Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly Infected with Win32:Alureon-FR


  • This topic is locked This topic is locked
2 replies to this topic

#1 stanmcman

stanmcman

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 PM

Posted 23 March 2010 - 01:31 PM

I've been experiencing multiple problems with this machine. I've done virus scanners, malwarebytes, etc. I had to do a fix (found on bleeping computer) in order to run .exe files. I can't boot in safemode... it gives me the BSOD. Everything runs real sluggish, I almost always have to do a hard shutdown, as it will NOT shut down by itself.

I went through the preparation guide. I appreciate any help. Thanks.

Here is my DDS log.

*************
DDS Log
*************

DDS (Ver_10-03-17.01) - NTFSx86
Run by Chanda at 11:06:25.73 on Tue 03/23/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.52 [GMT -4:00]

AV: avast! antivirus 4.8.1368 [VPS 100323-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\chanda.WTFLEET\Desktop\Prepare Comp for Bleeping Computer Forum\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page =
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Bar =
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
uSearchAssistant =
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [svctt] c:\windows\config\explorar.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191955018171
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://vsftransportation.com/AMC.cab
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\movulohu.dll c:\windows\system32\ c:\windows\system32\luyemitu.dll c:\windows\system32\tihaduza.dll c:\windows\system32\notugaji.dll vahoremo.dll c:\windows\system32\ c:\windows\system32\zazovuba.dll c:\windows\system32\wezunohi.dll c:\windows\system32\ c:\windows\system32\fihidivi.dll
SSODL: powuwofov - {356ce5a4-6712-46f1-b1f7-6e14a6277d0f} -
SSODL: zapufulop - {ebfc5875-d980-4d88-80eb-0fc2f34bdbbc} -
SSODL: rirutetik - {a7633869-a38f-4d6f-9a96-26201ffc0583} - No File
SSODL: tulisisoz - {25578af4-921d-4e0f-98c6-7cd3ab2be0c2} -
SSODL: fozayajuj - {1e006264-ef1e-4768-bb11-4347d16c04ca} - c:\windows\system32\luyemitu.dll
SSODL: gedojuyim - {081ebe6c-4278-4c94-92ce-df090d7a7d3b} - No File
SSODL: nopojihol - {5b318ead-b2d0-445e-93e9-0aaeeb0b3c70} - No File
SSODL: pukufajeg - {727dccb5-9730-4865-9d78-24ddb79b7594} - No File
SSODL: kawijewus - {9d80484b-7e74-48e2-b9d0-2b4329249ed3} - No File
SSODL: tepogikit - {722cafa2-76d2-48f2-91bd-dc16e96ad4c8} - No File
SSODL: yoyitosin - {1a974a12-eb44-4e62-bddb-fef45bda1ec9} - No File
SSODL: judelitep - {aeb457a0-61b2-4e7c-8be6-273c01b3efeb} - No File
SSODL: tebleepez - {dca2c872-2124-4dc0-85b4-bbd614a23700} - No File
SSODL: SysNet - {09E32EFD-8515-4163-93F2-D8D16C5B968E} - c:\documents and settings\all users\microsoft adata\sysnet.dll
STS: {356ce5a4-6712-46f1-b1f7-6e14a6277d0f}: jugezatag
STS: {ebfc5875-d980-4d88-80eb-0fc2f34bdbbc}: tokatiluy
STS: {25578af4-921d-4e0f-98c6-7cd3ab2be0c2}: kupuhivus
STS: jugezatag: {1e006264-ef1e-4768-bb11-4347d16c04ca} - c:\windows\system32\luyemitu.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Notification Packages = scecli dijuzihi.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-20 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-20 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-11-20 138680]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-11-20 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-11-20 352920]
S4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-11-29 833168]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2010-03-23 15:04:25 0 ----a-w- c:\documents and settings\chanda.wtfleet\defogger_reenable
2010-03-23 14:41:26 116224 ----a-w- c:\windows\system32\dllcache\OLDE3C.tmp
2010-03-23 14:41:25 23040 ----a-w- c:\windows\system32\dllcache\OLDE38.tmp
2010-03-23 14:41:24 18944 ----a-w- c:\windows\system32\dllcache\OLDE34.tmp
2010-03-23 14:41:23 27648 ----a-w- c:\windows\system32\dllcache\OLDE30.tmp
2010-03-23 14:41:22 4608 ----a-w- c:\windows\system32\dllcache\OLDE2C.tmp
2010-03-23 14:41:00 99865 ----a-w- c:\windows\system32\dllcache\OLDE28.tmp
2010-03-23 14:39:58 19016 ----a-w- c:\windows\system32\dllcache\OLDDAC.tmp
