/2007 5:29 AM 29178224]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/28/2005 5:09 AM 200576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-10-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-12 00:07]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-12 08:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3272)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-12 8:57
ComboFix-quarantined-files.txt 2009-10-12 12:55
ComboFix2.txt 2009-10-10 12:46

Pre-Run: 28,580,528,128 bytes free
Post-Run: 28,545,679,360 bytes free

198 --- E O F --- 2009-10-05 01:08


MALWARE LOG************************************************

Malwarebytes' Anti-Malware 1.41
Database version: 2945
Windows 5.1.2600 Service Pack 3

10/12/2009 10:11:33 AM
mbam-log-2009-10-12 (10-11-33).txt

Scan type: Full Scan (C:\|D:\|G:\|)
Objects scanned: 251527
Time elapsed: 59 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\rotscxevmodkri.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rotscxfwmepyoe.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rotscxrcvnvoqk.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rotscxrwwudqjb.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\rotscxufnmxnqw.sys.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Program Files\Windows Porocko\windows Porocko.eat (Antivirus2009) -> Quarantined and deleted successfully.
C:\Program Files\Windows Porocko\tmp\dbsinit.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1093\A0085392.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1093\A0085393.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1093\A0085394.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1093\A0085395.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1093\A0085396.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.


Thanks and let me know if you need any other info.

marfinn
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-10-07
Gender Gender : Male
OS OS : xp
Points Points : 26161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus infection Packed.Monder need help

Post by Dr Jay on Mon Oct 12, 2009 8:29 pm

Hi

Please download RootRepeal from [You must be registered and logged in to see this link.].
[*]Extract the program file to your Desktop.
[*]Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.


[*]Select ALL of the checkboxes and then click OK and it will start scanning your system.

[*]If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
[*]When done, click on Save Report
[*]Save it to the Desktop.
[*]Please copy/paste the contents of the report in your next reply.
[/list]
Please remove any e-mail address in the RootRepeal report (if present).

==

Please download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.


==

Please include the RootRepeal and SpiderKill logs in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus infection Packed.Monder need help

Post by marfinn on Mon Oct 12, 2009 10:09 pm

RootRepeal and SpiderKill logs as requested - continued thanks for the help

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/12 17:44
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF0DC3000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7AB0000 Size: 8192 File Visible: No Signed: -
Status: -

Name: hiber_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\hiber_WMILIB.SYS
Address: 0xF7A5E000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE664000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\program files\microsoft sql server\mssql.1\mssql\log\log_1028.trc
Status: Allocation size mismatch (API: 4096, Raw: 0)

==EOF==

SPIDER MASTER LOG FILE ***************************************

SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows XP [Version 5.1.2600]

********************Drivers list********************


Volume in drive C has no label.
Volume Serial Number is C04D-E128

Directory of C:\Windows\System32\Drivers

10/12/2009 05:43 PM .
10/12/2009 05:43 PM ..
04/13/2008 02:46 PM 53,376 1394bus.sys
08/17/2001 11:52 PM 23,552 ABP480N5.SYS
04/13/2008 02:36 PM 187,776 acpi.sys
08/04/2004 03:00 PM 11,648 acpiec.sys
08/18/2001 12:07 AM 101,888 adpu160m.sys
04/13/2008 08:11 PM 4,255 adv01nt5.dll
04/13/2008 08:11 PM 3,967 adv02nt5.dll
04/13/2008 08:11 PM 3,615 adv05nt5.dll
04/13/2008 08:11 PM 3,647 adv07nt5.dll
04/13/2008 08:11 PM 3,135 adv08nt5.dll
04/13/2008 08:11 PM 3,711 adv09nt5.dll
04/13/2008 08:11 PM 3,775 adv11nt5.dll
04/13/2008 12:39 PM 142,592 aec.sys
12/28/2005 05:27 AM 17,801 AegisP.sys
08/14/2008 06:04 AM 138,496 afd.sys
04/13/2008 02:36 PM 42,368 agp440.sys
04/13/2008 02:36 PM 44,928 agpcpq.sys
08/17/2001 11:52 PM 12,800 aha154x.sys
08/18/2001 12:07 AM 55,168 aic78u2.sys
08/18/2001 12:07 AM 56,960 aic78xx.sys
08/17/2001 11:51 PM 5,248 aliide.sys
04/13/2008 02:36 PM 42,752 alim1541.sys
04/13/2008 02:36 PM 43,008 amdagp.sys
04/13/2008 02:31 PM 37,376 amdk6.sys
04/13/2008 02:31 PM 37,760 amdk7.sys
08/17/2001 11:52 PM 12,032 amsint.sys
04/13/2008 02:51 PM 60,800 arp1394.sys
08/17/2001 11:52 PM 26,496 asc.sys
08/17/2001 11:52 PM 22,400 asc3350p.sys
08/17/2001 11:51 PM 14,848 asc3550.sys
12/28/2005 05:21 AM 8,552 asctrm.sys
04/13/2008 02:57 PM 14,336 asyncmac.sys
04/13/2008 02:40 PM 96,512 atapi.sys
08/03/2004 10:29 PM 56,623 ati1btxx.sys
08/03/2004 10:29 PM 11,615 ati1mdxx.sys
08/03/2004 10:29 PM 12,047 ati1pdxx.sys
08/03/2004 10:29 PM 30,671 ati1raxx.sys
08/03/2004 10:29 PM 63,663 ati1rvxx.sys
08/03/2004 10:29 PM 26,367 ati1snxx.sys
08/03/2004 10:29 PM 21,343 ati1ttxx.sys
08/03/2004 10:29 PM 36,463 ati1tuxx.sys
08/03/2004 10:29 PM 29,455 ati1xbxx.sys
08/03/2004 10:29 PM 34,735 ati1xsxx.sys
04/28/2005 10:05 AM 36,864 ati2erec.dll
08/03/2004 10:29 PM 327,040 ati2mtaa.sys
04/28/2005 10:37 AM 1,132,544 ati2mtag.sys
08/03/2004 10:29 PM 57,856 atinbtxx.sys
08/03/2004 10:29 PM 13,824 atinmdxx.sys
08/03/2004 10:29 PM 14,336 atinpdxx.sys
08/03/2004 10:29 PM 52,224 atinraxx.sys
08/03/2004 10:29 PM 104,960 atinrvxx.sys
08/03/2004 10:29 PM 28,672 atinsnxx.sys
08/03/2004 10:29 PM 13,824 atinttxx.sys
08/03/2004 10:29 PM 73,216 atintuxx.sys
08/03/2004 10:29 PM 31,744 atinxbxx.sys
08/03/2004 10:29 PM 63,488 atinxsxx.sys
07/17/2004 11:36 AM 64,352 ativmc20.cod
04/13/2008 02:51 PM 59,904 atmarpc.sys
08/04/2004 03:00 PM 31,360 atmepvc.sys
04/13/2008 02:51 PM 55,808 atmlane.sys
08/04/2004 03:00 PM 352,256 atmuni.sys
04/13/2008 08:11 PM 21,183 atv01nt5.dll
04/13/2008 08:11 PM 11,359 atv02nt5.dll
04/13/2008 08:11 PM 25,471 atv04nt5.dll
04/13/2008 08:11 PM 14,143 atv06nt5.dll
04/13/2008 08:11 PM 17,279 atv10nt5.dll
08/17/2001 04:59 PM 3,072 audstub.sys
10/10/2009 08:41 AM Avg
07/30/2009 08:57 AM 335,240 avgldx86.sys
07/30/2009 08:57 AM 27,784 avgmfx86.sys
04/24/2009 12:17 PM 12,552 avgrkx86.sys
04/24/2009 12:17 PM 108,552 avgtdix.sys
04/13/2008 02:36 PM 14,208 battc.sys
02/11/2005 09:46 AM 371,712 BCMWL5.SYS
08/04/2004 03:00 PM 4,224 beep.sys
04/13/2008 02:53 PM 71,552 bridge.sys
10/15/2004 01:50 PM 15,295 BrScnUsb.sys
09/29/2004 04:24 AM 51,712 BrSerIf.sys
01/10/2004 05:28 AM 11,648 BrUsbSer.sys
04/13/2008 02:46 PM 17,024 bthenum.sys
04/13/2008 02:46 PM 37,888 bthmodem.sys
04/13/2008 02:51 PM 101,120 bthpan.sys
