Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

alureon.h virus

(In Progress)
(!)

link2998's Avatar
link2998 link2998 is offline
Member with 59 posts.
THREAD STARTER
 
Join Date: Sep 2010
14-Sep-2010, 06:46 PM #16
alureon.h virus
I get the same error.
emeraldnzl's Avatar
Computer Specs
Malware Removal Specialist with 2,304 posts.
 
Join Date: Nov 2007
Location: Auckland,N.Z.
14-Sep-2010, 06:51 PM #17
Time to try something else.

Please run a free online scan with the ESET Online Scanner
Note: ESET was designed to run with Internet Explorer, compatibility with other browsers has been added recently but if you find difficulty, go to using Internet Explorer
  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Click Start and if your security program asks you if you want to allow the program, click yes.
  • If you anti-virus is active you may see a panel appear warning you that this may affect performance. Disabling the programs listed may speed things along.
  • Make sure that the options Remove found threats and Scan archives are checked (do not worry about advanced settings)
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt (open Notepad > File > Open and navigate to the log.txt)
  • Copy and paste that log as a reply to this topic
link2998's Avatar
link2998 link2998 is offline
Member with 59 posts.
THREAD STARTER
 
Join Date: Sep 2010
14-Sep-2010, 08:25 PM #18
alureon.h virus
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=fe46dee2feb7564fae9fca6c3a69f676
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-15 12:28:44
# local_time=2010-09-14 08:28:44 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1029 16777214 0 1 29377214 29377214 0 0
# compatibility_mode=5892 16776574 100 100 19358615 121112953 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=204890
# found=2
# cleaned=2
# scan_time=5099
C:\Program Files\RegistryFix8\RegFix8.exe Win32/Adware.ErrorClean application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\AscConTest.dll Win32/Adware.Ascentive application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
emeraldnzl's Avatar
Computer Specs
Malware Removal Specialist with 2,304 posts.
 
Join Date: Nov 2007
Location: Auckland,N.Z.
14-Sep-2010, 09:07 PM #19
Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Quote:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
link2998's Avatar
link2998 link2998 is offline
Member with 59 posts.
THREAD STARTER
 
Join Date: Sep 2010
14-Sep-2010, 09:10 PM #20
alureon.h virus
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ACER
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ACER
System Product Name: Aspire M1641
Logical Drives Mask: 0x000001fc
Kernel Drivers (total 155):
0x82413000 \SystemRoot\system32\ntkrnlpa.exe
0x827CC000 \SystemRoot\system32\hal.dll
0x80603000 \SystemRoot\system32\kdcom.dll
0x8060A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067A000 \SystemRoot\system32\PSHED.dll
0x8068B000 \SystemRoot\system32\BOOTVID.dll
0x80693000 \SystemRoot\system32\CLFS.SYS
0x806D4000 \SystemRoot\system32\CI.dll
0x82A09000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82A85000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82A92000 \SystemRoot\System32\Drivers\spzo.sys
0x82B93000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x82B9C000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807B4000 \SystemRoot\system32\drivers\acpi.sys
0x82BC2000 \SystemRoot\system32\drivers\msisadrv.sys
0x82BCA000 \SystemRoot\system32\drivers\pci.sys
0x82BF1000 \SystemRoot\System32\drivers\partmgr.sys
0x83008000 \SystemRoot\system32\drivers\volmgr.sys
0x83017000 \SystemRoot\System32\drivers\volmgrx.sys
0x83061000 \SystemRoot\system32\drivers\nvrd32.sys
0x83085000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x830A6000 \SystemRoot\system32\drivers\pciide.sys
0x830AD000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x830BB000 \SystemRoot\System32\drivers\mountmgr.sys
0x830CB000 \SystemRoot\system32\drivers\nvraid.sys
0x830E6000 \SystemRoot\system32\drivers\atapi.kav
0x830EE000 \SystemRoot\system32\drivers\ataport.SYS
0x8310C000 \SystemRoot\system32\drivers\nvstor32.sys
0x83131000 \SystemRoot\system32\drivers\storport.sys
0x83172000 \SystemRoot\system32\drivers\fltmgr.sys
0x831A4000 \SystemRoot\system32\drivers\fileinfo.sys
0x831B4000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8320F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x83280000 \SystemRoot\system32\drivers\ndis.sys
0x8338B000 \SystemRoot\system32\drivers\msrpc.sys
0x833B6000 \SystemRoot\system32\drivers\NETIO.SYS
0x87C0B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87D1B000 \SystemRoot\SYSTEM32\DRIVERS\WD.SYS
0x87D23000 \SystemRoot\system32\drivers\volsnap.sys
0x87D5C000 \SystemRoot\System32\Drivers\spldr.sys
0x87D64000 \SystemRoot\System32\Drivers\mup.sys
0x87D73000 \SystemRoot\System32\drivers\ecache.sys
0x87D9A000 \SystemRoot\system32\drivers\disk.sys
0x87DAB000 \SystemRoot\system32\drivers\crcdisk.sys
0x87DB4000 \SystemRoot\system32\DRIVERS\28279082.sys
0x87C00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x833F1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x83200000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x831BD000 \SystemRoot\system32\DRIVERS\serial.sys
0x831D7000 \SystemRoot\system32\DRIVERS\serenum.sys
0x831E1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x831F4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x87DFD000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8C004000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8C00E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C04C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C05B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C0E8000 \SystemRoot\system32\DRIVERS\smserial.sys
0x8C801000 \SystemRoot\system32\drivers\modem.sys
0x8C80E000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8C81E000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8C82C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C844000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8C846000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8C84C000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8CA0C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8D48A000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8D48C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D52D000 \SystemRoot\System32\drivers\watchdog.sys
0x8D539000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8D542000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D571000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D57C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D593000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D59E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8D5C1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D5D0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8D5E4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C94C000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CA00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D5F9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C95C000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C986000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C990000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C99D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C9D2000 \SystemRoot\system32\drivers\MODEMCSA.sys
