Alina79

hopefully...thanks a lot for your help!

Ok, I tried but it doesn't work. Anyway in January a friend will reinstall Windows, for now I was hoping to get rid of this Alureon-K and navigate without those pages which keep opening...

doesn't seem to work...I've waited more than one hour and nothing happened (not even 3% done) after choosing Recovery console :-(

I just saw Recovery Console. I don't have the Windows CD, it was pre-installed and then a friend changed Windows 7 with XP. I confirm that I can't restart using the Start button, I can only press the ON/OFF button.

I guess...I don't remember if the name is exactly this one, I remembered smth like "Restart in the safe mode": is it the same?

I keep receiveing an error while trying to run combofix, I get kicked out from the Internet and I can't restart from the Start button

PS now I get again redirected to advertising pages...

DDS.txt: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30 Run by alina at 13:27:36 on 2011-12-25 Microsoft Windows XP Professional 5.1.2600.3.1252.39.1033.18.3039.2175 [GMT 1:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: AVG Firewall *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\wdm\STacSV.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Documents and Settings\alina\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Documents and Settings\alina\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\NOTEPAD.EXE . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.it/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [Malwarebytes' Anti-Malware] "c:\documents and settings\alina\desktop\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rocket~1.lnk - c:\program files\rocketdock\RocketDock.exe uPolicies-explorer: NoSMMyPictures = 1 (0x1) uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) dPolicies-explorer: NoSMMyPictures = 1 (0x1) dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{14907B65-BCB7-4DD0-8E47-0D98B740BD0A} : DhcpNameServer = 192.168.1.1 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\alina\application data\mozilla\firefox\profiles\5gon5um2.default\ FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . R0 iastor86;iastor86;c:\windows\system32\drivers\iastor86.sys [2010-2-11 327192] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-12-16 28552] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-1 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-1 314456] R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\astra32\astra32.sys [2007-2-22 30864] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-1 20568] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-1 44768] R2 MBAMService;MBAMService;c:\documents and settings\alina\desktop\malwarebytes' anti-malware\mbamservice.exe [2011-12-24 366152] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-5-25 113664] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-25 22216] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-3-11 58600] S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?] . =============== Created Last 30 ================ . 2011-12-25 11:47:33 -------- d-----w- c:\program files\ESET 2011-12-24 17:37:20 -------- d-sha-r- C:\cmdcons 2011-12-24 17:29:06 98816 ----a-w- c:\windows\sed.exe 2011-12-24 17:29:06 518144 ----a-w- c:\windows\SWREG.exe 2011-12-24 17:29:06 256000 ----a-w- c:\windows\PEV.exe 2011-12-24 17:29:06 208896 ----a-w- c:\windows\MBR.exe 2011-12-24 17:27:33 -------- d-----w- C:\ComboFix 2011-12-22 08:41:52 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP 2011-12-22 08:39:01 -------- d-----w- c:\documents and settings\alina\local settings\application data\Threat Expert 2011-12-22 07:52:35 -------- d-----w- c:\program files\PC Tools 2011-12-22 07:48:41 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2011-12-22 07:48:30 -------- d-----w- c:\program files\common files\PC Tools 2011-12-22 07:47:23 -------- d-----w- c:\documents and settings\all users\application data\PC Tools 2011-12-22 07:47:22 -------- d-----w- c:\documents and settings\alina\application data\TestApp 2011-12-21 22:57:06 -------- d-----w- C:\sh4ldr 2011-12-21 22:57:06 -------- d-----w- c:\program files\Enigma Software Group 2011-12-21 22:56:20 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2011-12-21 21:45:37 -------- d-----w- c:\documents and settings\alina\application data\AVG2012 2011-12-21 21:45:21 -------- d--h--w- c:\documents and settings\all users\application data\Common Files 2011-12-21 21:44:32 -------- d-----w- c:\documents and settings\all users\application data\AVG2012 2011-12-21 21:43:53 -------- d-----w- c:\program files\AVG 2011-12-15 23:16:39 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2011-12-15 23:16:17 -------- d-----w- c:\program files\Panda Security 2011-12-15 22:54:26 -------- dc-h--w- c:\windows\ie8 2011-12-15 22:51:55 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2011-11-28 10:12:45 -------- d-----w- c:\documents and settings\alina\local settings\application data\PCHealth 2011-11-27 10:15:06 -------- d-----w- c:\windows\system32\XPSViewer 2011-11-27 10:14:47 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll 2011-11-27 10:14:39 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2011-11-27 10:14:39 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2011-11-27 10:14:39 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2011-11-27 10:14:39 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2011-11-27 10:14:39 575488 ------w- c:\windows\system32\xpsshhdr.dll 2011-11-27 10:14:39 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2011-11-27 10:14:39 1676288 ------w- c:\windows\system32\xpssvcs.dll 2011-11-27 10:14:39 117760 ------w- c:\windows\system32\prntvpt.dll . ==================== Find3M ==================== . 2011-12-13 17:47:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-10 04:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-10 02:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec 2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll . ============= FINISH: 13.35.05,58 ===============

ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=acf4184e82e1ea4987b867e3ed772be0 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-12-25 12:22:01 # local_time=2011-12-25 01:22:01 (+0100, Central European Standard Time) # country="Italy" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=768 16777215 100 0 34866560 34866560 0 0 # compatibility_mode=8192 67108863 100 0 240 240 0 0 # scanned=49761 # found=0 # cleaned=0 # scan_time=1828

hello again, now the computer works a lot better but after a boot time scan with Avast, the Alureon-K [Rtk] was still there, just as before

bye bye and good night from Milan, Italy :-)

thank you thank you thank you!!! (I have the strange feeling you gave me the first Christmas gift) Merry Christmas, you were very very helpful and patient!!! Alina

Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 911122405 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 25/12/2011 2.20.54 mbam-log-2011-12-25 (02-20-54).txt Scan type: Quick scan Objects scanned: 185878 Time elapsed: 2 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

it seems that I'm not getting redirected anymore to advertising pages...but I'd need more time to surf and then be sure :-) do u still need the MBAM scan? quick or complete? Can I do smth else while scanning with MBAM?

Farbar Service Scanner Ran by alina (administrator) on 25-12-2011 at 02:09:00 Microsoft Windows XP Professional Service Pack 3 (X86) **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Yahoo IP is accessible. File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= aswTdi(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) WSIMD(8) 0x0B00000004000000010000000200000003000000090000000A0000000B00000005000000060000000700000008000000 **** End of log ****