06/13/2008 07:05 AM 272,128 bthport.sys
04/13/2008 02:46 PM 36,480 bthprint.sys
04/13/2008 02:46 PM 18,944 bthusb.sys
04/20/2005 05:45 AM 38,016 camc6aud.sys
04/20/2005 05:46 AM 350,080 camc6hal.sys
08/17/2001 11:52 PM 13,952 cbidf2k.sys
08/17/2001 11:52 PM 7,680 cd20xrnt.sys
08/04/2004 03:00 PM 18,688 cdaudio.sys
04/13/2008 03:14 PM 63,744 cdfs.sys
01/23/2007 08:07 PM 44,288 cdr4_xp.sys
11/10/2004 09:30 PM 24,832 cdralw2k.sys
04/13/2008 02:40 PM 62,976 cdrom.sys
04/13/2008 08:11 PM 15,423 ch7xxnt5.dll
08/04/2004 03:00 PM 262,528 cinemst2.sys
04/13/2008 03:16 PM 49,536 classpnp.sys
04/13/2008 02:36 PM 13,952 cmbatt.sys
08/17/2001 11:51 PM 6,656 cmdide.sys
04/13/2008 02:36 PM 10,240 compbatt.sys
08/17/2001 11:52 PM 14,976 cpqarray.sys
08/04/2004 03:00 PM 11,776 cpqdap01.sys
04/13/2008 02:31 PM 36,736 crusoe.sys
07/17/2004 10:55 PM 129,045 cxthsfs2.cty
08/17/2001 11:52 PM 179,584 dac2w2k.sys
08/17/2001 11:52 PM 14,720 dac960nt.sys
08/26/2004 06:45 AM disdn
04/13/2008 02:40 PM 36,352 disk.sys
04/13/2008 02:40 PM 14,208 diskdump.sys
04/13/2008 02:44 PM 799,744 dmboot.sys
04/13/2008 02:44 PM 153,344 dmio.sys
08/04/2004 03:00 PM 5,888 dmload.sys
04/13/2008 02:45 PM 52,864 dmusic.sys
08/18/2001 12:07 AM 20,192 dpti2o.sys
04/13/2008 02:45 PM 60,160 drmk.sys
04/13/2008 02:45 PM 2,944 drmkaud.sys
08/04/2004 03:00 PM 10,496 dxapi.sys
04/13/2008 02:38 PM 71,168 dxg.sys
08/04/2004 03:00 PM 3,328 dxgthk.sys
08/17/2001 05:46 PM 6,400 enum1394.sys
10/10/2009 08:39 AM etc
04/13/2008 03:14 PM 143,744 fastfat.sys
04/13/2008 02:40 PM 27,392 fdc.sys
04/13/2008 02:33 PM 44,544 fips.sys
04/13/2008 02:40 PM 20,480 flpydisk.sys
04/13/2008 02:32 PM 129,792 fltmgr.sys
08/04/2004 03:00 PM 12,160 fsvga.sys
08/04/2004 03:00 PM 7,936 fs_rec.sys
08/17/2001 11:52 PM 125,056 ftdisk.sys
04/13/2008 02:36 PM 46,464 gagp30kx.sys
03/19/2009 04:32 PM 23,400 GEARAspiWDM.sys
08/04/2004 03:00 PM 3,440,660 gm.dls
08/04/2004 03:00 PM 646 gmreadme.txt
04/13/2008 12:36 PM 144,384 hdaudbus.sys
04/13/2008 02:46 PM 25,600 hidbth.sys
04/13/2008 02:45 PM 36,864 hidclass.sys
04/13/2008 02:45 PM 19,200 hidir.sys
04/13/2008 02:45 PM 24,960 hidparse.sys
04/13/2008 02:45 PM 10,368 hidusb.sys
08/18/2001 12:07 AM 25,952 hpn.sys
01/24/2008 06:25 PM 49,920 HPZid412.sys
01/24/2008 06:25 PM 16,496 HPZipr12.sys
01/24/2008 06:25 PM 21,568 HPZius12.sys
08/03/2004 10:41 PM 220,032 hsfbs2s2.sys
08/03/2004 10:41 PM 685,056 hsfcxts2.sys
08/03/2004 10:41 PM 1,041,536 hsfdpsp2.sys
01/25/2005 03:26 AM 200,576 HSFHWATI.sys
01/24/2005 09:15 PM 129,045 HSFProf.cty
01/25/2005 03:26 AM 703,616 HSF_CNXT.sys
01/25/2005 03:27 AM 1,038,208 HSF_DPV.sys
04/13/2008 02:53 PM 264,832 http.sys
04/13/2008 02:41 PM 8,576 i2omgmt.sys
04/13/2008 02:41 PM 18,560 i2omp.sys
04/13/2008 03:18 PM 52,480 i8042prt.sys
04/13/2008 02:40 PM 42,112 imapi.sys
08/17/2001 11:52 PM 16,000 ini910u.sys
04/13/2008 02:40 PM 5,504 intelide.sys
04/13/2008 02:31 PM 36,352 intelppm.sys
04/13/2008 02:53 PM 36,608 ip6fw.sys
08/04/2004 03:00 PM 32,896 ipfltdrv.sys
04/13/2008 02:57 PM 20,864 ipinip.sys
04/13/2008 02:57 PM 152,832 ipnat.sys
04/13/2008 03:19 PM 75,264 ipsec.sys
04/13/2008 02:54 PM 11,264 irenum.sys
04/13/2008 02:36 PM 37,248 isapnp.sys
04/13/2008 02:39 PM 24,576 kbdclass.sys
04/13/2008 02:45 PM 172,416 kmixer.sys
04/13/2008 03:16 PM 141,056 ks.sys
06/24/2009 07:18 AM 92,928 ksecdd.sys
09/10/2009 02:53 PM 19,160 mbam.sys