0x8C9DC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D603000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8D804000 \SystemRoot\system32\drivers\portcls.sys
0x8D831000 \SystemRoot\system32\drivers\drmk.sys
0x8D856000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8D879000 \SystemRoot\system32\DRIVERS\2827908.sys
0x8D8C9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D8D2000 \SystemRoot\System32\Drivers\Null.SYS
0x8D8D9000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D8E9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8D8F0000 \SystemRoot\System32\drivers\vga.sys
0x8D8FC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D91D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D925000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8D93A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D93C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D944000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D94F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D95D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8DC0F000 \SystemRoot\System32\drivers\tcpip.sys
0x8DCF9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8DD14000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8DD2A000 \SystemRoot\system32\DRIVERS\smb.sys
0x8DD3E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8DD70000 \SystemRoot\system32\drivers\afd.sys
0x8DDB8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8DDCE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8DDDC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D966000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8DDEF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D9A2000 \SystemRoot\System32\Drivers\dfsc.sys
0x8DE03000 \SystemRoot\system32\DRIVERS\28279081.sys
0x8E323000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8E33A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8E343000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8E353000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8E35C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8E369000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8E373000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x95E90000 \SystemRoot\System32\win32k.sys
0x8E398000 \SystemRoot\System32\drivers\Dxapi.sys
0x8E3A2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x960B0000 \SystemRoot\System32\TSDDD.dll
0x960D0000 \SystemRoot\System32\cdd.dll
0x8E3B1000 \SystemRoot\system32\drivers\luafv.sys
0x81E09000 \SystemRoot\system32\drivers\spsys.sys
0x81EB9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x81EC9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x81EDC000 \SystemRoot\system32\drivers\HTTP.sys
0x81F49000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x81F66000 \SystemRoot\system32\DRIVERS\bowser.sys
0x81F7F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x81F94000 \SystemRoot\system32\drivers\mrxdav.sys
0x81FB5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8D9B9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x81FD4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8E3CC000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9B605000 \SystemRoot\System32\DRIVERS\srv.sys
0x9B653000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0x9B65A000 \SystemRoot\system32\drivers\peauth.sys
0x9B738000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0x9B741000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0x9B753000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9B75D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9B769000 \??\C:\Windows\system32\drivers\tvicport.sys
0x9B76C000 \??\C:\Program Files\Free Ride Games\X4HS32Ex.Sys
0x9B77C000 \??\C:\Windows\system32\drivers\zntport.sys
0x9B77D000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77860000 \Windows\System32\ntdll.dll
Processes (total 71):
0 System Idle Process
4 System
464 C:\Windows\System32\smss.exe
532 csrss.exe
584 C:\Windows\System32\wininit.exe
596 csrss.exe
628 C:\Windows\System32\services.exe
640 C:\Windows\System32\lsass.exe
652 C:\Windows\System32\lsm.exe
728 C:\Windows\System32\winlogon.exe
840 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\nvvsvc.exe
916 C:\Windows\System32\svchost.exe
952 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1148 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\svchost.exe
1296 C:\Windows\System32\audiodg.exe
1320 C:\Windows\System32\svchost.exe
1340 C:\Windows\System32\SLsvc.exe
1380 C:\Windows\System32\svchost.exe
1464 C:\Windows\System32\nvvsvc.exe
1600 C:\Windows\System32\svchost.exe
1776 C:\Windows\System32\spoolsv.exe
1804 C:\Windows\System32\svchost.exe
296 C:\Windows\System32\dwm.exe
312 C:\Windows\System32\taskeng.exe
452 C:\Windows\explorer.exe
1068 C:\Windows\System32\taskeng.exe
912 C:\Windows\RtHDVCpl.exe
1092 C:\Acer\Empowering Technology\SysMonitor.exe
1096 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
2020 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
2068 C:\Windows\System32\nvraidservice.exe
2132 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2156 C:\Program Files\iTunes\iTunesHelper.exe
2164 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2184 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
2200 C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
2252 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2272 C:\Program Files\Bonjour\mDNSResponder.exe
2340 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
2524 C:\Program Files\Microsoft Security Essentials\msseces.exe
2616 C:\Program Files\Windows Sidebar\sidebar.exe
2668 C:\Windows\ehome\ehtray.exe
2684 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
2720 C:\Program Files\Skype\Phone\Skype.exe
2828 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2888 C:\Program Files\Common Files\Motive\McciCMService.exe
3004 C:\Windows\System32\svchost.exe
3056 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
3092 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3160 C:\Windows\System32\svchost.exe
3220 C:\Windows\System32\svchost.exe
3252 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3316 C:\Windows\System32\SearchIndexer.exe
3376 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3444 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
3528 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
3840 WmiPrvSE.exe
3888 C:\Windows\ehome\ehmsas.exe
2024 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2968 WmiPrvSE.exe
4032 C:\Program Files\iPod\bin\iPodService.exe
2092 C:\Windows\System32\wbem\unsecapp.exe
5164 C:\Program Files\Skype\Plugin Manager\skypePM.exe
5484 C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
5356 C:\Windows\System32\wuauclt.exe
5284 C:\Windows\System32\SearchProtocolHost.exe
1356 C:\Windows\System32\SearchFilterHost.exe
4184 C:\Users\Administrator\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`e2200000 (NTFS)
PhysicalDrive0 Model Number: WDC WD1600AAJS-22WAA, Rev: 58.0
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: FE9DEC202C68225A60BA224B3417475E24A6D7EA

