neoraido
-
Posts
2 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by neoraido
-
-
Hello,
I have a PC that is running Windows Vista that is infected with a Alureon-K rootkit on it that I have been unable to remove. I would appreciate any help you can give.
DDS
---------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000
Run by user at 23:45:52 on 2012-03-16
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1806 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [isCfgWiz] "c:\program files\common files\symantec shared\opc\{c86ea115-facd-4aa8-bfa2-398c677d0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-16 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-16 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-16 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-3-16 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-16 44768]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-25 149864]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-16 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-16 20464]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-2-23 1245064]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20070823.002\IDSvix86.sys [2008-2-23 180272]
.
=============== Created Last 30 ================
.
2012-03-16 17:23:17 -------- d-----w- c:\users\user\appdata\local\temp
2012-03-16 17:22:31 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-16 15:15:41 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2012-03-16 15:15:33 -------- d-----w- c:\programdata\Malwarebytes
2012-03-16 15:15:32 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 15:15:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-16 14:21:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-16 13:47:51 98816 ----a-w- c:\windows\sed.exe
2012-03-16 13:47:51 518144 ----a-w- c:\windows\SWREG.exe
2012-03-16 13:47:51 256000 ----a-w- c:\windows\PEV.exe
2012-03-16 13:47:51 208896 ----a-w- c:\windows\MBR.exe
2012-03-16 07:54:10 80896 ----a-w- c:\windows\system32\MSNP.ax
2012-03-16 07:54:10 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-03-16 07:54:03 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-03-16 07:54:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-03-16 07:43:02 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
2012-03-16 07:24:08 97800 ----a-w- c:\windows\system32\infocardapi.dll
2012-03-16 07:24:06 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2012-03-16 07:24:03 622080 ----a-w- c:\windows\system32\icardagt.exe
2012-03-16 07:24:03 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2012-03-16 07:24:02 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-03-16 07:24:02 11264 ----a-w- c:\windows\system32\icardres.dll
2012-03-16 07:23:57 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2012-03-16 07:23:49 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2012-03-16 07:15:53 96760 ----a-w- c:\windows\system32\dfshim.dll
2012-03-16 07:15:47 282112 ----a-w- c:\windows\system32\mscoree.dll
2012-03-16 07:15:46 41984 ----a-w- c:\windows\system32\netfxperf.dll
2012-03-16 07:15:28 158720 ----a-w- c:\windows\system32\mscorier.dll
2012-03-16 07:15:18 83968 ----a-w- c:\windows\system32\mscories.dll
2012-03-16 07:11:28 24064 ----a-w- c:\windows\system32\nshhttp.dll
2012-03-16 07:11:22 411136 ----a-w- c:\windows\system32\drivers\http.sys
2012-03-16 07:11:21 31232 ----a-w- c:\windows\system32\httpapi.dll
2012-03-16 07:07:25 -------- d-----w- c:\program files\MSXML 4.0
2012-03-16 06:52:28 67072 ----a-w- c:\windows\system32\asycfilt.dll
2012-03-16 06:52:26 71680 ----a-w- c:\windows\system32\atl.dll
2012-03-16 06:52:19 1399296 ----a-w- c:\windows\system32\msxml6.dll
2012-03-16 06:52:15 501760 ----a-w- c:\windows\system32\usp10.dll
2012-03-16 06:52:13 66048 ----a-w- c:\program files\windows mail\wabmig.exe
2012-03-16 06:52:13 515584 ----a-w- c:\program files\windows mail\wab.exe
2012-03-16 06:52:12 33280 ----a-w- c:\program files\windows mail\wabfind.dll
2012-03-16 06:52:03 72704 ----a-w- c:\windows\system32\fontsub.dll
2012-03-16 06:52:03 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-03-16 06:52:03 292864 ----a-w- c:\windows\system32\atmfd.dll
2012-03-16 06:52:03 10240 ----a-w- c:\windows\system32\dciman32.dll
2012-03-16 06:52:00 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2012-03-16 06:51:55 409600 ----a-w- c:\windows\system32\odbc32.dll
2012-03-16 06:51:54 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-03-16 06:51:54 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2012-03-16 06:51:53 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2012-03-16 06:51:53 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2012-03-16 06:51:53 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2012-03-16 06:51:48 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2012-03-16 06:48:56 1136640 ----a-w- c:\windows\system32\mfc42.dll
2012-03-16 06:47:55 160256 ----a-w- c:\windows\system32\wkssvc.dll
2012-03-16 06:47:47 1315840 ----a-w- c:\windows\system32\ole32.dll
2012-03-16 06:47:46 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2012-03-16 06:47:39 296960 ----a-w- c:\windows\system32\gdi32.dll
2012-03-16 06:47:31 126464 ----a-w- c:\windows\system32\spoolsv.exe
2012-03-16 06:47:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2012-03-16 06:47:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2012-03-16 06:47:21 1257472 ----a-w- c:\windows\system32\msxml3.dll
2012-03-16 06:47:15 157184 ----a-w- c:\windows\system32\t2embed.dll
2012-03-16 06:47:05 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2012-03-16 06:47:03 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2012-03-16 06:46:51 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-16 06:46:47 269312 ----a-w- c:\windows\system32\es.dll
2012-03-16 06:46:43 1169408 ----a-w- c:\windows\system32\sdclt.exe