09/10/2009 02:54 PM 38,224 mbamswissarmy.sys
08/04/2004 03:00 PM 7,680 mcd.sys
06/10/2007 10:17 AM 8,413 mcstrm.sys
03/17/2004 12:04 AM 13,059 mdmxsdk.sys
04/13/2008 02:36 PM 63,744 mf.sys
08/04/2004 03:00 PM 4,224 mnmdd.sys
04/13/2008 03:00 PM 30,080 modem.sys
04/13/2008 02:39 PM 23,040 mouclass.sys
08/17/2001 02:48 PM 12,160 mouhid.sys
04/13/2008 02:39 PM 42,368 mountmgr.sys
08/17/2001 11:52 PM 17,280 mraid35x.sys
04/13/2008 02:32 PM 180,608 mrxdav.sys
10/24/2008 07:21 AM 455,296 mrxsmb.sys
04/13/2008 02:32 PM 19,072 msfs.sys
04/13/2008 02:56 PM 35,072 msgpc.sys
04/13/2008 02:39 PM 7,552 mskssrv.sys
04/13/2008 02:39 PM 5,376 mspclock.sys
04/13/2008 02:39 PM 4,992 mspqm.sys
04/13/2008 02:36 PM 15,488 mssmbios.sys
08/03/2004 10:41 PM 126,686 mtlmnt5.sys
08/03/2004 10:41 PM 1,309,184 mtlstrm.sys
08/03/2004 10:29 PM 452,736 mtxparhm.sys
04/13/2008 03:17 PM 105,344 mup.sys
04/13/2008 02:43 PM 12,672 mutohpen.sys
08/17/2001 04:49 PM 19,968 mxnic.sys
04/13/2008 03:20 PM 182,656 ndis.sys
04/13/2008 02:57 PM 10,112 ndistapi.sys
04/13/2008 02:55 PM 14,592 ndisuio.sys
04/13/2008 03:20 PM 91,520 ndiswan.sys
04/13/2008 02:57 PM 40,576 ndproxy.sys
04/13/2008 02:56 PM 34,688 netbios.sys
04/13/2008 03:21 PM 162,816 netbt.sys
07/17/2004 11:35 AM 67,866 netwlan5.img
04/13/2008 02:51 PM 61,824 nic1394.sys
08/04/2004 03:00 PM 12,032 nikedrv.sys
04/13/2008 02:53 PM 40,320 nmnt.sys
04/13/2008 02:32 PM 30,848 npfs.sys
04/13/2008 03:15 PM 574,976 ntfs.sys
08/03/2004 10:41 PM 180,360 ntmtlfax.sys
08/04/2004 03:00 PM 2,944 null.sys
08/04/2004 01:29 AM 1,897,408 nv4_mini.sys
08/04/2004 03:00 PM 12,416 nwlnkflt.sys
08/04/2004 03:00 PM 32,512 nwlnkfwd.sys
04/13/2008 02:56 PM 88,320 nwlnkipx.sys
08/04/2004 03:00 PM 63,232 nwlnknb.sys
08/04/2004 03:00 PM 55,936 nwlnkspx.sys
04/13/2008 02:46 PM 61,696 ohci1394.sys
08/04/2004 03:00 PM 3,456 oprghdlr.sys
04/13/2008 02:31 PM 42,752 p3.sys
04/13/2008 02:40 PM 80,128 parport.sys
04/13/2008 02:40 PM 19,712 partmgr.sys
08/04/2004 03:00 PM 6,784 parvdm.sys
04/13/2008 02:36 PM 68,224 pci.sys
08/17/2001 11:51 PM 3,328 pciide.sys
04/13/2008 02:40 PM 24,960 pciidex.sys
04/13/2008 02:36 PM 120,192 pcmcia.sys
08/18/2001 12:07 AM 27,296 perc2.sys
08/18/2001 12:07 AM 5,504 perc2hib.sys
04/13/2008 03:19 PM 146,048 portcls.sys
04/13/2008 02:31 PM 35,840 processr.sys
04/13/2008 02:56 PM 69,120 psched.sys
08/04/2004 03:00 PM 17,792 ptilink.sys
08/17/2001 11:52 PM 40,320 ql1080.sys
08/17/2001 11:52 PM 33,152 ql10wnt.sys
08/17/2001 11:52 PM 45,312 ql12160.sys
08/17/2001 11:52 PM 40,448 ql1240.sys
08/17/2001 11:52 PM 49,024 ql1280.sys
08/04/2004 03:00 PM 8,832 rasacd.sys
04/13/2008 03:19 PM 51,328 rasl2tp.sys
04/13/2008 02:57 PM 41,472 raspppoe.sys
04/13/2008 03:19 PM 48,384 raspptp.sys
08/04/2004 03:00 PM 16,512 raspti.sys
08/04/2004 03:00 PM 34,432 rawwan.sys
04/13/2008 03:28 PM 175,744 rdbss.sys
08/04/2004 03:00 PM 4,224 rdpcdd.sys
04/13/2008 02:32 PM 196,224 rdpdr.sys
04/13/2008 08:13 PM 139,656 rdpwd.sys
08/03/2004 10:41 PM 13,776 recagent.sys
04/13/2008 02:40 PM 57,600 redbook.sys
04/13/2008 02:46 PM 59,136 rfcomm.sys
08/04/2004 03:00 PM 12,032 rio8drv.sys
08/04/2004 03:00 PM 12,032 riodrv.sys
05/08/2008 10:02 AM 203,136 rmcast.sys
04/13/2008 02:56 PM 30,592 rndismp.sys
04/13/2008 02:56 PM 30,592 rndismpx.sys
08/04/2004 03:00 PM 5,888 rootmdm.sys
08/03/2004 10:29 PM 166,912 s3gnbm.sys
08/23/2001 03:00 PM 22,400 SbcpHid.sys