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
emeraldnzl's Avatar
Computer Specs
Malware Removal Specialist with 2,304 posts.
 
Join Date: Nov 2007
Location: Auckland,N.Z.
14-Sep-2010, 10:03 PM #21
Run MBRCheck and this time when finished

Enter 'Y' and hit ENTER

Select [3] Windows Vista

Type 'YES' and hit ENTER to continue: Successfully wrote new MBR code!

Please reboot your computer to complete the fix.

After that

See if you can run OTL.
  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.
link2998's Avatar
link2998 link2998 is offline
Member with 59 posts.
THREAD STARTER
 
Join Date: Sep 2010
14-Sep-2010, 10:22 PM #22
alureon.h
mbrcheck didn't give me option [3] windows vista. Instead I got:

"options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:"

so I had to chose 3

heres the log:

MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ACER
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ACER
System Product Name: Aspire M1641
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 155):
0x82413000 \SystemRoot\system32\ntkrnlpa.exe
0x827CC000 \SystemRoot\system32\hal.dll
0x80603000 \SystemRoot\system32\kdcom.dll
0x8060A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067A000 \SystemRoot\system32\PSHED.dll
0x8068B000 \SystemRoot\system32\BOOTVID.dll
0x80693000 \SystemRoot\system32\CLFS.SYS
0x806D4000 \SystemRoot\system32\CI.dll
0x82A09000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82A85000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82A92000 \SystemRoot\System32\Drivers\spzo.sys
0x82B93000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x82B9C000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807B4000 \SystemRoot\system32\drivers\acpi.sys
0x82BC2000 \SystemRoot\system32\drivers\msisadrv.sys
0x82BCA000 \SystemRoot\system32\drivers\pci.sys
0x82BF1000 \SystemRoot\System32\drivers\partmgr.sys
0x83008000 \SystemRoot\system32\drivers\volmgr.sys
0x83017000 \SystemRoot\System32\drivers\volmgrx.sys
0x83061000 \SystemRoot\system32\drivers\nvrd32.sys
0x83085000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x830A6000 \SystemRoot\system32\drivers\pciide.sys
0x830AD000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x830BB000 \SystemRoot\System32\drivers\mountmgr.sys
0x830CB000 \SystemRoot\system32\drivers\nvraid.sys
0x830E6000 \SystemRoot\system32\drivers\atapi.kav
0x830EE000 \SystemRoot\system32\drivers\ataport.SYS
0x8310C000 \SystemRoot\system32\drivers\nvstor32.sys
0x83131000 \SystemRoot\system32\drivers\storport.sys
0x83172000 \SystemRoot\system32\drivers\fltmgr.sys
0x831A4000 \SystemRoot\system32\drivers\fileinfo.sys
0x831B4000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8320F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x83280000 \SystemRoot\system32\drivers\ndis.sys
0x8338B000 \SystemRoot\system32\drivers\msrpc.sys
0x833B6000 \SystemRoot\system32\drivers\NETIO.SYS
0x87C0B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87D1B000 \SystemRoot\SYSTEM32\DRIVERS\WD.SYS
0x87D23000 \SystemRoot\system32\drivers\volsnap.sys
0x87D5C000 \SystemRoot\System32\Drivers\spldr.sys
0x87D64000 \SystemRoot\System32\Drivers\mup.sys
0x87D73000 \SystemRoot\System32\drivers\ecache.sys
0x87D9A000 \SystemRoot\system32\drivers\disk.sys
0x87DAB000 \SystemRoot\system32\drivers\crcdisk.sys
0x87DB4000 \SystemRoot\system32\DRIVERS\28279082.sys
0x87C00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x833F1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x83200000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x831BD000 \SystemRoot\system32\DRIVERS\serial.sys
0x831D7000 \SystemRoot\system32\DRIVERS\serenum.sys
0x831E1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x831F4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x87DFD000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8C004000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8C00E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C04C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C05B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C0E8000 \SystemRoot\system32\DRIVERS\smserial.sys
0x8C801000 \SystemRoot\system32\drivers\modem.sys
0x8C80E000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8C81E000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8C82C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C844000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8C846000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8C84C000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8CA0C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8D48A000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8D48C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D52D000 \SystemRoot\System32\drivers\watchdog.sys
0x8D539000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8D542000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D571000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D57C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D593000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D59E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8D5C1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D5D0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8D5E4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C94C000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CA00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D5F9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C95C000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C986000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C990000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C99D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C9D2000 \SystemRoot\system32\drivers\MODEMCSA.sys
0x8C9DC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D603000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8D804000 \SystemRoot\system32\drivers\portcls.sys
0x8D831000 \SystemRoot\system32\drivers\drmk.sys
0x8D856000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8D879000 \SystemRoot\system32\DRIVERS\2827908.sys
0x8D8C9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D8D2000 \SystemRoot\System32\Drivers\Null.SYS
0x8D8D9000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D8E9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8D8F0000 \SystemRoot\System32\drivers\vga.sys
0x8D8FC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D91D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D93A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D93C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D944000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D94F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D95D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8DC0F000 \SystemRoot\System32\drivers\tcpip.sys
0x8DCF9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8DD14000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8DD2A000 \SystemRoot\system32\DRIVERS\smb.sys
0x8DD3E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8DD70000 \SystemRoot\system32\drivers\afd.sys
0x8DDB8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8DDCE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8DDDC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D966000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8DDEF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D9A2000 \SystemRoot\System32\Drivers\dfsc.sys
0x8DE03000 \SystemRoot\system32\DRIVERS\28279081.sys
0x8E323000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8E33A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8E343000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8E353000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8E35C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8E369000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8E373000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x95E90000 \SystemRoot\System32\win32k.sys
0x8E398000 \SystemRoot\System32\drivers\Dxapi.sys
0x8E3A2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x960B0000 \SystemRoot\System32\TSDDD.dll
0x960D0000 \SystemRoot\System32\cdd.dll
0x8E3B1000 \SystemRoot\system32\drivers\luafv.sys
0x81E09000 \SystemRoot\system32\drivers\spsys.sys
0x81EB9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x81EC9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x81EDC000 \SystemRoot\system32\drivers\HTTP.sys
0x81F49000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x81F66000 \SystemRoot\system32\DRIVERS\bowser.sys
0x81F7F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x81F94000 \SystemRoot\system32\drivers\mrxdav.sys
0x81FB5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8D9B9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x81FD4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8E3CC000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9B605000 \SystemRoot\System32\DRIVERS\srv.sys
0x9B653000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0x9B65A000 \SystemRoot\system32\drivers\peauth.sys
0x9B738000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0x9B741000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0x9B753000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9B75D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9B769000 \??\C:\Windows\system32\drivers\tvicport.sys
0x9B76C000 \??\C:\Program Files\Free Ride Games\X4HS32Ex.Sys
0x9B77C000 \??\C:\Windows\system32\drivers\zntport.sys
0x9B77D000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9B793000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x77860000 \Windows\System32\ntdll.dll
Processes (total 70):
0 System Idle Process
4 System
464 C:\Windows\System32\smss.exe
532 csrss.exe
584 C:\Windows\System32\wininit.exe
596 csrss.exe
628 C:\Windows\System32\services.exe
640 C:\Windows\System32\lsass.exe
652 C:\Windows\System32\lsm.exe
728 C:\Windows\System32\winlogon.exe
840 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\nvvsvc.exe
916 C:\Windows\System32\svchost.exe
952 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1148 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\svchost.exe
1296 C:\Windows\System32\audiodg.exe
1320 C:\Windows\System32\svchost.exe
1340 C:\Windows\System32\SLsvc.exe
1380 C:\Windows\System32\svchost.exe
1464 C:\Windows\System32\nvvsvc.exe
1600 C:\Windows\System32\svchost.exe
1776 C:\Windows\System32\spoolsv.exe
1804 C:\Windows\System32\svchost.exe
296 C:\Windows\System32\dwm.exe
312 C:\Windows\System32\taskeng.exe
452 C:\Windows\explorer.exe
1068 C:\Windows\System32\taskeng.exe
912 C:\Windows\RtHDVCpl.exe
1092 C:\Acer\Empowering Technology\SysMonitor.exe
1096 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
2020 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
2068 C:\Windows\System32\nvraidservice.exe
2132 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2156 C:\Program Files\iTunes\iTunesHelper.exe
2164 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2184 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
2200 C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
2252 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2272 C:\Program Files\Bonjour\mDNSResponder.exe
2340 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
2524 C:\Program Files\Microsoft Security Essentials\msseces.exe
2668 C:\Windows\ehome\ehtray.exe
2828 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2888 C:\Program Files\Common Files\Motive\McciCMService.exe
3004 C:\Windows\System32\svchost.exe
3056 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
3092 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3160 C:\Windows\System32\svchost.exe
3220 C:\Windows\System32\svchost.exe
3252 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3316 C:\Windows\System32\SearchIndexer.exe
3376 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3444 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
3528 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
3840 WmiPrvSE.exe
3888 C:\Windows\ehome\ehmsas.exe
2024 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2968 WmiPrvSE.exe
4032 C:\Program Files\iPod\bin\iPodService.exe
2092 C:\Windows\System32\wbem\unsecapp.exe
3996 C:\Windows\System32\wuauclt.exe
5120 C:\Windows\System32\SearchProtocolHost.exe
3276 C:\Program Files\Internet Explorer\iexplore.exe
3492 C:\Program Files\Internet Explorer\iexplore.exe
620 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
1360 C:\Windows\System32\SearchFilterHost.exe
4964 C:\Windows\System32\SearchProtocolHost.exe
4976 C:\Users\Administrator\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`e2200000 (NTFS)
PhysicalDrive0 Model Number: WDC WD1600AAJS-22WAA, Rev: 58.0
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: FE9DEC202C68225A60BA224B3417475E24A6D7EA

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
Done!
emeraldnzl's Avatar
Computer Specs
Malware Removal Specialist with 2,304 posts.
 
Join Date: Nov 2007
Location: Auckland,N.Z.
14-Sep-2010, 10:31 PM #23
Okay you will have to delete your copy of MBRCheck and download a new version.

Please download MBRCheck.exe to your Desktop. Run the application.

If an infection is found, you will be presented with the following dialog:

Quote:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Enter 'Y' and hit ENTER

Select [3] Windows Vista

Type 'YES' and hit ENTER to continue: Successfully wrote new MBR code!

Please reboot your computer to complete the fix.
link2998's Avatar
link2998 link2998 is offline
Member with 59 posts.
THREAD STARTER
 
Join Date: Sep 2010
14-Sep-2010, 10:42 PM #24
alureon.h virus
Sorry, but I got the same. Here's the log:

MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ACER
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ACER
System Product Name: Aspire M1641
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 155):
0x82413000 \SystemRoot\system32\ntkrnlpa.exe
0x827CC000 \SystemRoot\system32\hal.dll
0x80603000 \SystemRoot\system32\kdcom.dll
0x8060A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067A000 \SystemRoot\system32\PSHED.dll
0x8068B000 \SystemRoot\system32\BOOTVID.dll
0x80693000 \SystemRoot\system32\CLFS.SYS
0x806D4000 \SystemRoot\system32\CI.dll
0x82A09000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82A85000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82A92000 \SystemRoot\System32\Drivers\spzo.sys
0x82B93000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x82B9C000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807B4000 \SystemRoot\system32\drivers\acpi.sys
0x82BC2000 \SystemRoot\system32\drivers\msisadrv.sys
0x82BCA000 \SystemRoot\system32\drivers\pci.sys
0x82BF1000 \SystemRoot\System32\drivers\partmgr.sys
0x83008000 \SystemRoot\system32\drivers\volmgr.sys
0x83017000 \SystemRoot\System32\drivers\volmgrx.sys
0x83061000 \SystemRoot\system32\drivers\nvrd32.sys
0x83085000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x830A6000 \SystemRoot\system32\drivers\pciide.sys
0x830AD000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x830BB000 \SystemRoot\System32\drivers\mountmgr.sys
0x830CB000 \SystemRoot\system32\drivers\nvraid.sys
0x830E6000 \SystemRoot\system32\drivers\atapi.kav
0x830EE000 \SystemRoot\system32\drivers\ataport.SYS
0x8310C000 \SystemRoot\system32\drivers\nvstor32.sys
0x83131000 \SystemRoot\system32\drivers\storport.sys
0x83172000 \SystemRoot\system32\drivers\fltmgr.sys
0x831A4000 \SystemRoot\system32\drivers\fileinfo.sys
0x831B4000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8320F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x83280000 \SystemRoot\system32\drivers\ndis.sys
0x8338B000 \SystemRoot\system32\drivers\msrpc.sys
0x833B6000 \SystemRoot\system32\drivers\NETIO.SYS
0x87C0B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87D1B000 \SystemRoot\SYSTEM32\DRIVERS\WD.SYS
0x87D23000 \SystemRoot\system32\drivers\volsnap.sys
0x87D5C000 \SystemRoot\System32\Drivers\spldr.sys
0x87D64000 \SystemRoot\System32\Drivers\mup.sys
0x87D73000 \SystemRoot\System32\drivers\ecache.sys
0x87D9A000 \SystemRoot\system32\drivers\disk.sys
0x87DAB000 \SystemRoot\system32\drivers\crcdisk.sys
0x87DB4000 \SystemRoot\system32\DRIVERS\28279082.sys
0x87C00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x833F1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x83200000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x831BD000 \SystemRoot\system32\DRIVERS\serial.sys
0x831D7000 \SystemRoot\system32\DRIVERS\serenum.sys
0x831E1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x831F4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x87DFD000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8C004000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8C00E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C04C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C05B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C0E8000 \SystemRoot\system32\DRIVERS\smserial.sys
0x8C801000 \SystemRoot\system32\drivers\modem.sys
0x8C80E000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8C81E000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8C82C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C844000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8C846000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8C84C000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8CA0C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8D48A000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8D48C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D52D000 \SystemRoot\System32\drivers\watchdog.sys
0x8D539000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8D542000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D571000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D57C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D593000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D59E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8D5C1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D5D0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8D5E4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C94C000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CA00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D5F9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C95C000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C986000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C990000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C99D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C9D2000 \SystemRoot\system32\drivers\MODEMCSA.sys
0x8C9DC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D603000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8D804000 \SystemRoot\system32\drivers\portcls.sys
0x8D831000 \SystemRoot\system32\drivers\drmk.sys
0x8D856000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8D879000 \SystemRoot\system32\DRIVERS\2827908.sys
0x8D8C9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D8D2000 \SystemRoot\System32\Drivers\Null.SYS
0x8D8D9000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D8E9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8D8F0000 \SystemRoot\System32\drivers\vga.sys
0x8D8FC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D91D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D93A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D93C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D944000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D94F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D95D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8DC0F000 \SystemRoot\System32\drivers\tcpip.sys
0x8DCF9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8DD14000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8DD2A000 \SystemRoot\system32\DRIVERS\smb.sys
0x8DD3E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8DD70000 \SystemRoot\system32\drivers\afd.sys
0x8DDB8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8DDCE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8DDDC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D966000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8DDEF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D9A2000 \SystemRoot\System32\Drivers\dfsc.sys
0x8DE03000 \SystemRoot\system32\DRIVERS\28279081.sys
0x8E323000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8E33A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8E343000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8E353000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8E35C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8E369000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8E373000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x95E90000 \SystemRoot\System32\win32k.sys
0x8E398000 \SystemRoot\System32\drivers\Dxapi.sys
0x8E3A2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x960B0000 \SystemRoot\System32\TSDDD.dll
0x960D0000 \SystemRoot\System32\cdd.dll
0x8E3B1000 \SystemRoot\system32\drivers\luafv.sys
0x81E09000 \SystemRoot\system32\drivers\spsys.sys
0x81EB9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x81EC9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x81EDC000 \SystemRoot\system32\drivers\HTTP.sys
0x81F49000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x81F66000 \SystemRoot\system32\DRIVERS\bowser.sys
0x81F7F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x81F94000 \SystemRoot\system32\drivers\mrxdav.sys
0x81FB5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8D9B9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x81FD4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8E3CC000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9B605000 \SystemRoot\System32\DRIVERS\srv.sys
0x9B653000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0x9B65A000 \SystemRoot\system32\drivers\peauth.sys
0x9B738000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0x9B741000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0x9B753000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9B75D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9B769000 \??\C:\Windows\system32\drivers\tvicport.sys
0x9B76C000 \??\C:\Program Files\Free Ride Games\X4HS32Ex.Sys
0x9B77C000 \??\C:\Windows\system32\drivers\zntport.sys
0x9B77D000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9B793000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x77860000 \Windows\System32\ntdll.dll
Processes (total 70):
0 System Idle Process
4 System
464 C:\Windows\System32\smss.exe
532 csrss.exe
584 C:\Windows\System32\wininit.exe
596 csrss.exe
628 C:\Windows\System32\services.exe
640 C:\Windows\System32\lsass.exe
652 C:\Windows\System32\lsm.exe
728 C:\Windows\System32\winlogon.exe
840 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\nvvsvc.exe
916 C:\Windows\System32\svchost.exe
952 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1148 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\svchost.exe
1296 C:\Windows\System32\audiodg.exe
1320 C:\Windows\System32\svchost.exe
1340 C:\Windows\System32\SLsvc.exe
1380 C:\Windows\System32\svchost.exe
1464 C:\Windows\System32\nvvsvc.exe
1600 C:\Windows\System32\svchost.exe
1776 C:\Windows\System32\spoolsv.exe
1804 C:\Windows\System32\svchost.exe
296 C:\Windows\System32\dwm.exe
312 C:\Windows\System32\taskeng.exe
452 C:\Windows\explorer.exe
1068 C:\Windows\System32\taskeng.exe
912 C:\Windows\RtHDVCpl.exe
1092 C:\Acer\Empowering Technology\SysMonitor.exe
1096 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
2020 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
2068 C:\Windows\System32\nvraidservice.exe
2132 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2156 C:\Program Files\iTunes\iTunesHelper.exe
2164 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2184 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
2200 C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
2252 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2272 C:\Program Files\Bonjour\mDNSResponder.exe
2340 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
2524 C:\Program Files\Microsoft Security Essentials\msseces.exe
2668 C:\Windows\ehome\ehtray.exe
2828 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2888 C:\Program Files\Common Files\Motive\McciCMService.exe
3004 C:\Windows\System32\svchost.exe
3056 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
3092 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3160 C:\Windows\System32\svchost.exe
3220 C:\Windows\System32\svchost.exe
3252 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3316 C:\Windows\System32\SearchIndexer.exe
3376 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3444 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
3528 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
3840 WmiPrvSE.exe
3888 C:\Windows\ehome\ehmsas.exe
2024 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2968 WmiPrvSE.exe
4032 C:\Program Files\iPod\bin\iPodService.exe
2092 C:\Windows\System32\wbem\unsecapp.exe
3996 C:\Windows\System32\wuauclt.exe
3336 C:\Windows\System32\SearchProtocolHost.exe
3756 C:\Program Files\Internet Explorer\iexplore.exe
2768 C:\Program Files\Internet Explorer\iexplore.exe
5920 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
3484 C:\Program Files\Internet Explorer\iexplore.exe
5484 C:\Windows\System32\SearchFilterHost.exe
4052 C:\Users\Administrator\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`e2200000 (NTFS)
PhysicalDrive0 Model Number: WDC WD1600AAJS-22WAA, Rev: 58.0
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: FE9DEC202C68225A60BA224B3417475E24A6D7EA