2010-03-23 14:38:59 185344 ----a-w- c:\windows\system32\dllcache\OLDCBC.tmp
2010-03-23 14:37:59 30208 ----a-w- c:\windows\system32\dllcache\OLDBA1.tmp
2010-03-23 14:36:58 23040 ----a-w- c:\windows\system32\dllcache\OLDAAB.tmp
2010-03-23 14:35:59 39424 ----a-w- c:\windows\system32\dllcache\OLD9C6.tmp
2010-03-23 14:34:55 49024 ----a-w- c:\windows\system32\dllcache\OLD90F.tmp
2010-03-23 14:33:59 65536 ----a-w- c:\windows\system32\dllcache\OLD8B8.tmp
2010-03-23 14:32:58 35328 ----a-w- c:\windows\system32\dllcache\OLD791.tmp
2010-03-23 14:31:59 50751 ----a-w- c:\windows\system32\dllcache\OLD6B1.tmp
2010-03-23 14:30:59 7168 ----a-w- c:\windows\system32\dllcache\OLD5A7.tmp
2010-03-23 14:29:59 6216 ----a-w- c:\windows\system32\dllcache\OLD497.tmp
2010-03-23 14:28:59 96256 ----a-w- c:\windows\system32\dllcache\OLD3C9.tmp
2010-03-23 14:27:52 714698 ----a-w- c:\windows\system32\dllcache\OLD330.tmp
2010-03-23 14:26:59 66082 ----a-w- c:\windows\system32\dllcache\OLD2A6.tmp
2010-03-23 14:25:58 9216 ----a-w- c:\windows\system32\dllcache\OLD1A1.tmp
2010-03-23 14:24:59 61440 ----a-w- c:\windows\system32\dllcache\OLDD6.tmp
2010-03-23 14:23:58 66048 ----a-w- c:\windows\system32\dllcache\OLD88.tmp
2010-03-23 14:22:50 46592 ----a-w- c:\windows\system32\dllcache\OLD20.tmp
2010-03-23 14:22:49 76288 ----a-w- c:\windows\system32\dllcache\OLD1D.tmp
2010-03-23 14:22:48 188480 ----a-w- c:\windows\system32\dllcache\OLD1A.tmp
2010-03-23 14:22:47 275968 ----a-w- c:\windows\system32\dllcache\OLD17.tmp
2010-03-23 14:22:46 94720 ----a-w- c:\windows\system32\dllcache\OLD14.tmp
2010-03-23 14:22:44 16439 ----a-w- c:\windows\system32\dllcache\OLD11.tmp
2010-03-23 14:22:43 20540 ----a-w- c:\windows\system32\dllcache\OLDE.tmp
2010-03-23 14:22:39 290816 ----a-w- c:\windows\system32\dllcache\OLDB.tmp
2010-03-23 14:22:38 43520 ----a-w- c:\windows\system32\dllcache\OLD8.tmp
2010-03-23 14:22:37 16439 ----a-w- c:\windows\system32\dllcache\OLD5.tmp
2010-03-23 14:22:36 20540 ----a-w- c:\windows\system32\dllcache\OLD2.tmp
2010-03-23 13:33:57 19456 ----a-w- c:\windows\system32\dllcache\OLD140.tmp
2010-03-23 13:32:36 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2010-03-23 13:31:49 13107200 ----a-w- c:\windows\system32\oembios.bin
2010-03-23 13:30:59 20541 ----a-w- c:\windows\system32\dllcache\OLD77.tmp
2010-03-23 13:29:59 16439 ----a-w- c:\windows\system32\dllcache\OLD35.tmp
2010-03-23 13:29:59 16439 ----a-w- c:\windows\system32\dllcache\admin.exe
2010-03-23 13:29:57 20540 ----a-w- c:\windows\system32\dllcache\OLD32.tmp
2010-03-23 13:29:57 20540 ----a-w- c:\windows\system32\dllcache\admin.dll
2010-03-19 12:28:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-03-18 18:22:54 146432 ----a-w- c:\windows\regedit.com

==================== Find3M ====================

2010-03-23 13:13:27 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-23 13:13:27 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2010-03-19 12:28:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-31 13:28:52 40840 ----a-w- c:\docume~1\chanda~1.wtf\applic~1\GDIPFONTCACHEV1.DAT
2009-11-18 17:05:51 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-09-02 13:43:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009090220090903\index.dat

============= FINISH: 11:08:42.09 ===============

Attached Files


"Life is uncertain... eat dessert first !"

BC AdBot (Login to Remove)

 


#2 stanmcman

stanmcman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 PM

Posted 25 March 2010 - 09:23 AM

Please close this topic. I have run the TDSSkiller and it removed the virus. I still have other issues with the computer, but I will post a new topic when I have a clear idea of exactly what the new problems are.

Thank you,
Stan
"Life is uncertain... eat dessert first !"

#3 Pandy

Pandy

    Bleepin' Panda


  • Members
  • 9,562 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:42 PM

Posted 25 March 2010 - 11:03 AM

Since this topic appears resolved I am closing it. If it needs to be reopened please feel free to ask any moderator. Thank you for letting us know.

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?

Facebook

Follow us on Twitter





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users