04/13/2008 02:40 PM 96,384 scsiport.sys
04/13/2008 02:36 PM 79,232 sdbus.sys
11/13/2007 06:25 AM 20,480 secdrv.sys
04/13/2008 02:40 PM 15,744 serenum.sys
04/13/2008 03:15 PM 64,512 serial.sys
04/13/2008 02:40 PM 11,904 sffdisk.sys
04/13/2008 02:40 PM 10,240 sffp_mmc.sys
04/13/2008 02:40 PM 11,008 sffp_sd.sys
04/13/2008 02:40 PM 11,392 sfloppy.sys
04/13/2008 08:12 PM 3,901 siint5.dll
04/13/2008 02:36 PM 40,960 sisagp.sys
08/03/2004 10:41 PM 129,535 slnt7554.sys
08/03/2004 10:41 PM 404,990 slntamr.sys
08/03/2004 10:41 PM 95,424 slnthal.sys
08/03/2004 10:41 PM 13,240 slwdmsup.sys
04/13/2008 02:36 PM 5,888 smbali.sys
08/04/2004 03:00 PM 14,592 smclib.sys
04/13/2008 02:46 PM 25,344 sonydcam.sys
08/18/2001 12:07 AM 19,072 sparrow.sys
04/13/2008 02:45 PM 6,272 splitter.sys
04/13/2008 02:36 PM 73,472 sr.sys
12/11/2008 06:57 AM 333,952 srv.sys
04/13/2008 02:45 PM 49,408 stream.sys
04/13/2008 02:39 PM 4,352 swenum.sys
04/13/2008 02:45 PM 56,576 swmidi.sys
08/18/2001 12:07 AM 16,256 symc810.sys
08/18/2001 12:07 AM 32,640 symc8xx.sys
08/18/2001 12:07 AM 28,384 sym_hi.sys
08/18/2001 12:07 AM 30,688 sym_u3.sys
11/04/2004 08:47 PM 185,824 SynTP.sys
04/13/2008 03:15 PM 60,800 sysaudio.sys
04/13/2008 02:40 PM 14,976 tape.sys
06/20/2008 07:51 AM 361,600 tcpip.sys
06/20/2008 07:08 AM 225,856 tcpip6.sys
04/13/2008 03:00 PM 19,072 tdi.sys
04/13/2008 08:13 PM 12,040 tdpipe.sys
04/13/2008 08:13 PM 21,896 tdtcp.sys
04/13/2008 08:13 PM 40,840 termdd.sys
09/20/2005 12:30 PM 162,432 tifm21.sys
08/04/2004 03:00 PM 51,712 tosdvd.sys
08/17/2001 11:51 PM 4,992 toside.sys
08/04/2004 03:00 PM 21,376 tsbvcap.sys
04/13/2008 02:56 PM 12,288 tunmp.sys
04/13/2008 02:36 PM 44,672 uagp35.sys
04/13/2008 02:32 PM 66,048 udfs.sys
08/17/2001 11:52 PM 36,736 ultra.sys
12/26/2006 12:15 PM UMDF
04/13/2008 02:39 PM 384,768 update.sys
04/13/2008 02:56 PM 12,800 usb8023.sys
04/13/2008 02:56 PM 12,800 usb8023x.sys
05/29/2009 01:36 PM 39,424 usbaapl.sys
04/13/2008 02:45 PM 25,600 usbcamd.sys
04/13/2008 02:45 PM 25,728 usbcamd2.sys
04/13/2008 02:45 PM 32,128 usbccgp.sys
08/04/2004 03:00 PM 4,736 usbd.sys
04/13/2008 02:45 PM 30,208 usbehci.sys
04/13/2008 02:45 PM 59,520 usbhub.sys
04/13/2008 02:45 PM 15,872 usbintel.sys
04/13/2008 02:45 PM 17,152 usbohci.sys
04/13/2008 02:45 PM 143,872 usbport.sys
04/13/2008 02:47 PM 25,856 usbprint.sys
04/13/2008 02:45 PM 15,104 usbscan.sys
04/13/2008 02:45 PM 26,368 usbstor.sys
04/13/2008 02:45 PM 20,608 usbuhci.sys
04/13/2008 02:46 PM 121,984 usbvideo.sys
04/13/2008 08:12 PM 11,325 vchnt5.dll
08/04/2004 03:00 PM 58,112 vdmindvd.sys
04/13/2008 02:44 PM 20,992 vga.sys
04/13/2008 02:36 PM 42,240 viaagp.sys
04/13/2008 02:40 PM 5,376 viaide.sys
04/13/2008 02:44 PM 81,664 videoprt.sys
04/13/2008 02:41 PM 52,352 volsnap.sys
04/13/2008 02:43 PM 14,208 wacompen.sys
08/03/2004 10:29 PM 11,807 wadv07nt.sys
08/03/2004 10:29 PM 11,295 wadv08nt.sys
08/03/2004 10:29 PM 11,871 wadv09nt.sys
08/03/2004 10:29 PM 11,935 wadv11nt.sys
04/13/2008 02:57 PM 34,560 wanarp.sys
01/10/2003 05:13 PM 33,588 wanatw4.sys
08/03/2004 10:29 PM 22,271 watv06nt.sys
08/03/2004 10:29 PM 25,471 watv10nt.sys
04/13/2008 03:17 PM 83,072 wdmaud.sys
08/04/2004 03:00 PM 4,352 wmilib.sys
10/18/2006 09:00 PM 38,528 wpdusb.sys
08/04/2004 03:00 PM 12,032 ws2ifsl.sys
09/28/2006 07:55 PM 77,568 WudfPf.sys
09/28/2006 08:00 PM 82,944 WudfRd.sys
04/18/2005 11:26 AM 230,912 yk51x86.sys
342 File(s) 32,041,370 bytes

