By johnfree
May 17, 2011
  1. got a message from avg free virus protection
    about a virus i was infected with called win32/Heur.dropper
    I was able to delete some files that was infected and put the others in quarantine
    I just want to make sure this virus is no longer a treat to my computer thank you so much in advance

    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by YnW at 17:58:25.03 on Tue 05/17/2011
    Internet Explorer: 9.0.8112.16421
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3001.1749 [GMT -7:00]
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ============== Running Processes ===============
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files (x86)\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
    C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe
    C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
    C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Apoint2K\HidFind.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
    C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
    C:\Windows\System32\svchost.exe -k swprv
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://
    uSearch Bar = Preserve
    mDefault_Page_URL = hxxp://
    mStart Page = hxxp://
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
    mRun: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
    mRun: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
    mRun: [CLMLServer] "c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Free YouTube to MP3 Converter - C:\Users\YnW\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
    BHO-X64: IESiteBlocker.NavFilter - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
    mRun-x64: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
    mRun-x64: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    mRun-x64: [PLFSetI] C:\Windows\PLFSetI.exe
    mRun-x64: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
    ============= SERVICES / DRIVERS ===============
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2011-3-16 37456]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2011-1-7 304720]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-3-1 41552]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-4-5 377936]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 DigiNet;Digidesign Ethernet Support;C:\Windows\System32\drivers\diginet.sys [2010-6-16 21520]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-8-6 844320]
    R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
    R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
    R2 MboxMiniAudioDevMon;Mbox Mini Audio Device Monitor;C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe [2010-10-8 1919504]
    R2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [2010-10-6 1636872]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-9-24 62720]
    R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-10-28 240160]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2010-7-23 292864]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-7-23 139264]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-20 317480]
    R3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;C:\Windows\System32\drivers\MAudioMIDISPORT.sys [2010-10-6 199176]
    R3 MBOXMINI;Service for Avid Mbox Mini;C:\Windows\System32\drivers\AvidMboxMini.sys [2010-10-8 419856]
    R3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);C:\Windows\System32\drivers\OXSDIDRV_x64.sys [2009-9-28 51760]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-6 135664]
    S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2011-4-14 118864]
    S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2011-2-10 29264]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-5 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-6 135664]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 OXUDIDRV;OXUDIDRV;C:\Windows\System32\drivers\OXUDIDRV_x64.sys [2011-5-3 31280]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-28 216064]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 SynasUSB;SynasUSB;C:\Windows\System32\drivers\synUSB64.sys [2010-8-17 31248]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-7 1255736]
    S4 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
    S4 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
    S4 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-4-7 1153368]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    =============== Created Last 30 ================
    2011-05-18 00:34:59 -------- d-----w- C:\Users\YnW\AppData\Roaming\Malwarebytes
    2011-05-18 00:34:49 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-05-18 00:34:49 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-05-18 00:34:46 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-05-18 00:34:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-05-16 18:07:05 -------- d-----w- C:\Windows\pss
    2011-05-03 13:29:34 -------- d-----w- C:\Program Files (x86)\PLX Technology
    2011-05-03 13:29:28 31280 ----a-w- C:\Windows\System32\drivers\OXUDIDRV_x64.sys
    2011-05-03 13:29:18 -------- d-----w- C:\Users\YnW\AppData\Local\Downloaded Installations
    2011-05-03 13:29:13 -------- d-----w- C:\Program Files\Iomega
    2011-04-26 21:58:12 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-04-26 21:58:12 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-04-26 21:58:11 2870272 ----a-w- C:\Windows\explorer.exe
    2011-04-26 21:58:11 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
    2011-04-26 21:54:12 2566144 ----a-w- C:\Windows\System32\esent.dll
    2011-04-26 21:54:12 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2011-04-26 21:54:11 96768 ----a-w- C:\Windows\System32\fsutil.exe
    2011-04-26 21:54:11 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
    2011-04-26 21:54:11 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
    2011-04-26 21:54:11 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
    2011-04-26 21:54:10 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
    2011-04-26 21:54:10 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
    2011-04-26 21:54:10 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
    2011-04-26 21:54:10 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
    2011-04-26 21:54:10 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
    2011-04-26 21:52:36 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
    2011-04-26 21:52:36 31232 ----a-w- C:\Windows\System32\prevhost.exe
    ==================== Find3M ====================
    2011-04-15 04:28:24 118864 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
    2011-04-05 07:59:54 377936 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2011-03-16 23:03:18 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
    2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
    2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
    2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
    2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
    2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
    2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
    2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
    2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
    2011-03-01 21:25:18 41552 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2011-02-24 06:30:00 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-02-24 05:32:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
    2011-02-22 15:12:46 26704 ----a-w- C:\Windows\System32\drivers\AVGIDSEH.sys
    2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
    2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
    2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2011-02-19 06:36:13 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2011-02-19 05:32:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-02-19 04:13:39 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2011-02-19 03:37:02 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
    ============= FINISH: 17:58:43.71 ===============

    DDS (Ver_11-03-05.01)
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/6/2010 7:26:32 AM
    System Uptime: 5/17/2011 5:45:20 PM (0 hours ago)
    Motherboard: Gateway | | SJV50MV
    Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | U2E1 | 2200/200mhz
    ==== Disk Partitions =========================
    C: is FIXED (NTFS) - 286 GiB total, 235.572 GiB free.
    D: is CDROM (UDF)
    E: is CDROM (CDFS)
    F: is FIXED (NTFS) - 931 GiB total, 929.138 GiB free.
    G: is Removable
    ==== Disabled Device Manager Items =============
    ==== System Restore Points ===================
    RP173: 5/11/2011 10:08:49 AM - Windows Update
    RP174: 5/17/2011 5:39:15 AM - Installed Pro Tools LE
    RP175: 5/17/2011 5:42:49 AM - Installed Pro Tools LE
    RP176: 5/17/2011 5:44:37 AM - Device Driver Package Install: Avid Sound, video and game controllers
    RP177: 5/17/2011 5:44:56 AM - Device Driver Package Install: Avid Universal Serial Bus controllers
    RP178: 5/17/2011 8:41:41 AM - Restore Operation
    ==== Installed Programs ======================
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.4.4 MUI
    Apple Application Support
    Apple Software Update
    Avid Pro Tools Creative Collection 8.0.4
    Avid Pro Tools LE 8.0.4
    Backup Manager Basic
    CyberLink Power2Go
    CyberLink PowerDVD 8
    eBay Worldwide
    Free Audio CD Burner version 1.4.7
    Free DigiRack Plug-Ins 8.0.3
    Gateway InfoCentre
    Gateway MyBackup
    Gateway Power Management
    Gateway Recovery Management
    Gateway Registration
    Gateway ScreenSaver
    Gateway Updater
    Google Toolbar for Internet Explorer
    Google Update Helper
    Identity Card
    Junk Mail filter update
    Launch Manager
    Live Lite Alesis Edition
    M-Audio Series II MIDI
    Malwarebytes' Anti-Malware
    McAfee Security Scan Plus
    Mesh Runtime
    Messenger Companion
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Suite Activation Assistant
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Realtek USB 2.0 Card Reader
    RemoteComms External Disk Access
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Spybot - Search & Destroy
    Steinberg Cubase SX v3.1.1.944
    Trojan Remover 6.8.2
    Video Web Camera
    Visual Studio 2008 x64 Redistributables
    Welcome Center
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    ==== End Of File ===========================

    Malwarebytes' Anti-Malware

    Database version: 6602

    Windows 6.1.7600
    Internet Explorer 9.0.8112.16421

    5/17/2011 7:05:14 PM
    mbam-log-2011-05-17 (19-05-14).txt

    Scan type: Quick scan
    Objects scanned: 156667
    Time elapsed: 3 minute(s), 9 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    gmer log was completely blank
  2. johnfree

    johnfree TS Rookie Topic Starter

    sorry i spelled threat incorrectly kind of in a rush :eek:
  3. Broni

    Broni Malware Annihilator Posts: 52,792   +343

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.


    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  4. johnfree

    johnfree TS Rookie Topic Starter

    I'm currently at work right now I'll follow all the your instruction when I get home in the morning sorry for posting something I was not supposed to and thank you so much for your assistance it is greatly appreciated
  5. Broni

    Broni Malware Annihilator Posts: 52,792   +343

    You're very welcome [​IMG]
  6. johnfree

    johnfree TS Rookie Topic Starter

    good morning friend
    I ran the eset online scanner when i got home from work this morning
    it took an hour and a half to finish
    when it was done my scan results was no threats found
    there's no list of found threats text files to log
    I followed your instructions first step to last as intended
    is it safe to say my computer is viruse free now?
    thanks again
  7. Broni

    Broni Malware Annihilator Posts: 52,792   +343

    Indeed :)

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!:

    12. Please, let me know, how your computer is doing.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...