2012-03-16 06:46:35 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2012-03-16 06:46:32 766464 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2012-03-16 06:46:29 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-03-16 06:46:28 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-03-16 06:46:08 714240 ----a-w- c:\windows\system32\timedate.cpl
2012-03-16 06:45:55 430080 ----a-w- c:\windows\system32\vbscript.dll
2012-03-16 06:45:47 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2012-03-16 06:45:31 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-03-16 06:45:07 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{dfb61f07-218b-4339-b0ff-4cf41a39024b}\mpengine.dll
2012-03-16 06:44:59 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-16 06:44:30 636928 ----a-w- c:\windows\system32\localspl.dll
2012-03-16 06:44:21 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2012-03-16 06:44:18 954752 ----a-w- c:\windows\system32\mfc40.dll
2012-03-16 06:44:17 954288 ----a-w- c:\windows\system32\mfc40u.dll
2012-03-16 06:44:10 36352 ----a-w- c:\windows\system32\rtutils.dll
2012-03-16 06:44:01 2927104 ----a-w- c:\windows\explorer.exe
2012-03-16 06:43:50 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-03-16 06:43:49 1695744 ----a-w- c:\windows\system32\gameux.dll
2012-03-16 06:43:46 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-03-16 06:43:41 171520 ----a-w- c:\windows\system32\wintrust.dll
2012-03-16 06:43:34 499712 ----a-w- c:\windows\system32\kerberos.dll
2012-03-16 06:43:33 175104 ----a-w- c:\windows\system32\wdigest.dll
2012-03-16 06:43:32 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2012-03-16 06:43:31 72704 ----a-w- c:\windows\system32\secur32.dll
2012-03-16 06:43:31 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-03-16 06:43:30 9728 ----a-w- c:\windows\system32\lsass.exe
2012-03-16 06:42:51 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2012-03-16 06:42:47 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2012-03-16 06:42:24 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2012-03-16 06:38:58 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-03-16 06:37:48 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2012-03-16 06:37:43 43520 ----a-w- c:\windows\system32\msdxm.tlb
2012-03-16 06:37:43 18432 ----a-w- c:\windows\system32\amcompat.tlb
2012-03-16 06:36:20 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-03-16 06:36:20 511488 ----a-w- c:\windows\system32\RMActivate.exe
2012-03-16 06:36:19 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2012-03-16 06:36:19 472064 ----a-w- c:\windows\system32\secproc.dll
2012-03-16 06:36:19 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-03-16 06:36:19 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-03-16 06:36:17 329216 ----a-w- c:\windows\system32\msdrm.dll
2012-03-16 06:36:17 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-03-16 06:36:17 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-03-16 06:35:40 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-16 06:35:34 135168 ----a-w- c:\windows\system32\wshom.ocx
2012-03-16 06:35:33 90112 ----a-w- c:\windows\system32\wshext.dll
2012-03-16 06:35:33 155648 ----a-w- c:\windows\system32\wscript.exe
2012-03-16 06:35:33 135168 ----a-w- c:\windows\system32\cscript.exe
2012-03-16 06:35:32 180224 ----a-w- c:\windows\system32\scrobj.dll
2012-03-16 06:35:32 172032 ----a-w- c:\windows\system32\scrrun.dll
2012-03-16 06:34:30 1645568 ----a-w- c:\windows\system32\connect.dll
2012-03-16 06:34:22 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2012-03-16 06:34:22 94720 ----a-w- c:\windows\system32\logagent.exe
2012-03-16 06:34:17 2067456 ----a-w- c:\windows\system32\mstscax.dll
2012-03-16 06:34:16 677888 ----a-w- c:\windows\system32\mstsc.exe
2012-03-16 06:34:10 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-03-16 06:34:10 375808 ----a-w- c:\windows\system32\winsrv.dll
2012-03-16 06:34:08 61440 ----a-w- c:\windows\system32\msasn1.dll
2012-03-16 06:34:02 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2012-03-16 06:31:21 -------- d-----w- c:\users\user\appdata\local\Hewlett-Packard
2012-03-16 05:53:33 -------- d-----w- c:\programdata\LightScribe
2012-03-16 05:51:39 310784 ----a-w- c:\windows\system32\unregmp2.exe
2012-03-16 05:51:39 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2012-03-16 05:51:36 7680 ----a-w- c:\windows\system32\spwmp.dll
2012-03-16 05:51:36 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2012-03-16 05:51:35 4096 ----a-w- c:\windows\system32\msdxm.ocx
2012-03-16 05:51:35 4096 ----a-w- c:\windows\system32\dxmasf.dll
2012-03-16 05:51:35 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2012-03-16 05:51:35 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2012-03-16 05:51:33 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2012-03-16 05:51:11 276992 ----a-w- c:\windows\system32\schannel.dll
2012-03-16 05:50:22 98304 ----a-w- c:\windows\system32\cabview.dll
2012-03-16 05:46:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-16 05:46:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-16 05:44:44 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-16 05:44:43 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-16 05:44:03 41184 ----a-w- c:\windows\avastSS.scr
2012-03-16 05:43:36 -------- d-----w- c:\programdata\AVAST Software
2012-03-16 05:43:36 -------- d-----w- c:\program files\AVAST Software
2012-03-16 05:40:21 2421760 ----a-w- c:\windows\system32\wucltux.dll
2012-03-16 05:40:11 87552 ----a-w- c:\windows\system32\wudriver.dll
2012-03-16 05:40:06 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-03-16 05:40:06 171608 ----a-w- c:\windows\system32\wuwebv.dll
2012-03-16 04:24:25 -------- d-----w- c:\users\user\appdata\roaming\Symantec
2012-03-16 04:24:21 -------- d-----w- c:\users\user\appdata\local\QuickPlay
2012-03-16 04:20:55 -------- d-----w- c:\programdata\Electronic Arts
2012-03-16 04:20:51 -------- d-----w- c:\users\user\appdata\local\Downloaded Installations
2012-03-16 04:16:00 -------- d-----w- c:\users\user\appdata\local\VirtualStore
2012-03-16 04:08:07 -------- d-sh--we C:\Documents and Settings
.