Directory of C:\Windows\System32\Drivers\Avg

10/10/2009 08:41 AM .
10/10/2009 08:41 AM ..
03/30/2009 07:42 AM 6,061,540 avi7.avg
10/10/2009 08:41 AM 42,619,516 incavi.avm
10/09/2009 06:43 PM 23,211 microavi.avg
10/01/2009 06:43 AM 492,629 miniavi.avg
4 File(s) 49,196,896 bytes

Directory of C:\Windows\System32\Drivers\disdn

08/26/2004 06:45 AM .
08/26/2004 06:45 AM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\etc

10/10/2009 08:39 AM .
10/10/2009 08:39 AM ..
10/10/2009 08:39 AM 27 hosts
08/04/2004 03:00 PM 3,683 lmhosts.sam
08/04/2004 03:00 PM 407 networks
08/04/2004 03:00 PM 799 protocol
08/04/2004 03:00 PM 7,116 services
5 File(s) 12,032 bytes

Directory of C:\Windows\System32\Drivers\UMDF

12/26/2006 12:15 PM .
12/26/2006 12:15 PM ..
10/18/2006 10:47 PM 671,232 wpdmtpdr.dll
1 File(s) 671,232 bytes

Total Files Listed:
352 File(s) 81,921,530 bytes
14 Dir(s) 28,624,990,208 bytes free


***********************Hidden Drivers********************
Volume in drive C has no label.
Volume Serial Number is C04D-E128

Directory of C:\Windows\System32\Drivers



*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 740 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 812 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 844 High C:\WINDOWS\system32\winlogon.exe
services.exe 888 Normal C:\WINDOWS\system32\services.exe
lsass.exe 900 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 1056 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1128 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1168 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1200 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1388 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1500 Normal C:\WINDOWS\system32\svchost.exe
wltrysvc.exe 1708 Normal C:\WINDOWS\System32\wltrysvc.exe
bcmwltry.exe 1720 Normal C:\WINDOWS\System32\bcmwltry.exe
spoolsv.exe 1780 Normal C:\WINDOWS\system32\spoolsv.exe
svchost.exe 1852 Normal C:\WINDOWS\system32\svchost.exe
AppleMobileDeviceService.exe 1892 Normal C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
avgwdsvc.exe 1904 Normal C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
svchost.exe 1960 Normal C:\WINDOWS\system32\svchost.exe
jqs.exe 1976 Idle C:\Program Files\Java\jre6\bin\jqs.exe
sqlservr.exe 2008 Normal C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
sqlwriter.exe 372 Normal C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe 432 Normal C:\WINDOWS\system32\svchost.exe
avgam.exe 696 Normal C:\PROGRA~1\AVG\AVG8\avgam.exe
avgrsx.exe 708 Normal C:\PROGRA~1\AVG\AVG8\avgrsx.exe
avgnsx.exe 712 Normal C:\PROGRA~1\AVG\AVG8\avgnsx.exe
alg.exe 2888 Normal C:\WINDOWS\System32\alg.exe
Explorer.EXE 3728 Normal C:\WINDOWS\Explorer.EXE
SynTPLpr.exe 4040 Normal C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh.exe 4048 Normal C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
atiptaxx.exe 4064 Normal C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
WLTRAY.exe 4072 Normal C:\WINDOWS\system32\WLTRAY.exe
jusched.exe 4088 Normal C:\Program Files\Java\jre6\bin\jusched.exe
avgtray.exe 1800 Normal C:\PROGRA~1\AVG\AVG8\avgtray.exe
apdproxy.exe 1072 Normal C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
iTunesHelper.exe 1296 Normal C:\Program Files\iTunes\iTunesHelper.exe
GoogleToolbarNotifier.exe 1436 Normal C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
wuauclt.exe 2448 Normal C:\WINDOWS\system32\wuauclt.exe
iPodService.exe 2736 Normal C:\Program Files\iPod\bin\iPodService.exe
svchost.exe 3852 Normal C:\WINDOWS\System32\svchost.exe
OUTLOOK.EXE 3768 Normal C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
avgcsrvx.exe 2716 Normal C:\Program Files\AVG\AVG8\avgcsrvx.exe
ctfmon.exe 3972 Normal C:\WINDOWS\system32\ctfmon.exe
WINWORD.EXE 3116 Normal C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
avgcsrvx.exe 3284 Normal C:\Program Files\AVG\AVG8\avgcsrvx.exe
Safari.exe 3024 Normal C:\Program Files\Safari\Safari.exe
cmd.exe 3988 Normal C:\WINDOWS\system32\cmd.exe
processes.exe 1612 Normal C:\Documents and Settings\Owner\Desktop\SpiderKill\SpiderKill\processes.exe


Module information for 'Explorer.EXE'(3728)
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1044480 C:\WINDOWS\Explorer.EXE 6.00.2900.5512 (xpsp.080413-2105) Windows Explorer
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
SHDOCVW.dll 7e290000 1511424 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 610304 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.5512 (xpsp.080413-0852) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust UI Provider
NETAPI32.dll 5b860000 348160 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) Net Win32 API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
WININET.dll 3d930000 851968 C:\WINDOWS\system32\WININET.dll 7.00.6000.16876 (vista_gdr.090625-2339) Internet Extensions for Win32
Normaliz.dll 400000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
iertutil.dll 3dfd0000 282624 C:\WINDOWS\system32\iertutil.dll 7.00.6000.16876 (vista_gdr.090625-2339) Run time utility for Internet Explorer
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.5512 (xpsp.080413-2105) Windows NT Image Helper
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
LPK.DLL 629c0000 36864 C:\WINDOWS\system32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
USP10.dll 74d90000 438272 C:\WINDOWS\system32\USP10.dll 1.0420.2600.5512 (xpsp.080413-2105) Uniscribe Unicode script processor
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
msctfime.ime 755c0000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Text Frame Work Service IME
appHelp.dll 77b40000 139264 C:\WINDOWS\system32\appHelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.5512 (xpsp.080413-2105) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.5512 (xpsp.080413-2111) Offline Network Agent
themeui.dll 5ba60000 462848 C:\WINDOWS\system32\themeui.dll 6.00.2900.5512 (xpsp.080413-2105) Windows Theme API
MSIMG32.dll 76380000 20480 C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.5512 (xpsp.080413-2105) GDIEXT Client DLL
xpsp2res.dll 1160000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
urlmon.dll 78130000 1208320 C:\WINDOWS\system32\urlmon.dll 7.00.6000.16876 (vista_gdr.090625-2339) OLE32 Extensions for Win32
ieframe.dll 3e1c0000 6082560 C:\WINDOWS\system32\ieframe.dll 7.00.6000.16890 (vista_gdr.090717-2341) Internet Explorer
PSAPI.DLL 76bf0000 45056 C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.5512 (xpsp.080413-2105) Process Status Helper
msutb.dll 5fc10000 208896 C:\WINDOWS\system32\msutb.dll 5.1.2600.5512 (xpsp.080413-2105) MSUTB Server DLL
MSCTF.dll 74720000 311296 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.5512 (xpsp.080413-2105) MSCTF Server DLL
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.5512 (xpsp.080413-2105) Windows Volume Tracking
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.5512 (xpsp.080413-2105) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
NETSHELL.dll 76400000 1724416 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Shell
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.5512 (xpsp.080413-2113) Credential Manager User Interface
dot3api.dll 478c0000 40960 C:\WINDOWS\system32\dot3api.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 Autoconfiguration API
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.5512 (xpsp.080413-0852) Routing Utilities
dot3dlg.dll 736d0000 24576 C:\WINDOWS\system32\dot3dlg.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 UI Helper
OneX.DLL 5dca0000 163840 C:\WINDOWS\system32\OneX.DLL 5.1.2600.5512 (xpsp.080413-0852) IEEE 802.1X supplicant library
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Terminal Server SDK APIs
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
eappcfg.dll 745b0000 139264 C:\WINDOWS\system32\eappcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Eap Peer Config
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
eappprxy.dll 5dcd0000 57344 C:\WINDOWS\system32\eappprxy.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPHost Peer Client DLL
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
msi.dll 7d1e0000 2867200 C:\WINDOWS\system32\msi.dll 3.1.4001.5512 Windows Installer
webcheck.dll 42e40000 245760 C:\WINDOWS\system32\webcheck.dll 7.00.6000.16876 (vista_gdr.090625-2339) Web Site Monitor
stobject.dll 76280000 135168 C:\WINDOWS\system32\stobject.dll 5.1.2600.5512 (xpsp.080413-2105) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINDOWS\system32\BatMeter.dll 6.00.2900.5512 (xpsp.080413-2105) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINDOWS\system32\POWRPROF.dll 6.00.2900.5512 (xpsp.080413-2105) Power Profile Helper DLL
WPDShServiceObj.dll 164a0000 143360 C:\WINDOWS\system32\WPDShServiceObj.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device Shell Service Object
WINHTTP.dll 4d4f0000 364544 C:\WINDOWS\system32\WINHTTP.dll 5.1.2600.5727 (xpsp_sp3_gdr.081215-1359) Windows HTTP Services
PortableDeviceTypes.dll 109c0000 180224 C:\WINDOWS\system32\PortableDeviceTypes.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device (Parameter) Types Component
PortableDeviceApi.dll 10930000 299008 C:\WINDOWS\system32\PortableDeviceApi.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device API Components
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.5512 (xpsp.080413-2105) Multi Language Support DLL
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.5512 (xpsp.080413-2108) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft MIDI Mapper
SynTPFcs.dll 63000000 77824 C:\WINDOWS\system32\SynTPFcs.dll 7.12.3 08Oct04 SynTPFcs
WZCSAPI.DLL 73030000 65536 C:\WINDOWS\system32\WZCSAPI.DLL 5.1.2600.5512 (xpsp.080413-0852) Wireless Zero Configuration service API
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.5512 (xpsp.080413-0852) Multiple Provider Router DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft® Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.5512 (xpsp.080413-2113) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 40960 C:\WINDOWS\System32\davclnt.dll 5.1.2600.5512 (xpsp.080413-2111) Web DAV Client DLL
wzcdlg.dll 5df10000 393216 C:\WINDOWS\system32\wzcdlg.dll 5.1.2600.5512 (xpsp.080413-0852) Wireless Zero Configuration Service UI
rsaenh.dll 68000000 221184 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
SXS.DLL 7e720000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.5512 (xpsp.080413-2111) Fusion 2.5
PDFShell.dll 10000000 372736 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 8.1.0.0 PDF Shell Extension
MSVCR80.dll 2aa0000 634880 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll 8.00.50727.3053 Microsoft® C Runtime Library
browselc.dll 71600000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
mswsock.dll 71a50000 258048 C:\WINDOWS\System32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) Microsoft Windows Sockets 2.0 Service Provider
DNSAPI.dll 76f20000 159744 C:\WINDOWS\system32\DNSAPI.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) DNS Client API DLL
winrnr.dll 76fb0000 32768 C:\WINDOWS\System32\winrnr.dll 5.1.2600.5512 (xpsp.080413-2113) LDAP RnR Provider DLL
mdnsNSP.dll 16080000 151552 C:\Program Files\Bonjour\mdnsNSP.dll 1,0,6,2 Bonjour Namespace Provider
rasadhlp.dll 76fc0000 24576 C:\WINDOWS\system32\rasadhlp.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access AutoDial Helper
mscoree.dll 79000000 286720 C:\WINDOWS\system32\mscoree.dll 2.0.50727.3053 (netfxsp.050727-3000) Microsoft .NET Runtime Execution Engine
mscorwks.dll 79e70000 5832704 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll 2.0.50727.3082 (QFE.050727-3000) Microsoft .NET Runtime Common Language Runtime - WorkStation
mscorlib.ni.dll 790c0000 11497472 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll 2.0.50727.3082 (QFE.050727-3000) Microsoft Common Language Runtime Class Library
Act.UI.InternetExplorer.Plugins.AttachFile.dll 33100000 40960 C:\Program Files\ACT\Act for Windows\Plugins\Act.UI.InternetExplorer.Plugins.AttachFile.dll 10.0.237.0 Act BHO Plug-in
mscorjit.dll 79060000 372736 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll 2.0.50727.3082 (QFE.050727-3000) Microsoft .NET Runtime Just-In-Time Compiler
Act.Interop.SHDocVw.dll 5050000 139264 C:\Program Files\ACT\Act for Windows\Plugins\Act.Interop.SHDocVw.dll 1.1.0.0
DUSER.dll 6c1b0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.5512 (xpsp.080413-2105) Windows DirectUser Engine
AcroIEHelper.dll c30000 65536 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 8.0.0.2006102200 Adobe PDF Helper for Internet Explorer
msohev.dll 325c0000 73728 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 11.0.5510 Microsoft Office 2003 component



