Trojan:Win32/Alureon.EP removal help please

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Re: Trojan:Win32/Alureon.EP removal help please5th June 2011, 3:39 pm

2011/06/05 11:37:10.0481 3864 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/05 11:37:10.0859 3864 ================================================================================
2011/06/05 11:37:10.0859 3864 SystemInfo:
2011/06/05 11:37:10.0859 3864
2011/06/05 11:37:10.0860 3864 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/05 11:37:10.0860 3864 Product type: Workstation
2011/06/05 11:37:10.0860 3864 ComputerName: RON-PC
2011/06/05 11:37:10.0861 3864 UserName: Ron
2011/06/05 11:37:10.0861 3864 Windows directory: C:\Windows
2011/06/05 11:37:10.0861 3864 System windows directory: C:\Windows
2011/06/05 11:37:10.0861 3864 Running under WOW64
2011/06/05 11:37:10.0861 3864 Processor architecture: Intel x64
2011/06/05 11:37:10.0861 3864 Number of processors: 2
2011/06/05 11:37:10.0861 3864 Page size: 0x1000
2011/06/05 11:37:10.0861 3864 Boot type: Normal boot
2011/06/05 11:37:10.0861 3864 ================================================================================
2011/06/05 11:37:12.0726 3864 Initialize success
2011/06/05 11:37:15.0152 0860 ================================================================================
2011/06/05 11:37:15.0152 0860 Scan started
2011/06/05 11:37:15.0152 0860 Mode: Manual;
2011/06/05 11:37:15.0152 0860 ================================================================================
2011/06/05 11:37:15.0805 0860 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/05 11:37:15.0852 0860 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/05 11:37:15.0934 0860 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/05 11:37:16.0039 0860 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/05 11:37:16.0136 0860 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/05 11:37:16.0192 0860 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/05 11:37:16.0300 0860 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/06/05 11:37:16.0335 0860 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/05 11:37:16.0405 0860 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/05 11:37:16.0544 0860 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/05 11:37:16.0595 0860 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
2011/06/05 11:37:16.0679 0860 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/05 11:37:17.0113 0860 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/05 11:37:17.0348 0860 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/06/05 11:37:17.0442 0860 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/05 11:37:17.0515 0860 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/06/05 11:37:17.0550 0860 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/05 11:37:17.0592 0860 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/06/05 11:37:17.0635 0860 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/06/05 11:37:17.0737 0860 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/05 11:37:17.0767 0860 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/05 11:37:17.0804 0860 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/05 11:37:17.0880 0860 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/05 11:37:18.0013 0860 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
2011/06/05 11:37:18.0052 0860 AtiHdmiService (7e2f5a758f63f80f8b03f889b4e6b19f) C:\Windows\system32\drivers\AtiHdmi.sys
2011/06/05 11:37:18.0137 0860 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/06/05 11:37:18.0260 0860 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/05 11:37:18.0314 0860 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/05 11:37:18.0406 0860 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/05 11:37:18.0520 0860 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/05 11:37:18.0635 0860 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/05 11:37:18.0672 0860 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/05 11:37:18.0726 0860 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/05 11:37:18.0752 0860 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/05 11:37:18.0769 0860 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/05 11:37:18.0782 0860 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/05 11:37:18.0796 0860 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/05 11:37:18.0823 0860 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/05 11:37:18.0863 0860 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/05 11:37:18.0948 0860 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/05 11:37:19.0001 0860 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/05 11:37:19.0073 0860 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/05 11:37:19.0144 0860 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/05 11:37:19.0195 0860 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/05 11:37:19.0227 0860 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/06/05 11:37:19.0242 0860 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/05 11:37:19.0288 0860 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/05 11:37:19.0345 0860 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/05 11:37:19.0429 0860 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/06/05 11:37:19.0484 0860 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/05 11:37:19.0536 0860 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/05 11:37:19.0618 0860 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/05 11:37:19.0731 0860 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/05 11:37:19.0836 0860 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/05 11:37:19.0965 0860 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/05 11:37:19.0982 0860 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/05 11:37:20.0024 0860 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/05 11:37:20.0102 0860 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/05 11:37:20.0134 0860 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/05 11:37:20.0222 0860 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/05 11:37:20.0252 0860 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/05 11:37:20.0346 0860 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/05 11:37:20.0390 0860 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/06/05 11:37:20.0477 0860 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/05 11:37:20.0512 0860 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/05 11:37:20.0591 0860 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/05 11:37:20.0650 0860 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/05 11:37:20.0726 0860 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/05 11:37:20.0779 0860 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/05 11:37:20.0858 0860 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/06/05 11:37:20.0923 0860 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/05 11:37:20.0978 0860 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/05 