Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32/Alureon.FE

Started by praxis85 , Jan 27 2012 07:32 PM

  • Please log in to reply

#1
praxis85
Posted 27 January 2012 - 07:32 PM

praxis85

    New Member

  • Member
  • Pip
  • 1 posts
Holy moly, I've never had an infection like this before!

I got bombarded with messages telling me my hard drive had been corrupted. I used microsoft security essentials, that did nothing, so I installed Malwarebytes which found and removed 8 threats. I still couldn't access any programs on my taskbar and was still getting messages about ram speed, my hard drive etc.

Thats when (on my other computer) I found the already existing thread from here http://www.geekstogo...-other-nasties/

I've run Combo-Fix exactly as this wonderful site instructs, it didn't detect anything but it did bring back SOME icons to my desktop and has got rid of the annoying pop-ups. (Although I have a new one now from Malwarebytes sayins "[Shell_NotifyIcon] Failed to perform desired action. Error Code: 5")

My main problem however is that none of my files seem to be accessible. I'm sure the files are still there because they show up on the scan, and the hard drive is pretty much as full as it usually is, but when I go into the folders the files don't appear.

Thanks very much for any advice or help you'd be able to give me.

My ComboFix report is;

ComboFix 12-01-27.04 - Caroline Butterwick 28/01/2012 1:15.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3071.2180 [GMT 0:00]
Running from: c:\users\Caroline Butterwick\Desktop\Combo-Fix.exe
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~bxCBAhOxEf38iX
c:\programdata\~bxCBAhOxEf38iXr
c:\programdata\~zArnP6ujckde9t
c:\programdata\~zArnP6ujckde9tr
c:\programdata\bxCBAhOxEf38iX
c:\programdata\zArnP6ujckde9t
c:\users\Caroline Butterwick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Caroline Butterwick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Caroline Butterwick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Caroline Butterwick\Desktop\System Check.lnk
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-28 )))))))))))))))))))))))))))))))
.
.
2012-01-28 00:02 . 2012-01-28 00:02 -------- d-----w- C:\temp
2012-01-28 00:01 . 2012-01-28 00:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-28 00:01 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-28 00:01 . 2012-01-28 00:01 -------- d-----w- c:\users\Caroline Butterwick\AppData\Local\Trend Micro
2012-01-27 23:50 . 2012-01-27 23:36 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-01-27 23:50 . 2012-01-27 23:36 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-01-27 23:50 . 2012-01-27 23:36 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-01-27 23:50 . 2012-01-27 23:36 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-01-27 23:49 . 2012-01-27 23:51 -------- d--h--w- c:\programdata\Trend Micro
2012-01-27 23:49 . 2012-01-27 23:49 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-01-27 23:34 . 2012-01-27 23:52 -------- d-----w- c:\program files\Trend Micro
2012-01-27 23:09 . 2012-01-27 23:09 -------- d--h--w- c:\users\Caroline Butterwick\AppData\Roaming\Malwarebytes
2012-01-27 23:09 . 2012-01-27 23:09 -------- d--h--w- c:\programdata\Malwarebytes
2012-01-27 23:04 . 2012-01-27 23:04 -------- d--h--w- c:\users\Caroline Butterwick\AppData\Roaming\Systweak
2012-01-27 23:04 . 2012-01-27 23:04 -------- d-----w- c:\program files\RegClean Pro
2012-01-18 20:23 . 2012-01-18 20:23 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-18 20:23 . 2012-01-18 20:23 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-18 20:23 . 2012-01-18 20:23 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-18 20:23 . 2012-01-18 20:23 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-17 18:13 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-17 18:13 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-17 18:13 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-17 18:13 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-17 18:13 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-17 18:13 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-17 18:13 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-17 18:13 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-17 18:13 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-17 18:13 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-11 12:18 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 12:18 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 12:18 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 12:18 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-08 16:36 . 2012-01-08 16:36 -------- d-----w- c:\windows\system32\SPReview
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-08 16:39 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-01-04 09:26 . 2010-09-09 15:58 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-27 14:16 . 2010-04-29 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-27 14:16 . 2010-04-29 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-24 04:25 . 2011-12-14 10:20 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:35 . 2011-12-14 10:20 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:26 . 2011-12-14 10:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 02:48 . 2011-12-14 10:20 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-01-18 20:23 . 2011-10-28 13:41 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dolphin USB Autostart"="c:\programdata\Dolphin\Dolphin Autostart.exe" [2010-04-30 106496]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-22 7514656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-11-27 273528]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-01-27 129304]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-05 1300672]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\users\Caroline Butterwick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Colour Explorer 9,0.lnk - c:\program files\MicrolinkPC\CXLOADER.exe [2010-9-21 72192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Action Express (OpticBook 3600).lnk - c:\program files\Plustek\OpticBook 3600\Am32Plus.exe [2010-9-21 143360]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TaskBar.vbs [2009-8-12 1797]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 Ai2Chroniker;Ai2Chroniker;c:\windows\system32\DRIVERS\Ai2Chroniker.sys [x]
R1 MpKsl0937d042;MpKsl0937d042;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56331053-A773-44EA-8564-A8A1ACB6C080}\MpKsl0937d042.sys [x]
R1 MpKsl8801e2ec;MpKsl8801e2ec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2B85FDB-BE35-488B-9633-8569B4055A41}\MpKsl8801e2ec.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-27 136176]
R3 Ai2Mmpd;Ai2Mmpd;c:\windows\system32\DRIVERS\Ai2Mmpd.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-27 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-18 1343400]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2012-01-27 68368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 DolphinCBarSrv2;Dolphin CBar Service 2;c:\windows\system32\dolsrvcbar2.exe [2010-05-11 274432]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-27 14:16]
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-27 14:16]
.
2012-01-27 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2012-01-27 11:52]
.
2012-01-27 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2012-01-27 11:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Caroline Butterwick\AppData\Roaming\Mozilla\Firefox\Profiles\taeh6aao.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-DolphinOceanicAccess - c:\program files\Dolphin\Lunpls1155\Lunpls.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-28 01:23:38
ComboFix-quarantined-files.txt 2012-01-28 01:23
.
Pre-Run: 26,693,574,656 bytes free
Post-Run: 26,689,273,856 bytes free
.
- - End Of File - - 9A725A52F3A4A36F3F58452B4A25EEDC
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP