Please help. Win32/Alureon.Gen!U removal

This is my HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:07:58 PM, on 12/10/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal

Running processes: C:\\Windows\\system32\\taskeng.exe C:\\Windows\\system32\\Dwm.exe C:\\Windows\\Explorer.EXE C:\\Program Files\\Windows Defender\\MSASCui.exe C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\IAAnotif.exe C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe C:\\Program Files\\AVG\\AVG8\\avgtray.exe C:\\Program Files\\Java\\jre6\\bin\\jusched.exe C:\\Program Files\\Lavasoft\\Ad-Aware\\AAWTray.exe C:\\Program Files\\HP\\HP Software Update\\hpwuSchd2.exe C:\\Program Files\\iTunes\\iTunesHelper.exe C:\\Windows\\sttray.exe C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe C:\\Program Files\\Electronic Arts\\EADM\\Core.exe C:\\Windows\\ehome\\ehtray.exe C:\\Program Files\\johnsadventures.com\\John's Background Switcher\\BackgroundSwitcher.exe C:\\Program Files\\Windows Sidebar\\sidebar.exe C:\\Program Files\\DNA\\btdna.exe C:\\Program Files\\Crawler\\Notes\\CNotes.exe C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe C:\\Windows\\ehome\\ehmsas.exe C:\\Program Files\\Windows Sidebar\\sidebar.exe C:\\Program Files\\Windows Media Player\\wmpnscfg.exe C:\\Windows\\system32\\wbem\\unsecapp.exe C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSTE08.exe C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqbam08.exe C:\\Program Files\\AVG\\AVG8\\avgscanx.exe C:\\Program Files\\AVG\\AVG8\\avgcsrvx.exe C:\\Program Files\\Mozilla Firefox\\firefox.exe C:\\Program Files\\ParetoLogic\\Anti-Virus PLUS\\Pareto_AV.exe C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe C:\\Windows\\system32\\SearchFilterHost.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL =

- HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant = - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =

R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,ProxyOverride =

*.local R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\\Program Files\\AVG\\AVG8\\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper

- {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre6\\bin\\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\\windows\\system32\\BAE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O4 - HKLM\\..\\Run: [Windows Defender] %ProgramFiles%\\Windows Defender\\MSASCui.exe -hide O4 - HKLM\\..\\Run: [IAAnotif] C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe O4 - HKLM\\..\\Run: [SynTPEnh] C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe O4 - HKLM\\..\\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe O4 - HKLM\\..\\Run: [Adobe Photo Downloader] "C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe" O4 - HKLM\\..\\Run: [GrooveMonitor] "C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe" O4 - HKLM\\..\\Run: [AppleSyncNotifier] C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe O4 - HKLM\\..\\Run: [AVG8_TRAY] C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] "C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe" O4 - HKLM\\..\\Run: [SunJavaUpdateSched] "C:\\Program Files\\Java\\jre6\\bin\\jusched.exe" O4 - HKLM\\..\\Run: [Ad-Watch] C:\\Program Files\\Lavasoft\\Ad-Aware\\AAWTray.exe O4 - HKLM\\..\\Run: [HP Software Update] C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe O4 - HKLM\\..\\Run: [QuickTime Task] "C:\\Program Files\\QuickTime\\QTTask.exe" -atboottime O4 - HKLM\\..\\Run: [iTunesHelper] "C:\\Program Files\\iTunes\\iTunesHelper.exe" O4 - HKLM\\..\\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\\..\\Run: [ParetoLogic Anti-Virus PLUS] "C:\\Program Files\\ParetoLogic\\Anti-Virus PLUS\\Pareto_AV.lnk" -NM -hidesplash O4

- HKLM\\..\\RunOnce: [Launcher] %WINDIR%\\SMINST\\launcher.exe O4 - HKLM\\..\\RunOnce: [Malwarebytes' Anti-Malware] C:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe /install /silent O4 - HKCU\\..\\Run: [msnmsgr] "C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe" /background O4 - HKCU\\..\\Run: [EA Core] "C:\\Program Files\\Electronic Arts\\EADM\\Core.exe" -silent O4 - HKCU\\..\\Run: [ehTray.exe] C:\\Windows\\ehome\\ehTray.exe O4 - HKCU\\..\\Run: [BackgroundSwitcher] "C:\\Program Files\\johnsadventures.com\\John's Background Switcher\\BackgroundSwitcher.exe" O4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun O4 - HKCU\\..\\Run: [BitTorrent DNA] "C:\\Program Files\\DNA\\btdna.exe" O4 - HKCU\\..\\Run: [CrawlerNotes] c:\\progra~1\\crawler\\notes\\cnotes.exe /notes O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4

- HKUS\\S-1-5-19\\..\\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~3\\Office12\\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~3\\Office12\\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~3\\Office12\\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~3\\Office12\\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\\windows\\system32\\inethttpfilter.dll O10 - Unknown file in Winsock LSP: c:\\windows\\system32\\inethttpfilter.dll O10 - Unknown file in Winsock LSP: c:\\windows\\system32\\inethttpfilter.dll O10 - Unknown file in Winsock LSP: c:\\windows\\system32\\inethttpfilter.dll O13 - Gopher Prefix: O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -

- DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD}

- C:\\Program Files\\Microsoft Office\\Office12\\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\\Program Files\\AVG\\AVG8\\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\\Windows\\system32\\agrsmsvc.exe O23 - Service: AMD External Events Utility - AMD - C:\\Windows\\system32\\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\\PROGRA~1\\AVG\\AVG8\\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\11\\Intel 32\\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\\Program Files\\Lavasoft\\Ad-Aware\\AAWService.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\\Windows\\system32\\PSIService.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\\Windows\\system32\\STacSV.exe O23 - Service: plasservice (ZeppelinService) - ParetoLogic Inc. - C:\\Program Files\\Common Files\\ParetoLogic\\PLAS\\plasservice.exe

-- End of file - 10442 bytes

Win32/Alureon is a downloader trojan that brings malicious programs onto infected computer. follow the removal instructions to egt rid of Alureon trojan and its variants

This group is about firewalls, not about MS Windows. Direct your question somewhere suitable.

According to McAfee's SiteAdvisor this site is the source of multiple Trojans.

Removal tools (or instructions for manual removal) are no solution to an infection, particularly not with malware that may download more malware or may give an attacker remote access. One can never be sure what else was modified on the system and thus can never be certain that the malware was removed entirely.

cu

59cobalt

Posting HiJack logs in Usenet is bad form - it screws up search engines and does not get you the help you need. HiJack comes with instructions on where to post your logs - if you can't follow those instructions you won't be able to fix your computer either.

infected by spywares/adwares