11:37:20.0994 0860 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/05 11:37:21.0011 0860 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/05 11:37:21.0078 0860 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/05 11:37:21.0159 0860 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/05 11:37:21.0220 0860 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/06/05 11:37:21.0288 0860 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/05 11:37:21.0350 0860 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/05 11:37:21.0410 0860 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/06/05 11:37:21.0445 0860 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/05 11:37:21.0472 0860 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/05 11:37:21.0494 0860 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/05 11:37:21.0512 0860 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/05 11:37:21.0552 0860 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/05 11:37:21.0588 0860 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/05 11:37:21.0660 0860 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/05 11:37:21.0720 0860 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/05 11:37:21.0785 0860 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/05 11:37:21.0844 0860 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/05 11:37:21.0916 0860 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/05 11:37:21.0956 0860 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/05 11:37:22.0024 0860 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/05 11:37:22.0113 0860 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/05 11:37:22.0202 0860 L1C (2377ec4cc3e356655b996f39b43486b6) C:\Windows\system32\DRIVERS\L1C62x64.sys
2011/06/05 11:37:22.0326 0860 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/05 11:37:22.0383 0860 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/05 11:37:22.0441 0860 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/05 11:37:22.0476 0860 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/05 11:37:22.0498 0860 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/05 11:37:22.0531 0860 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/05 11:37:22.0606 0860 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/05 11:37:22.0637 0860 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/05 11:37:22.0778 0860 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/05 11:37:22.0815 0860 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/05 11:37:22.0947 0860 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/05 11:37:22.0995 0860 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/05 11:37:23.0079 0860 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/06/05 11:37:23.0227 0860 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/06/05 11:37:23.0268 0860 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/05 11:37:23.0369 0860 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/06/05 11:37:23.0407 0860 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/05 11:37:23.0481 0860 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/05 11:37:23.0546 0860 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/05 11:37:23.0612 0860 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/05 11:37:23.0646 0860 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/05 11:37:23.0676 0860 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/05 11:37:23.0730 0860 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/05 11:37:23.0788 0860 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/05 11:37:23.0806 0860 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/05 11:37:23.0826 0860 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/05 11:37:23.0904 0860 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/05 11:37:24.0015 0860 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/05 11:37:24.0049 0860 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/05 11:37:24.0080 0860 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/06/05 11:37:24.0161 0860 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/05 11:37:24.0198 0860 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/05 11:37:24.0273 0860 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/05 11:37:24.0325 0860 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/06/05 11:37:24.0418 0860 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/05 11:37:24.0492 0860 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/05 11:37:24.0571 0860 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/06/05 11:37:24.0652 0860 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/05 11:37:24.0715 0860 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/05 11:37:24.0777 0860 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/05 11:37:24.0801 0860 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/05 11:37:24.0839 0860 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/06/05 11:37:24.0906 0860 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/05 11:37:24.0943 0860 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/05 11:37:25.0049 0860 netr28ux (c553716f6f7bca3444cee52dfb7c9016) C:\Windows\system32\DRIVERS\netr28ux.sys
2011/06/05 11:37:25.0121 0860 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/05 11:37:25.0220 0860 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/06/05 11:37:25.0356 0860 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/05 11:37:25.0387 0860 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/05 11:37:25.0427 0860 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/06/05 11:37:25.0531 0860 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/05 11:37:25.0584 0860 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2011/06/05 11:37:25.0857 0860 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/05 11:37:26.0093 0860 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/06/05 11:37:26.0123 0860 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/06/05 11:37:26.0141 0860 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/05 11:37:26.0168 0860 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/05 11:37:26.0272 0860 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/05 11:37:26.0306 0860 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/06/05 11:37:26.0337 0860 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/06/05 11:37:26.0418 0860 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/05 11:37:26.0455 0860 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/05 11:37:26.0477 0860 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/05 11:37:26.0548 0860 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/05 11:37:26.0726 0860 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/05 11:37:26.0766 0860 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/05 11:37:26.0869 0860 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/05 11:37:26.0930 0860 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/05 11:37:27.0017 