******************************************
EOF

marfinn
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-10-07
Gender Gender : Male
OS OS : xp
Points Points : 26161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus infection Packed.Monder need help

Post by Dr Jay on Tue Oct 13, 2009 3:55 am

Hi

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus infection Packed.Monder need help

Post by marfinn on Tue Oct 13, 2009 11:06 am

Hello,
Went to System restore as instructed and cannot enter a name in the field to create a restore point. Restarted computer and tried again - still won't let me type in a name - I stopped there, no other steps taken yet.

marfinn
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-10-07
Gender Gender : Male
OS OS : xp
Points Points : 26161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus infection Packed.Monder need help

Post by Dr Jay on Tue Oct 13, 2009 2:50 pm

It is time to fix the damages due to malware, and to secure your computer to help prevent re-infection.
Please download [You must be registered and logged in to see this link.] by DragonMaster Jay, and save it to your Desktop. Right click and Extract All, and save the files to your Desktop.
  • Please disable realtime protection. (If any)
  • Double-click RunFirst.vbs. Follow the prompts and make sure it completes. It will confirm the Restore Point was added.
  • Double-click DragonFix.reg, and follow the prompt(s).
  • Please reboot your computer.


Then try to run Security Check again.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus infection Packed.Monder need help

Post by marfinn on Tue Oct 13, 2009 11:35 pm

Hello, got the through the tasks required - note pad file from security check as follows and thanks again.

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
AVG 8.5
``````````````````````````````
Anti-malware/Other Utilities Check:

HijackThis 2.0.2
Java(TM) 6 Update 13
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

marfinn
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-10-07
Gender Gender : Male
OS OS : xp
Points Points : 26161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus infection Packed.Monder need help

Post by Dr Jay on Wed Oct 14, 2009 12:46 am

Hi

Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version.
  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • [You must be registered and logged in to see this link.]: free and excellent firewall.


AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus infection Packed.Monder need help

Post by marfinn on Wed Oct 14, 2009 3:00 am

Thank you very much for your assistance with this issue. I will be making a contribution shortly. Questions: I run AVG Anti-virus Security software - do you recommend it and does it conflict with many other products. Also - due to network connection issues i have disabled windows firewall - it kept out the good and the bad. Should I enable it and use exceptions for controlled access. I appreciate all the assistance and recommend Geek Police very highly - I will recommend to F&F willing to contribute and provide advice or receive. Marfinn

marfinn
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-10-07
Gender Gender : Male
OS OS : xp
Points Points : 26161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus infection Packed.Monder need help

Post by Dr Jay on Wed Oct 14, 2009 3:18 am

AVG is looking fine. As long as you only use it with one Firewall. Luckily with AVG, you do not need an antispyware, because it is already built in. Smile

Just get a firewall, and you will have a safe computer to prevent spyware and viruses in the future.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum