I tried a program called Vundofix but it was out of date. Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllEB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dllEB: &Yahoo! Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Minimal ========== Processes (SafeList) ========== PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)PRC - If we have ever helped you in the past, please consider helping us. weblink

Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdnserv.exeC:\WINDOWS\system32\lxdncoms.exeC:\Program This is obviously a rootkit, I know this, I just need help removing it. I suggest you do this and select Immediate E-Mail notification and click on Proceed. Please try the request again.

Lately, Avast antivirus has started detecting tdlcmd.dll/alureon as a rootkit on my computer.

Please help me remove this! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-12 40384]R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-29 54752]R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2008-10-17 98984]R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [2005-9-16 10951]R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]R2 WebTool;WebTool;c:\progra~1\mi4f93~1\webtool.exe [2005-9-14 705024]R2 WinDefend;Windows Defender;c:\program View Answer Related Questions Os : Need Help Removing These VirusEs That Won't Go Away... Remove formatting × Your link has been automatically embedded.

I tried running combofix, but it tells me that I should shut down avast before continuing.

Error - 1/22/2010 12:53:38 AM | Computer Name = TIFFLILPINKY | Source = MsiInstaller | ID = 1008Description = The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_33_0_1000.MSI is not permitted due Terminate.OTS log attached OTS.Txt 164.57KB 166 downloads 0 #5 mpascal Posted 26 November 2009 - 10:11 AM mpascal Math Nerd Retired Staff 3,644 posts Hi NSS62,Sorry for the delay, let's get Pondus Avast Überevangelist Maybe Bot Posts: 31593 Re: Win32:alureon-ec « Reply #2 on: November 25, 2009, 11:31:54 PM » Found this googling, and Win32:Alureon-EC [Rtk] it is a rootkit so you check over here This is 9-1…2.

Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exePRC - [2008/11/06 11:33:56 | 00,288,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exePRC - [2008/11/06 11:33:54 | 00,582,992 | ---- | M] (Trend Micro Please click here if you are not redirected within a few seconds. If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box.

I select to heal/remove it, but it keeps on coming back.

I have also tried PrevX, malwarebytes, spybot search and destroy. I already ran Malwarebytes, spybot and hijackthis and my antivirus, nothing really worked.

Error - 1/24/2010 3:21:48 AM | Computer Name = TIFFLILPINKY | Source = ACPIEC | ID = 327681Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. Inc)O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE ( - HKCU..\Run: [Task Killer] C:\Program Files\Task Killer\TaskKiller.exe ()O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Please post the C:\ComboFix.txt so we can continue cleaning the system. Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard ========== Processes (SafeList) ========== PRC - [2010/01/30 16:11:53 | 000,548,864 | ----

Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-12 40384]R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2005-5-2 80384]S2 jmyud;Jmyud;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-3-28 18176]S3 Logged essexboy Malware removal instructor Avast Überevangelist Probably Bot Posts: 40699 Dragons by Sasha Re: Win32:alureon-ec « Reply #7 on: November 27, 2009, 10:19:10 PM » OK here we go this The file should only open briefly.STEP 3 - The Avenger1. No, create an account now.