0860 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/05 11:37:27.0065 0860 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/05 11:37:27.0081 0860 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/05 11:37:27.0174 0860 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/05 11:37:27.0207 0860 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/05 11:37:27.0241 0860 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/05 11:37:27.0278 0860 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/05 11:37:27.0353 0860 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/05 11:37:27.0385 0860 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/05 11:37:27.0411 0860 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/05 11:37:27.0490 0860 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/05 11:37:27.0528 0860 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/05 11:37:27.0555 0860 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/06/05 11:37:27.0637 0860 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/06/05 11:37:27.0711 0860 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/05 11:37:27.0787 0860 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/05 11:37:27.0878 0860 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/05 11:37:27.0937 0860 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/05 11:37:28.0002 0860 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/05 11:37:28.0047 0860 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/05 11:37:28.0066 0860 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/05 11:37:28.0147 0860 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/05 11:37:28.0210 0860 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/05 11:37:28.0233 0860 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/05 11:37:28.0284 0860 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/05 11:37:28.0338 0860 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/05 11:37:28.0371 0860 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/05 11:37:28.0420 0860 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/05 11:37:28.0492 0860 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/05 11:37:28.0619 0860 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/06/05 11:37:28.0619 0860 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/06/05 11:37:28.0632 0860 sptd - detected LockedFile.Multi.Generic (1)
2011/06/05 11:37:28.0721 0860 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/06/05 11:37:28.0793 0860 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/05 11:37:28.0871 0860 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/05 11:37:28.0953 0860 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/05 11:37:29.0029 0860 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/05 11:37:29.0201 0860 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/06/05 11:37:29.0256 0860 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/05 11:37:29.0303 0860 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/05 11:37:29.0375 0860 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/05 11:37:29.0411 0860 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/05 11:37:29.0437 0860 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/05 11:37:29.0505 0860 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/05 11:37:29.0583 0860 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/05 11:37:29.0658 0860 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/05 11:37:29.0700 0860 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/05 11:37:29.0734 0860 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/05 11:37:29.0829 0860 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/05 11:37:29.0870 0860 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/05 11:37:29.0937 0860 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/05 11:37:29.0990 0860 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
2011/06/05 11:37:30.0085 0860 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/06/05 11:37:30.0133 0860 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/05 11:37:30.0215 0860 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/05 11:37:30.0254 0860 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/05 11:37:30.0330 0860 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/05 11:37:30.0351 0860 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/05 11:37:30.0435 0860 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/05 11:37:30.0467 0860 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/05 11:37:30.0496 0860 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/05 11:37:30.0609 0860 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/05 11:37:30.0691 0860 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/05 11:37:30.0762 0860 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/05 11:37:30.0804 0860 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/05 11:37:30.0882 0860 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/05 11:37:31.0008 0860 VIAHdAudAddService (db88ca4f876c7dcaeec29bab9e31ffc1) C:\Windows\system32\drivers\viahduaa.sys
2011/06/05 11:37:31.0068 0860 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/05 11:37:31.0137 0860 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/05 11:37:31.0172 0860 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/06/05 11:37:31.0214 0860 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/05 11:37:31.0285 0860 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/05 11:37:31.0318 0860 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/06/05 11:37:31.0357 0860 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/05 11:37:31.0426 0860 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/05 11:37:31.0455 0860 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/05 11:37:31.0537 0860 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/05 11:37:31.0614 0860 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/05 11:37:31.0762 0860 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/05 11:37:31.0800 0860 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/05 11:37:31.0921 0860 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/05 11:37:31.0980 0860 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/05 11:37:32.0075 0860 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/05 11:37:32.0152 0860 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/06/05 11:37:32.0236 0860 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/05 11:37:32.0308 0860 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/05 11:37:32.0316 0860 ================================================================================
2011/06/05 11:37:32.0316 0860 Scan finished
2011/06/05 11:37:32.0316 0860 ================================================================================
2011/06/05 11:37:32.0326 0900 Detected object count: 1
2011/06/05 11:37:32.0326 0900 Actual detected object count: 1
2011/06/05 11:37:38.0991 0900 LockedFile.Multi.Generic(sptd) - User select action: Skip