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
Done!
emeraldnzl's Avatar
Computer Specs
Malware Removal Specialist with 2,304 posts.
 
Join Date: Nov 2007
Location: Auckland,N.Z.
14-Sep-2010, 11:34 PM #25
Hello link2998,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :filefind
    *MBR*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
link2998's Avatar
link2998 link2998 is offline
Member with 59 posts.
THREAD STARTER
 
Join Date: Sep 2010
15-Sep-2010, 11:42 AM #26
alureon.h virus
SystemLook 04.09.10 by jpshortstuff
Log created at 11:36 on 15/09/2010 by Administrator
Administrator - Elevation successful
========== filefind ==========
Searching for "*MBR*"
C:\Acer\Empowering Technology\eRecovery\MBRwrWin.exe --a---- 200704 bytes [13:53 19/09/2008] [22:17 07/12/2006] DF024533734BD9899C61CF76ED571E6B
C:\Acer\Empowering Technology\eRecovery\RTMBR2.bin --a---- 512 bytes [13:53 19/09/2008] [21:14 11/11/2006] A2300A68BB40D2BE206EDE2F3B8F938E
C:\Combo-Fix\mbr.cfxxe --a---- 77312 bytes [21:12 14/09/2010] [10:11 25/10/2009] C5EC72A20B4C98DB5314E6C46765B148
C:\Combo-Fix\mbr.chk --a---- 2141 bytes [21:12 14/09/2010] [15:30 29/08/2010] 41F8EBCF1F2D68C0BD8644E328CB58C8
C:\Combo-Fix18356C\mbr.cfxxe --a---- 77312 bytes [21:14 14/09/2010] [10:11 25/10/2009] C5EC72A20B4C98DB5314E6C46765B148
C:\Combo-Fix18356C\mbr.chk --a---- 2141 bytes [21:14 14/09/2010] [15:30 29/08/2010] 41F8EBCF1F2D68C0BD8644E328CB58C8
C:\Combo-Fix24865C\mbr.cfxxe --a---- 77312 bytes [21:42 14/09/2010] [10:11 25/10/2009] C5EC72A20B4C98DB5314E6C46765B148
C:\Combo-Fix24865C\mbr.chk --a---- 2141 bytes [21:42 14/09/2010] [15:30 29/08/2010] 41F8EBCF1F2D68C0BD8644E328CB58C8
C:\Combo-Fix25822C\mbr.cfxxe --a---- 77312 bytes [22:28 14/09/2010] [10:11 25/10/2009] C5EC72A20B4C98DB5314E6C46765B148
C:\Combo-Fix25822C\mbr.chk --a---- 2141 bytes [22:28 14/09/2010] [15:30 29/08/2010] 41F8EBCF1F2D68C0BD8644E328CB58C8
C:\Combo-Fix6469C\mbr.cfxxe --a---- 77312 bytes [22:50 14/09/2010] [10:11 25/10/2009] C5EC72A20B4C98DB5314E6C46765B148
C:\Combo-Fix6469C\mbr.chk --a---- 2141 bytes [22:50 14/09/2010] [15:30 29/08/2010] 41F8EBCF1F2D68C0BD8644E328CB58C8
C:\Program Files\Acer Arcade Live\Acer HomeMedia\Customizations\Cyberlink\Layout\DMS\DMSItemBrowsing.xml --a---- 1585 bytes [19:46 16/03/2008] [23:05 30/01/2008] 6204B74B0EA4660CDF1B6E01B0BFBE5E
C:\Program Files\Acer Arcade Live\Acer HomeMedia\Presentation\Module\DMS\DMSItemBrowsing.kc --a---- 7745 bytes [19:46 16/03/2008] [23:07 30/01/2008] AEF33F260D2EF87D7CC10741A2F8F3B4
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Customizations\Cyberlink\Layout\DMS\DMSItemBrowsing.xml --a---- 1648 bytes [19:47 16/03/2008] [01:47 26/01/2008] 35BB4AC10300CF51A621562A709547A3
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Presentation\Module\DMS\DMSItemBrowsing.kc --a---- 8699 bytes [19:47 16/03/2008] [01:49 26/01/2008] BE98F2F41CCE414A486581A89E58EABE
C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\gameres\rooms\bar\images\#i_umbrella.png --a---- 28488 bytes [19:49 16/03/2008] [19:49 16/03/2008] D8466E3CA13F78139437E42574C028E0
C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\gameres\rooms\bar\images\#s_umbrella.png --a---- 18733 bytes [19:49 16/03/2008] [19:49 16/03/2008] 2666A00BD11B02B43DC5F914DB717C67
C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\gameres\rooms\mechanic\images\#i_umbrella.png --a---- 29261 bytes [19:49 16/03/2008] [19:49 16/03/2008] BF2766CD4442EEF0D5A82D89C2220EC8
C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\gameres\rooms\mechanic\images\#s_umbrella.png --a---- 34363 bytes [19:49 16/03/2008] [19:49 16/03/2008] 40024D53A037826EC565A5C4946CBF29
C:\Program Files\Acer GameZone\Jewel Quest Solitaire\audio\JQAmbRural.ogg --a---- 129641 bytes [12:38 20/11/2007] [12:38 20/11/2007] 9BD7238DAE0BAA9454A23A950E540B09
C:\Program Files\Acer GameZone\Zuma Deluxe\images\baBombRed.gif --a---- 679 bytes [13:14 20/11/2007] [13:14 20/11/2007] 44425AA15265905EC7227304DDC6E547
C:\Program Files\Java\jre1.6.0_01\lib\zi\America\Cambridge_Bay --a---- 1096 bytes [08:00 01/09/2010] [08:00 01/09/2010] 9E3053C380148B0C966BBF307600A51A
C:\Program Files\Java\jre6\lib\zi\America\Cambridge_Bay --a---- 1076 bytes [10:15 07/10/2009] [10:15 07/10/2009] 89DE3D027493B9DBE3298A06FEF9A89D
C:\Program Files\Microsoft Works\1033\WkThmBro.fmt -ra---- 13081 bytes [20:26 16/03/2008] [01:04 06/01/2005] C3428B41F774851DC1DB13B0716CCFB7
C:\Program Files\Safari\Safari.resources\CoverflowScrollThumbRight-Pressed.png --a---- 530 bytes [01:24 04/06/2010] [01:24 04/06/2010] EEB0DE51863002864465626C78DC8028
C:\Program Files\Safari\Safari.resources\CoverflowScrollThumbRight.png --a---- 523 bytes [01:24 04/06/2010] [01:24 04/06/2010] 2D0A6A54464FD2D8415968F39FEF0C5F
C:\Program Files\VideoLAN\VLC\lua\playlist\lelombrik.lua --a---- 1662 bytes [21:17 26/07/2009] [21:17 26/07/2009] 2EA40082837A1CBE1567335AB8839EAD
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\MBRCheck_09 .14.10_21.16.31.lnk --a---- 592 bytes [01:16 15/09/2010] [02:25 15/09/2010] 8C7284C34056657A77ABB5047C9F8A15
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\MBRCheck_09 .14.10_22.27.54.lnk --a---- 592 bytes [02:29 15/09/2010] [02:29 15/09/2010] C4F7F42FDD5BC145205C2788F7E8158C
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\MBRCheck_09 .14.10_22.48.24.lnk --a---- 592 bytes [02:48 15/09/2010] [02:48 15/09/2010] AA621C5297D42B0F82566E7E37BD8638
C:\Users\Administrator\Application Data\Microsoft\Windows\Recent\MBRCheck_09.14.10_21.16.31.lnk --a---- 592 bytes [01:16 15/09/2010] [02:25 15/09/2010] 8C7284C34056657A77ABB5047C9F8A15
C:\Users\Administrator\Application Data\Microsoft\Windows\Recent\MBRCheck_09.14.10_22.27.54.lnk --a---- 592 bytes [02:29 15/09/2010] [02:29 15/09/2010] C4F7F42FDD5BC145205C2788F7E8158C
C:\Users\Administrator\Application Data\Microsoft\Windows\Recent\MBRCheck_09.14.10_22.48.24.lnk --a---- 592 bytes [02:48 15/09/2010] [02:48 15/09/2010] AA621C5297D42B0F82566E7E37BD8638
C:\Users\Administrator\Desktop\MBRCheck.exe --a---- 80384 bytes [02:46 15/09/2010] [02:48 15/09/2010] CB2D120A4B72422A8141192831B1F500
C:\Users\Administrator\Desktop\MBRCheck_09.14.10_22.48.24.txt --a---- 12975 bytes [02:48 15/09/2010] [02:48 15/09/2010] 809C94A2508346D0DD4C6F4DE513B825
C:\Users\Administrator\Recent\MBRCheck_09.14.10_21.16.31.lnk --a---- 592 bytes [01:16 15/09/2010] [02:25 15/09/2010] 8C7284C34056657A77ABB5047C9F8A15
C:\Users\Administrator\Recent\MBRCheck_09.14.10_22.27.54.lnk --a---- 592 bytes [02:29 15/09/2010] [02:29 15/09/2010] C4F7F42FDD5BC145205C2788F7E8158C
C:\Users\Administrator\Recent\MBRCheck_09.14.10_22.48.24.lnk --a---- 592 bytes [02:48 15/09/2010] [02:48 15/09/2010] AA621C5297D42B0F82566E7E37BD8638
C:\Users\Richard F. Bahr III\AppData\Roaming\Microsoft\Windows\Recent\01 Encore Performance of Phil Imbrogno.mp3 (2).lnk --a---- 964 bytes [02:42 07/01/2010] [02:42 07/01/2010] FB8E6E5D2B492A7DAB36D0958613E626
C:\Users\Richard F. Bahr III\AppData\Roaming\Microsoft\Windows\Recent\01 Encore Performance of Phil Imbrogno.mp3.lnk --a---- 964 bytes [02:37 07/01/2010] [02:37 07/01/2010] 55F7372AB521FDF324310EF1E024409D
C:\Users\Richard F. Bahr III\AppData\Roaming\Microsoft\Windows\Recent\02 Encore Performance of Phil Imbrogno.lnk --a---- 964 bytes [01:07 06/01/2010] [01:10 06/01/2010] F48945A114C8B5AFB72A7BEA8B216A81
C:\Users\Richard F. Bahr III\AppData\Roaming\Microsoft\Windows\Recent\Encore Performance of Phil Imbrogno.lnk --a---- 627 bytes [01:09 06/01/2010] [02:42 07/01/2010] 726247D4CED7047A017140AF3086A180
C:\Users\Richard F. Bahr III\AppData\Roaming\Microsoft\Windows\Recent\Encore Performance of Phil Imbrogno.mp3.lnk --a---- 981 bytes [02:34 07/01/2010] [02:34 07/01/2010] ADB1D905A8A60D138C9E9890C76099AF
C:\Users\Richard F. Bahr III\Application Data\Microsoft\Windows\Recent\01 Encore Performance of Phil Imbrogno.mp3 (2).lnk --a---- 964 bytes [02:42 07/01/2010] [02:42 07/01/2010] FB8E6E5D2B492A7DAB36D0958613E626
C:\Users\Richard F. Bahr III\Application Data\Microsoft\Windows\Recent\01 Encore Performance of Phil Imbrogno.mp3.lnk --a---- 964 bytes [02:37 07/01/2010] [02:37 07/01/2010] 55F7372AB521FDF324310EF1E024409D
C:\Users\Richard F. Bahr III\Application Data\Microsoft\Windows\Recent\02 Encore Performance of Phil Imbrogno.lnk --a---- 964 bytes [01:07 06/01/2010] [01:10 06/01/2010] F48945A114C8B5AFB72A7BEA8B216A81
C:\Users\Richard F. Bahr III\Application Data\Microsoft\Windows\Recent\Encore Performance of Phil Imbrogno.lnk --a---- 627 bytes [01:09 06/01/2010] [02:42 07/01/2010] 726247D4CED7047A017140AF3086A180
C:\Users\Richard F. Bahr III\Application Data\Microsoft\Windows\Recent\Encore Performance of Phil Imbrogno.mp3.lnk --a---- 981 bytes [02:34 07/01/2010] [02:34 07/01/2010] ADB1D905A8A60D138C9E9890C76099AF
C:\Users\Richard F. Bahr III\Recent\01 Encore Performance of Phil Imbrogno.mp3 (2).lnk --a---- 964 bytes [02:42 07/01/2010] [02:42 07/01/2010] FB8E6E5D2B492A7DAB36D0958613E626
C:\Users\Richard F. Bahr III\Recent\01 Encore Performance of Phil Imbrogno.mp3.lnk --a---- 964 bytes [02:37 07/01/2010] [02:37 07/01/2010] 55F7372AB521FDF324310EF1E024409D
C:\Users\Richard F. Bahr III\Recent\02 Encore Performance of Phil Imbrogno.lnk --a---- 964 bytes [01:07 06/01/2010] [01:10 06/01/2010] F48945A114C8B5AFB72A7BEA8B216A81
C:\Users\Richard F. Bahr III\Recent\Encore Performance of Phil Imbrogno.lnk --a---- 627 bytes [01:09 06/01/2010] [02:42 07/01/2010] 726247D4CED7047A017140AF3086A180
C:\Users\Richard F. Bahr III\Recent\Encore Performance of Phil Imbrogno.mp3.lnk --a---- 981 bytes [02:34 07/01/2010] [02:34 07/01/2010] ADB1D905A8A60D138C9E9890C76099AF
C:\Windows\Fonts\cambria.ttc --a---- 1090432 bytes [06:27 02/11/2006] [07:00 28/04/2010] 524B34C83D901627FFA94535596C87D2
C:\Windows\Fonts\cambriab.ttf --a---- 328500 bytes [06:27 02/11/2006] [07:00 28/04/2010] 77D47DBBAB6C42879ACAEBB3B9438C9B
C:\Windows\Fonts\cambriai.ttf --a---- 336764 bytes [06:27 02/11/2006] [07:00 28/04/2010] A34F34C368366F749DC1E64074853D5A
C:\Windows\Fonts\cambriaz.ttf --a---- 325976 bytes [06:27 02/11/2006] [07:00 28/04/2010] 135F6C2686B5DE7C4022EF94322D7F96
C:\Windows\Prefetch\MBRWRWIN.EXE-2144233B.pf --a---- 10566 bytes [18:51 09/09/2010] [15:26 10/09/2010] 4D02C8032AF169C74ABBFB6B71A48594
C:\Windows\System32\OEM\audit\diagmbr.txt --a---- 512 bytes [21:30 17/09/2008] [13:59 19/09/2008] B6A3F447BB34B47DAFDF68C6EB14B9FF
C:\Windows\winsxs\Manifests\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6000.16386_none_f06adcda072586e8.manifest --a---- 5639 bytes [10:21 02/11/2006] [10:18 02/11/2006] 3A42CAA738C3D04CAFD1518D69CE762F