==================== Find3M ====================
.
.
============= FINISH: 23:46:32.17 ===============
Attach.txt
--------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/23/2008 5:31:27 AM
System Uptime: 3/16/2012 11:08:03 PM (0 hours ago)
.
Motherboard: Wistron | | 30CD
Processor: Intel® Core2 Duo CPU T5550 @ 1.83GHz | U2E1 | 1833/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 186.112 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.784 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP7: 3/16/2012 12:21:54 AM - First_User_Boot
RP8: 3/16/2012 1:39:58 AM - Windows Update
RP9: 3/16/2012 1:43:25 AM - avast! Free Antivirus Setup
RP10: 3/16/2012 2:43:45 AM - Windows Update
RP11: 3/16/2012 3:00:33 AM - Windows Update
RP12: 3/16/2012 10:22:05 AM - Windows Update
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player ActiveX
Adobe Reader 8.1.0
Adobe Shockwave Player
AIM 6
AppCore
avast! Free Antivirus
Cards_Calendar_OrderGift_DoMorePlugout
ccCommon
Compatibility Pack for the 2007 Office system
Component Framework
Conexant HD Audio
CyberLink YouCam
DVD Suite
EA Link
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing
HP Total Care Advisor
HP Update
HP User Guides 0090
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
Intel® Graphics Media Accelerator Driver
Java 6 Update 2
LabelPrint
LightScribe System Software 1.10.13.1
LiveUpdate (Symantec Corporation)
Malwarebytes Anti-Malware version 1.60.1.1000
Marvell Miniport Driver
Microsoft .NET Framework 3.5 SP1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
NetWaiting
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
Power2Go
PowerDirector
PSSWCORE
QuickPlay SlingPlayer 0.4.6
Recuva
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Slingbox Flash Tour
SlingPlayer
SPBBC 32bit
Spybot - Search & Destroy
Symantec Real Time Storage Protection Component
SymNet
The Sims™ Life Stories
Touch Pad Driver
Update for Office 2007 (KB934528)
VideoToolkit01
Viewpoint Media Player
WeatherBug Gadget
.
==== Event Viewer Messages From Past Week ========
.
3/16/2012 2:29:10 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-tw-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-hk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-cn-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-uk-ua-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-tr-tr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-th-th-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sv-se-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sr-latn-cs-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sl-si-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sk-sk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ru-ru-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ro-ro-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-pt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-br-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ps-ps-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pl-pl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nl-nl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-Neutral from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nb-no-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lv-lv-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lt-lt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ko-kr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ja-jp-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-it-it-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hu-hu-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hr-hr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-he-il-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fr-fr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fi-fi-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-et-ee-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-es-es-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP from package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP(Feature Pack) into Staged(Staged) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-el-gr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-de-de-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-da-dk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-cs-cz-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-bg-bg-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ar-sa-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxResourcesLP from package WindowsUpdateClient-SelfUpdate-Aux-Package(Language Pack) into Staged(Staged) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxComp from package WindowsUpdateClient-SelfUpdate-Aux-Package(Update) into Staged(Staged) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP (Feature Pack) into Install Requested(Install Requested) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Update) into Install Requested(Install Requested) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Language Pack) into Install Requested(Install Requested) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Install Requested(Install Requested) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package (Update) into Install Requested(Install Requested) state
3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KBWUClient-SelfUpdate-Aux (Feature Pack) into Install Requested(Install Requested) state
.
==== End Of File ===========================
Help With Alureon-K Rootkit
in Resolved Malware Removal Logs
Posted
Hello and thank you very much for getting back to me. I am very sorry that it has taken so long for me to reply, but I must have screwed up the "e-mail me" setting or something.
Unfortunately, this weekend is going to be very hectic for me, but I will run the additional scan and post it as soon as I can. Thank you for your patience and assistance.