Re: Trojan:Win32/Alureon.EP removal help please6th June 2011, 8:34 pm

Hello.

Please download ComboFix Trojan:Win32/Alureon.EP removal help please - Page 1 Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Trojan:Win32/Alureon.EP removal help please - Page 1 DXwU4

Trojan:Win32/Alureon.EP removal help please - Page 1 DXwU4

Trojan:Win32/Alureon.EP removal help please - Page 1 VvYDg

Re: Trojan:Win32/Alureon.EP removal help please10th June 2011, 4:48 pm

ComboFix 11-06-10.05 - Ron 06/10/2011 12:30:32.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2966 [GMT -4:00]
Running from: c:\users\Ron\Desktop\commy.exe
Command switches used :: /stepdel
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ron\AppData\Roaming\Adobe\plugs
c:\users\Ron\AppData\Roaming\Adobe\shed
c:\users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
c:\users\Ron\AppData\Roaming\Adobe\shed\thr1.chm
c:\windows\system32\arp.exe . . . . Failed to delete
c:\windows\system32\ksuser.dll . . . . Failed to delete
c:\windows\system32\msconfig.exe . . . . Failed to delete
c:\windows\system32\slwga.dll . . . . Failed to delete
c:\windows\system32\systemcpl.dll . . . . Failed to delete
c:\windows\SysWow64\arp.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-10 to 2011-06-10 )))))))))))))))))))))))))))))))
.
.
2011-06-10 16:39 . 2011-06-10 16:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-05 15:16 . 2011-05-09 19:00 8718160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8DDD6207-7F78-4D71-A4C2-1D3939B8BA7C}\mpengine.dll
2011-05-20 18:09 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-20 18:09 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-20 15:20 . 2011-05-20 15:20 -------- d-----w- c:\program files (x86)\ESET
2011-05-20 14:31 . 2011-01-26 17:22 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A6F6144-455F-4E26-93E9-8049D0452A8E}\gapaengine.dll
2011-05-20 12:41 . 2011-05-20 12:41 -------- d-----w- c:\users\Ron\AppData\Roaming\Malwarebytes
2011-05-20 12:40 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-20 12:40 . 2011-05-20 12:40 -------- d-----w- c:\programdata\Malwarebytes
2011-05-20 12:40 . 2011-05-20 12:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-20 12:40 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-14 05:27 . 2011-05-14 05:27 -------- d-----w- c:\programdata\ATI
2011-05-14 05:26 . 2011-05-14 05:26 -------- d-----w- c:\program files\ATI Technologies
2011-05-11 17:46 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 17:46 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 17:46 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-09 19:00 . 2010-10-11 19:41 8718160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-20 02:44 . 2011-04-20 02:44 9319936 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-04-20 02:30 . 2011-04-20 02:30 22900736 ----a-w- c:\windows\system32\atio6axx.dll
2011-04-20 02:09 . 2011-04-20 02:09 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 02:09 . 2011-04-20 02:09 676864 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-04-20 02:07 . 2010-04-07 02:15 795648 ----a-w- c:\windows\system32\aticfx64.dll
2011-04-20 02:07 . 2011-04-20 02:07 17693184 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-04-20 02:05 . 2011-04-20 02:05 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:04 . 2011-04-20 02:04 480256 ----a-w- c:\windows\system32\atieclxx.exe
2011-04-20 02:04 . 2011-04-20 02:04 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-04-20 02:03 . 2011-04-20 02:03 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-04-20 02:02 . 2011-04-20 02:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-04-20 02:02 . 2011-04-20 02:02 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-04-20 02:02 . 2011-04-20 02:02 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-04-20 02:02 . 2011-04-20 02:02 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-04-20 02:02 . 2011-04-20 02:02 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-04-20 02:02 . 2011-04-20 02:02 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-04-20 01:59 . 2011-04-20 01:59 4161536 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-04-20 01:49 . 2010-04-07 01:54 4951552 ----a-w- c:\windows\system32\atidxx64.dll
2011-04-20 01:46 . 2011-04-20 01:46 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-04-20 01:46 . 2011-04-20 01:46 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-04-20 01:46 . 2011-04-20 01:46 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-04-20 01:46 . 2011-04-20 01:46 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-04-20 01:45 . 2011-04-20 01:45 7768064 ----a-w- c:\windows\system32\aticaldd64.dll
2011-04-20 01:42 . 2011-04-20 01:42 6389760 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-04-20 01:40 . 2011-04-20 01:40 1222656 ----a-w- c:\windows\system32\atiumd6v.dll
2011-04-20 01:40 . 2011-04-20 01:40 1923584 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-04-20 01:40 . 2011-04-20 01:40 3868672 ----a-w- c:\windows\system32\atiumd6a.dll
2011-04-20 01:38 . 2011-04-20 01:38 4286464 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-04-20 01:31 . 2011-04-20 01:31 5440000 ----a-w- c:\windows\system32\atiumd64.dll
2011-04-20 01:30 . 2011-04-20 01:30 4056576 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-04-20 01:27 . 2010-04-07 01:46 58880 ----a-w- c:\windows\system32\coinst.dll
2011-04-20 01:23 . 2011-04-20 01:23 366080 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:23 . 2011-04-20 01:23 262144 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-04-20 01:22 . 2011-04-20 01:22 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-04-20 01:22 . 2011-04-20 01:22 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 306176 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-04-20 01:21 . 2010-04-07 01:22 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-04-20 01:21 . 2011-04-20 01:21 31232 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-04-20 01:21 . 2011-04-20 01:21 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-04-20 01:21 . 2011-04-20 01:21 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-04-20 01:20 . 2011-04-20 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-20 01:13 . 2011-04-20 01:13 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-04-20 01:13 . 2011-04-20 01:13 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-04-14 01:59 . 2011-04-14 01:59 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-04-14 01:59 . 2011-04-14 01:59 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-04-14 01:58 . 2011-04-14 01:58 12385280 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-04-07 00:29 . 2011-04-07 00:29 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-04-07 00:29 . 2011-04-06 23:50 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-04-06 23:50 . 2011-04-06 23:50 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-04-06 02:09 . 2011-04-06 02:09 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-04-06 02:09 . 2011-04-06 02:09 53760 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-06 02:09 . 2011-04-06 02:09 16116224 ----a-w- c:\windows\system32\amdocl64.dll
2011-03-30 18:46 . 2011-03-30 18:46 114704 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2011-03-29 02:28 . 2011-03-29 02:28 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 2763776]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-20 365568]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\hm5l1lc5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2011-06-10 12:44:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-10 16:44
.
Pre-Run: 382,159,892,480 bytes free
Post-Run: 382,244,642,816 bytes free
.
- - End Of File - - 489679F116C98677D0B30FAB39DDFD1A

