NEED HELP WITH W32/alemod.f.dll PROBLEM

Unknown

As a lot of people have already posted on the forum I too am

suffering from the problem of W32/alemod.f.dll infection. In

fact I noticed that after the Mc Afee managed scan displays

the threat screen (after about 30-40 times of this display)

there is an automatic download & installation of ALFASCAN

which i then have to manually unload.
I am posting below a log of my hijack this .

SINCERE REQUEST TO ALL WHO CAN HELP OUT WITH GUIDANCE

REGARDING SOLVING THIS ISSUE.
Dr Anil

Logfile of HijackThis v1.99.1
Scan saved at 6:03:51 PM, on 2/14/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\hkcmd.exe
D:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
D:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\System32\inetsrv\inetinfo.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
D:\Program Files\Sify Broadband\BBImpSec.exe
D:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
D:\Program Files\MimarSinan Rubber Ducky\RubberDucky.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\WINDOWS\System32\snmp.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\mqsvc.exe
D:\WINDOWS\System32\mqtgsvc.exe
D:\Program Files\Sify Broadband\BBClient.exe
D:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\McAfee\Managed VirusScan\Agent\HtmlDlg.Exe
D:\Program Files\Grisoft2\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search

Bar =

http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http:

//www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search

Page =

http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http:

//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start

Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http:

//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search

Bar =

http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http:

//www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search

Page =

http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http:

//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start

Page = http://www.sify.com
R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http:

//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection

Wizard,ShellNext =

http://g.msn.com/8SE/1?http://toolbar.msn.com/installsuccess

.aspx&&FORM=TOOLBR&DI=2883&CM=MsgrInstall
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program

Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F}

- D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program

Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class -

{65D886A2-7CA7-479B-BB95-14D1EFB7946A} - D:\Program

Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio -

{8E718888-423F-11D2-876E-00A0C9082467} -

D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray]

D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]

D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "D:\Program

Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [MVS Splash]

D:\PROGRA~1\McAfee\MANAGE~1\VScan\Splash.exe
O4 - HKLM\..\Run: [DataLayer]

D:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NeroCheck]

D:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program

Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "D:\Program

Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [IMONTRAY] D:\Program Files\Intel\Intel(R)

Active Monitor\imontray.exe
O4 - HKCU\..\Run: [N2PDialr]

D:\PROGRA~1\MTNLIN~1\N2PDialr.exe -auto
O4 - HKCU\..\Run: [SifyBB] D:\Program Files\Sify

Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [MimarSinan Rubber Ducky] "D:\Program

Files\MimarSinan Rubber Ducky\RubberDucky.exe"
O8 - Extra context menu item: &Yahoo! Search -

file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary -

file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps -

file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS -

file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program

Files\Yahoo!\Common\yiesrvc.dll
O10 - Unknown file in Winsock LSP: d:\program

files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: D:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer

Control) - http://www.aajtak.com/wfplayer/tdserver.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall

Control) -

http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}

(CKAVWebScan Object) -

http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.ca

b
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

(YInstStarter Class) - D:\Program

Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x

86/client/wuweb_site.cab?1127140530952
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en

/x86/client/muweb_site.cab?1127142265671
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall

Control) -

http://a840.g.akamai.net/7/840/537/2004061001/housecall.tren

dmicro.com/housecall/xscan53.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243}

(SecureLogin class) -

http://secure2.comned.com/signuptemplates/securelogin-devel.

cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo!

Webcam Upload Wrapper) -

http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure

Online Scanner 2.1) -

http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

(ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429}

(ScorchPlugin Class) -

http://www.sibelius.com/download/software/win/ActiveXPlugin.

cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{D31262AA-6411-4B0B-88CC-C

15E6C2BB476}: NameServer = 202.144.115.4,202.144.10.50
O18 - Protocol: msnim -

{828030A1-22C1-4009-854F-8E305202313F} -

"D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: myrm -

{4D034FC3-013F-4B95-B544-44D49ABE3E76} - D:\Program

Files\McAfee\Managed VirusScan\Agent\MyRmProt3.5.0.476.dll
O20 - Winlogon Notify: igfxcui -

D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: CPUCooLServer Service (CPUCooLServer) -

Unknown owner - D:\Program Files\CPUICECooLSrv.exe (file

missing)
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - D:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel

Corp. - D:\Program Files\Intel\Intel(R) Active

Monitor\imonnt.exe
O23 - Service: iPodService - Apple Computer, Inc. -

D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - McAfee Inc. -

D:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Managed Services Agent (myAgtSvc) -

McAfee, Inc. - D:\Program Files\McAfee\Managed

VirusScan\Agent\myAgtSvc.Exe

SpywareShooter

Please turn Word Wrap off in Notepad/Wordpad and post a new log.