C:\Windows\winsxs\Manifests\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6001.18426_none_f2920852041b5c44.manifest ------- 6350 bytes [06:50 28/04/2010] [00:00 17/02/2010] CC335B2368A9A6420C0F702F2F44EC93
C:\Windows\winsxs\Manifests\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6001.22635_none_f30fd6cd1d41fbcf.manifest ------- 6350 bytes [06:50 28/04/2010] [21:48 16/02/2010] F42AD91D95B8343C8FDF6D9AA984D34F
C:\Windows\winsxs\Manifests\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6002.18208_none_f4901c8c012fa95b.manifest ------- 6350 bytes [06:50 28/04/2010] [23:22 16/02/2010] 854EE097D41D89069956398B3E8B0A1C
C:\Windows\winsxs\Manifests\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6002.22340_none_f4e677571a74ee31.manifest ------- 6350 bytes [06:50 28/04/2010] [21:10 16/02/2010] A8A68F1445D791217F87B044FE1ACEA9
C:\Windows\winsxs\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6000.16386_none_f06adcda072586e8\cambria.ttc --a---- 1090432 bytes [06:27 02/11/2006] [02:10 03/10/2006] 524B34C83D901627FFA94535596C87D2
C:\Windows\winsxs\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6000.16386_none_f06adcda072586e8\cambriab.ttf --a---- 328500 bytes [06:27 02/11/2006] [02:10 03/10/2006] 77D47DBBAB6C42879ACAEBB3B9438C9B
C:\Windows\winsxs\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6000.16386_none_f06adcda072586e8\cambriai.ttf --a---- 336764 bytes [06:27 02/11/2006] [02:10 03/10/2006] A34F34C368366F749DC1E64074853D5A
C:\Windows\winsxs\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6000.16386_none_f06adcda072586e8\cambriaz.ttf --a---- 325976 bytes [06:27 02/11/2006] [02:10 03/10/2006] 135F6C2686B5DE7C4022EF94322D7F96
C:\Windows\winsxs\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6001.18426_none_f2920852041b5c44\cambria.ttc --a---- 1090432 bytes [06:27 02/11/2006] [02:10 03/10/2006] 524B34C83D901627FFA94535596C87D2
C:\Windows\winsxs\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6001.18426_none_f2920852041b5c44\cambriab.ttf --a---- 328500 bytes [06:27 02/11/2006] [02:10 03/10/2006] 77D47DBBAB6C42879ACAEBB3B9438C9B
C:\Windows\winsxs\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6001.18426_none_f2920852041b5c44\cambriai.ttf --a---- 336764 bytes [06:27 02/11/2006] [02:10 03/10/2006] A34F34C368366F749DC1E64074853D5A
C:\Windows\winsxs\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6001.18426_none_f2920852041b5c44\cambriaz.ttf --a---- 325976 bytes [06:27 02/11/2006] [02:10 03/10/2006] 135F6C2686B5DE7C4022EF94322D7F96
C:\Windows\winsxs\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6001.22635_none_f30fd6cd1d41fbcf\cambria.ttc --a---- 1090432 bytes [06:27 02/11/2006] [02:10 03/10/2006] 524B34C83D901627FFA94535596C87D2
C:\Windows\winsxs\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6001.22635_none_f30fd6cd1d41fbcf\cambriab.ttf --a---- 328500 bytes [06:27 02/11/2006] [02:10 03/10/2006] 77D47DBBAB6C42879ACAEBB3B9438C9B
C:\Windows\winsxs\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6001.22635_none_f30fd6cd1d41fbcf\cambriai.ttf --a---- 336764 bytes [06:27 02/11/2006] [02:10 03/10/2006] A34F34C368366F749DC1E64074853D5A
C:\Windows\winsxs\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6001.22635_none_f30fd6cd1d41fbcf\cambriaz.ttf --a---- 325976 bytes [06:27 02/11/2006] [02:10 03/10/2006] 135F6C2686B5DE7C4022EF94322D7F96
C:\Windows\winsxs\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6002.18208_none_f4901c8c012fa95b\cambria.ttc --a---- 1090432 bytes [06:27 02/11/2006] [02:10 03/10/2006] 524B34C83D901627FFA94535596C87D2
C:\Windows\winsxs\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6002.18208_none_f4901c8c012fa95b\cambriab.ttf --a---- 328500 bytes [06:27 02/11/2006] [02:10 03/10/2006] 77D47DBBAB6C42879ACAEBB3B9438C9B
C:\Windows\winsxs\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6002.18208_none_f4901c8c012fa95b\cambriai.ttf --a---- 336764 bytes [06:27 02/11/2006] [02:10 03/10/2006] A34F34C368366F749DC1E64074853D5A
C:\Windows\winsxs\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6002.18208_none_f4901c8c012fa95b\cambriaz.ttf --a---- 325976 bytes [06:27 02/11/2006] [02:10 03/10/2006] 135F6C2686B5DE7C4022EF94322D7F96
C:\Windows\winsxs\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6002.22340_none_f4e677571a74ee31\cambria.ttc --a---- 1090432 bytes [06:27 02/11/2006] [02:10 03/10/2006] 524B34C83D901627FFA94535596C87D2
C:\Windows\winsxs\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6002.22340_none_f4e677571a74ee31\cambriab.ttf --a---- 328500 bytes [06:27 02/11/2006] [02:10 03/10/2006] 77D47DBBAB6C42879ACAEBB3B9438C9B
C:\Windows\winsxs\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6002.22340_none_f4e677571a74ee31\cambriai.ttf --a---- 336764 bytes [06:27 02/11/2006] [02:10 03/10/2006] A34F34C368366F749DC1E64074853D5A
C:\Windows\winsxs\x86_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.0.6002.22340_none_f4e677571a74ee31\cambriaz.ttf --a---- 325976 bytes [06:27 02/11/2006] [02:10 03/10/2006] 135F6C2686B5DE7C4022EF94322D7F96
-= EOF =-
emeraldnzl's Avatar
Computer Specs
Malware Removal Specialist with 2,304 posts.
 