Re: Trojan:Win32/Alureon.EP removal help please10th June 2011, 7:18 pm

Looks like the same thing to me but here is the Combofix.txt

ComboFix 11-06-10.05 - Ron 06/10/2011 12:30:32.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2966 [GMT -4:00]
Running from: c:\users\Ron\Desktop\commy.exe
Command switches used :: /stepdel
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ron\AppData\Roaming\Adobe\plugs
c:\users\Ron\AppData\Roaming\Adobe\shed
c:\users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
c:\users\Ron\AppData\Roaming\Adobe\shed\thr1.chm
c:\windows\system32\arp.exe . . . . Failed to delete
c:\windows\system32\ksuser.dll . . . . Failed to delete
c:\windows\system32\msconfig.exe . . . . Failed to delete
c:\windows\system32\slwga.dll . . . . Failed to delete
c:\windows\system32\systemcpl.dll . . . . Failed to delete
c:\windows\SysWow64\arp.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-10 to 2011-06-10 )))))))))))))))))))))))))))))))
.
.
2011-06-10 16:39 . 2011-06-10 16:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-05 15:16 . 2011-05-09 19:00 8718160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8DDD6207-7F78-4D71-A4C2-1D3939B8BA7C}\mpengine.dll
2011-05-20 18:09 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-20 18:09 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-20 15:20 . 2011-05-20 15:20 -------- d-----w- c:\program files (x86)\ESET
2011-05-20 14:31 . 2011-01-26 17:22 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A6F6144-455F-4E26-93E9-8049D0452A8E}\gapaengine.dll
2011-05-20 12:41 . 2011-05-20 12:41 -------- d-----w- c:\users\Ron\AppData\Roaming\Malwarebytes
2011-05-20 12:40 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-20 12:40 . 2011-05-20 12:40 -------- d-----w- c:\programdata\Malwarebytes
2011-05-20 12:40 . 2011-05-20 12:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-20 12:40 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-14 05:27 . 2011-05-14 05:27 -------- d-----w- c:\programdata\ATI
2011-05-14 05:26 . 2011-05-14 05:26 -------- d-----w- c:\program files\ATI Technologies
2011-05-11 17:46 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 17:46 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 17:46 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-09 19:00 . 2010-10-11 19:41 8718160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-20 02:44 . 2011-04-20 02:44 9319936 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-04-20 02:30 . 2011-04-20 02:30 22900736 ----a-w- c:\windows\system32\atio6axx.dll
2011-04-20 02:09 . 2011-04-20 02:09 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 02:09 . 2011-04-20 02:09 676864 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-04-20 02:07 . 2010-04-07 02:15 795648 ----a-w- c:\windows\system32\aticfx64.dll
2011-04-20 02:07 . 2011-04-20 02:07 17693184 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-04-20 02:05 . 2011-04-20 02:05 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:04 . 2011-04-20 02:04 480256 ----a-w- c:\windows\system32\atieclxx.exe
2011-04-20 02:04 . 2011-04-20 02:04 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-04-20 02:03 . 2011-04-20 02:03 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-04-20 02:02 . 2011-04-20 02:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-04-20 02:02 . 2011-04-20 02:02 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-04-20 02:02 . 2011-04-20 02:02 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-04-20 02:02 . 2011-04-20 02:02 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-04-20 02:02 . 2011-04-20 02:02 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-04-20 02:02 . 2011-04-20 02:02 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-04-20 01:59 . 2011-04-20 01:59 4161536 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-04-20 01:49 . 2010-04-07 01:54 4951552 ----a-w- c:\windows\system32\atidxx64.dll
2011-04-20 01:46 . 2011-04-20 01:46 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-04-20 01:46 . 2011-04-20 01:46 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-04-20 01:46 . 2011-04-20 01:46 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-04-20 01:46 . 2011-04-20 01:46 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-04-20 01:45 . 2011-04-20 01:45 7768064 ----a-w- c:\windows\system32\aticaldd64.dll
2011-04-20 01:42 . 2011-04-20 01:42 6389760 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-04-20 01:40 . 2011-04-20 01:40 1222656 ----a-w- c:\windows\system32\atiumd6v.dll
2011-04-20 01:40 . 2011-04-20 01:40 1923584 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-04-20 01:40 . 2011-04-20 01:40 3868672 ----a-w- c:\windows\system32\atiumd6a.dll
2011-04-20 01:38 . 2011-04-20 01:38 4286464 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-04-20 01:31 . 2011-04-20 01:31 5440000 ----a-w- c:\windows\system32\atiumd64.dll
2011-04-20 01:30 . 2011-04-20 01:30 4056576 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-04-20 01:27 . 2010-04-07 01:46 58880 ----a-w- c:\windows\system32\coinst.dll
2011-04-20 01:23 . 2011-04-20 01:23 366080 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:23 . 2011-04-20 01:23 262144 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-04-20 01:22 . 2011-04-20 01:22 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-04-20 01:22 . 2011-04-20 01:22 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 306176 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-04-20 01:21 . 2010-04-07 01:22 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-04-20 01:21 . 2011-04-20 01:21 31232 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-04-20 01:21 . 2011-04-20 01:21 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-04-20 01:21 . 2011-04-20 01:21 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-04-20 01:20 . 2011-04-20 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-20 01:13 . 2011-04-20 01:13 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-04-20 01:13 . 2011-04-20 01:13 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-04-14 01:59 . 2011-04-14 01:59 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-04-14 01:59 . 2011-04-14 01:59 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-04-14 01:58 . 2011-04-14 01:58 12385280 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-04-07 00:29 . 2011-04-07 00:29 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-04-07 00:29 . 2011-04-06 23:50 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-04-06 23:50 . 2011-04-06 23:50 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-04-06 02:09 . 2011-04-06 02:09 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-04-06 02:09 . 2011-04-06 02:09 53760 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-06 02:09 . 2011-04-06 02:09 16116224 ----a-w- c:\windows\system32\amdocl64.dll
2011-03-30 18:46 . 2011-03-30 18:46 114704 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2011-03-29 02:28 . 2011-03-29 02:28 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 2763776]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-20 365568]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\hm5l1lc5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2011-06-10 12:44:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-10 16:44
.
Pre-Run: 382,159,892,480 bytes free
Post-Run: 382,244,642,816 bytes free
.
- - End Of File - - 489679F116C98677D0B30FAB39DDFD1A

Re: Trojan:Win32/Alureon.EP removal help please11th June 2011, 3:12 pm

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Taskman"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: Trojan:Win32/Alureon.EP removal help please12th June 2011, 1:02 am

ComboFix 11-06-10.05 - Ron 06/11/2011 19:11:44.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2730 [GMT -4:00]
Running from: c:\users\Ron\Desktop\commy.exe
Command switches used :: c:\users\Ron\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
.
.
2011-06-11 23:17 . 2011-06-11 23:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-11 17:40 . 2011-05-09 19:00 8718160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B0A43FC-7C56-47C4-934A-6CAD18CEAB6A}\mpengine.dll
2011-06-10 21:46 . 2011-06-10 21:46 -------- d-----w- c:\program files (x86)\Common Files\SourceTec
2011-05-20 18:09 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-20 18:09 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-20 15:20 . 2011-05-20 15:20 -------- d-----w- c:\program files (x86)\ESET
2011-05-20 14:31 . 2011-01-26 17:22 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A6F6144-455F-4E26-93E9-8049D0452A8E}\gapaengine.dll
2011-05-20 12:41 . 2011-05-20 12:41 -------- d-----w- c:\users\Ron\AppData\Roaming\Malwarebytes
2011-05-20 12:40 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-20 12:40 . 2011-05-20 12:40 -------- d-----w- c:\programdata\Malwarebytes
2011-05-20 12:40 . 2011-05-20 12:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-20 12:40 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-14 05:27 . 2011-05-14 05:27 -------- d-----w- c:\programdata\ATI
2011-05-14 05:26 . 2011-05-14 05:26 -------- d-----w- c:\program files\ATI Technologies
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-09 19:00 . 2010-10-11 19:41 8718160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-20 02:44 . 2011-04-20 02:44 9319936 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-04-20 02:30 . 2011-04-20 02:30 22900736 ----a-w- c:\windows\system32\atio6axx.dll
2011-04-20 02:09 . 2011-04-20 02:09 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 02:09 . 2011-04-20 02:09 676864 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-04-20 02:07 . 2010-04-07 02:15 795648 ----a-w- c:\windows\system32\aticfx64.dll
2011-04-20 02:07 . 2011-04-20 02:07 17693184 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-04-20 02:05 . 2011-04-20 02:05 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:04 . 2011-04-20 02:04 480256 ----a-w- c:\windows\system32\atieclxx.exe
2011-04-20 02:04 . 2011-04-20 02:04 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-04-20 02:03 . 2011-04-20 02:03 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-04-20 02:02 . 2011-04-20 02:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-04-20 02:02 . 2011-04-20 02:02 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-04-20 02:02 . 2011-04-20 02:02 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-04-20 02:02 . 2011-04-20 02:02 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-04-20 02:02 . 2011-04-20 02:02 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-04-20 02:02 . 2011-04-20 02:02 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-04-20 01:59 . 2011-04-20 01:59 4161536 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-04-20 01:49 . 2010-04-07 01:54 4951552 ----a-w- c:\windows\system32\atidxx64.dll
2011-04-20 01:46 . 2011-04-20 01:46 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-04-20 01:46 . 2011-04-20 01:46 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-04-20 01:46 . 2011-04-20 01:46 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-04-20 01:46 . 2011-04-20 01:46 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-04-20 01:45 . 2011-04-20 01:45 7768064 ----a-w- c:\windows\system32\aticaldd64.dll
2011-04-20 01:42 . 2011-04-20 01:42 6389760 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-04-20 01:40 . 2011-04-20 01:40 1222656 ----a-w- c:\windows\system32\atiumd6v.dll
2011-04-20 01:40 . 2011-04-20 01:40 1923584 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-04-20 01:40 . 2011-04-20 01:40 3868672 ----a-w- c:\windows\system32\atiumd6a.dll
2011-04-20 01:38 . 2011-04-20 01:38 4286464 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-04-20 01:31 . 2011-04-20 01:31 5440000 ----a-w- c:\windows\system32\atiumd64.dll
2011-04-20 01:30 . 2011-04-20 01:30 4056576 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-04-20 01:27 . 2010-04-07 01:46 58880 ----a-w- c:\windows\system32\coinst.dll
2011-04-20 01:23 . 2011-04-20 01:23 366080 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:23 . 2011-04-20 01:23 262144 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-04-20 01:22 . 2011-04-20 01:22 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-04-20 01:22 . 2011-04-20 01:22 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 306176 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-04-20 01:21 . 2010-04-07 01:22 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-04-20 01:21 . 2011-04-20 01:21 31232 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-04-20 01:21 . 2011-04-20 01:21 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-04-20 01:21 . 2011-04-20 01:21 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-04-20 01:20 . 2011-04-20 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-20 01:13 . 2011-04-20 01:13 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-04-20 01:13 . 2011-04-20 01:13 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-04-14 01:59 . 2011-04-14 01:59 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-04-14 01:59 . 2011-04-14 01:59 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-04-14 01:58 . 2011-04-14 01:58 12385280 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-04-09 06:45 . 2011-05-11 17:46 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 17:46 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 17:46 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-07 00:29 . 2011-04-07 00:29 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-04-07 00:29 . 2011-04-06 23:50 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-04-06 23:50 . 2011-04-06 23:50 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-04-06 02:09 . 2011-04-06 02:09 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-04-06 02:09 . 2011-04-06 02:09 53760 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-06 02:09 . 2011-04-06 02:09 16116224 ----a-w- c:\windows\system32\amdocl64.dll
2011-03-30 18:46 . 2011-03-30 18:46 114704 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2011-03-29 02:28 . 2011-03-29 02:28 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-10_16.41.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-06-11 04:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-06-09 04:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-06-11 04:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-09 04:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-09 04:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-06-11 04:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 05:10 . 2011-05-20 15:05 45108 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-06-10 16:42 45108 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-20 18:49 . 2011-06-10 16:42 16752 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2222643377-2805064991-2700677253-1001_UserData.bin
+ 2009-07-14 04:46 . 2011-06-10 16:48 79920 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-07-20 18:51 . 2011-06-10 16:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-20 18:51 . 2011-06-11 23:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-20 18:51 . 2011-06-11 23:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-20 18:51 . 2011-06-10 16:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-10 16:41 . 2011-06-10 16:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-11 23:18 . 2011-06-11 23:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-10 16:41 . 2011-06-10 16:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-11 23:18 . 2011-06-11 23:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-06-08 18:49 617222 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-06-10 16:45 617222 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-06-08 18:49 104496 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-06-10 16:45 104496 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-06-10 16:40 447380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-06-11 23:17 447380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-07-20 21:34 . 2011-06-11 23:17 448148 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2222643377-2805064991-2700677253-1001-8192.dat
- 2010-07-20 21:34 . 2011-06-10 16:40 448148 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2222643377-2805064991-2700677253-1001-8192.dat
- 2009-07-14 02:34 . 2011-06-10 16:38 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-06-11 17:51 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 2763776]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-20 365568]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\hm5l1lc5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2011-06-11 19:22:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-11 23:22
.
Pre-Run: 337,127,780,352 bytes free
Post-Run: 374,261,633,024 bytes free
.
- - End Of File - - A2D8068B40ED6881767D5300FBD81C04