Join Date: Nov 2007
Location: Auckland,N.Z.
15-Sep-2010, 03:57 PM #27
Please double-click OTM.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Save it to your desktop.
  • Please double-click OTM.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Files
    C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\MBRCheck_09 .14.10_21.16.31.lnk
    C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\MBRCheck_09 .14.10_22.27.54.lnk
    C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\MBRCheck_09 .14.10_22.48.24.lnk
    C:\Users\Administrator\Application Data\Microsoft\Windows\Recent\MBRCheck_09.14.10_21.16.31.lnk
    C:\Users\Administrator\Application Data\Microsoft\Windows\Recent\MBRCheck_09.14.10_22.27.54.lnk
    C:\Users\Administrator\Application Data\Microsoft\Windows\Recent\MBRCheck_09.14.10_22.48.24.lnk
    C:\Users\Administrator\Desktop\MBRCheck.exe
    C:\Users\Administrator\Desktop\MBRCheck_09.14.10_22.48.24.txt
    C:\Users\Administrator\Recent\MBRCheck_09.14.10_21.16.31.lnk
    C:\Users\Administrator\Recent\MBRCheck_09.14.10_22.27.54.lnk
    C:\Users\Administrator\Recent\MBRCheck_09.14.10_22.48.24.lnk
    
    :commands
    [Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Make sure you allow your computer to reboot after running the OTM one. It should by default but if it doesn't please do it.

After that

Please download MBRCheck.exe to your Desktop.
  • Double click to run it
  • It will prompt you with some text
  • Left click on title bar (where program name and path is written)
  • From menu chose Edit > Select All
  • Click Enter key on keyboard to copy selected text
  • paste that text back here

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: y

Enter 'Y' and hit ENTER

Select [3] Windows Vista

Type 'YES' and hit ENTER to continue: Successfully wrote new MBR code!

Please reboot your computer to complete the fix.

Come back here and tell me how it went.
link2998's Avatar
link2998 link2998 is offline
Member with 59 posts.
THREAD STARTER
 
Join Date: Sep 2010
15-Sep-2010, 04:13 PM #28
alureon.h virus
Hi Emrld,
Heres the OTM log:

========== FILES ==========
File/Folder C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\MBRCheck_09 .14.10_21.16.31.lnk not found.
File/Folder C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\MBRCheck_09 .14.10_22.27.54.lnk not found.
File/Folder C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\MBRCheck_09 .14.10_22.48.24.lnk not found.
File/Folder C:\Users\Administrator\Application Data\Microsoft\Windows\Recent\MBRCheck_09.14.10_21.16.31.lnk not found.
File/Folder C:\Users\Administrator\Application Data\Microsoft\Windows\Recent\MBRCheck_09.14.10_22.27.54.lnk not found.
File/Folder C:\Users\Administrator\Application Data\Microsoft\Windows\Recent\MBRCheck_09.14.10_22.48.24.lnk not found.
File/Folder C:\Users\Administrator\Desktop\MBRCheck.exe not found.
File/Folder C:\Users\Administrator\Desktop\MBRCheck_09.14.10_22.48.24.txt not found.
File/Folder C:\Users\Administrator\Recent\MBRCheck_09.14.10_21.16.31.lnk not found.
File/Folder C:\Users\Administrator\Recent\MBRCheck_09.14.10_22.27.54.lnk not found.
File/Folder C:\Users\Administrator\Recent\MBRCheck_09.14.10_22.48.24.lnk not found.
========== COMMANDS ==========

OTM by OldTimer - Version 3.1.16.0 log created on 09152010_161350

Now I'll continue to the rest of your instructions.
link2998's Avatar
link2998 link2998 is offline
Member with 59 posts.
THREAD STARTER
 
Join Date: Sep 2010
15-Sep-2010, 04:16 PM #29
alureon.h virus
Here's the MBRCheck text copied:

MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ACER
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ACER
System Product Name: Aspire M1641
Logical Drives Mask: 0x000001fc
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`e2200000 (NTFS)
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: FE9DEC202C68225A60BA224B3417475E24A6D7EA

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

I'll continue with your instructions.
link2998's Avatar
link2998 link2998 is offline
Member with 59 posts.
THREAD STARTER
 
Join Date: Sep 2010
15-Sep-2010, 04:18 PM #30
alureon.h virus
It still gives me a different set of options. Here's what it looks like:

MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ACER
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ACER
System Product Name: Aspire M1641
Logical Drives Mask: 0x000001fc
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`e2200000 (NTFS)
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: FE9DEC202C68225A60BA224B3417475E24A6D7EA

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: Y
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: 3

Done!
Press ENTER to exit...
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
alureon.h, virus

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
win32/Alureon.h infection puregoldschlager Virus & Other Malware Removal 14 16-Aug-2010 01:55 PM
Virus:Win32/Alureon.H Staminize Virus & Other Malware Removal 26 27-May-2010 10:36 AM
Alureon.ct Infection JoniiBoii Virus & Other Malware Removal 23 20-May-2010 12:12 PM
Alureon.H Virus Help. pook123 Virus & Other Malware Removal 1 18-May-2010 04:33 PM
Alureon infection. Need help in removal. Got 5 days only. destinknee Virus & Other Malware Removal 8 27-Dec-2009 01:47 PM

WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