Re: Trojan:Win32/Alureon.EP removal help please13th June 2011, 4:44 pm

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

Re: Trojan:Win32/Alureon.EP removal help please15th June 2011, 1:47 am

Ok so I ran the scan and it deleted 2 trojans (java variant I think and some other one) and I accidentally checked the uninstall program after finished so I lost the log. Now I am trying to run it again but I can't get past the accept terms page. Every time I try to continue it brings me to a blank page with an icon of a photo on the top left corner.

Re: Trojan:Win32/Alureon.EP removal help please15th June 2011, 6:21 pm

Ah nevermind then, how is the machine running now?

Re: Trojan:Win32/Alureon.EP removal help please15th June 2011, 10:03 pm

Well it seems to be running normally. I mean didn't have a problem with speed or anything so it's hard to notice. I was mostly worried about security but it seems to have worked. Thanks a lot I really appreciate you helping me out.

Trojan:Win32/Alureon.EP removal help please

descriptionRe: Trojan:Win32/Alureon.EP removal help please5th June 2011, 3:39 pm

descriptionRe: Trojan:Win32/Alureon.EP removal help please6th June 2011, 8:34 pm

descriptionRe: Trojan:Win32/Alureon.EP removal help please10th June 2011, 4:48 pm

descriptionRe: Trojan:Win32/Alureon.EP removal help please10th June 2011, 7:18 pm

descriptionRe: Trojan:Win32/Alureon.EP removal help please11th June 2011, 3:12 pm

descriptionRe: Trojan:Win32/Alureon.EP removal help please12th June 2011, 1:02 am

descriptionRe: Trojan:Win32/Alureon.EP removal help please13th June 2011, 4:44 pm

descriptionRe: Trojan:Win32/Alureon.EP removal help please15th June 2011, 1:47 am

descriptionRe: Trojan:Win32/Alureon.EP removal help please15th June 2011, 6:21 pm

descriptionRe: Trojan:Win32/Alureon.EP removal help please15th June 2011, 10:03 pm

descriptionRe: Trojan:Win32/Alureon.EP removal help please