Free Malware Removal Forum

[nriucitall]

hi i was told to post my hijackthislog here first. i am having continual problems on my pc due to some kind of trogan embedded into my pc. i was in a chat room using yahoo messenger and a guy sent this to my machine, his yahoo screenname was god.machine if you would like to know.
please help me fix this, i am very concerned. thanks in advance.

i have an uninstall_list and a rsit log already run. all 3 reports generated within the same few minutes.
HERE IS THE HIJACKTHIS REPORT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:15 AM, on 11/20/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\dllhost.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Trend Micro\hijackthis.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe

O4 - HKLM\..\Run: [mogeriduz] Rundll32.exe "c:\windows\system32\duweweba.dll",a
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8624163734
O20 - AppInit_DLLs: c:\windows\system32\duweweba.dll,degipeme.dll
O21 - SSODL: femoyitof - {4dd6122e-4d01-404d-8317-b2284fe6c833} - c:\windows\system32\duweweba.dll
O22 - SharedTaskScheduler: mujuzedij - {4dd6122e-4d01-404d-8317-b2284fe6c833} - c:\windows\system32\duweweba.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 2631 bytes

[askey127]

nriucitall,
I don't know whether this machine can be rescued or not.
While we are working on this, please don't run, add, or remove anything unless I ask.
-----------------------------------------------------------
Restore Item(s) From HiJackThis Backup
Start HiJackThis. Choose View the List of Backups
When the list comes up, put a check on all lines that are showing from the most recent backup:
Click on the Restore button, and answer "Yes".
---------------------------------------------
Run CKScanner
Download CKScanner from here:http://downloads.malwareremoval.com/CKScanner.exe
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.

Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
-----------------------------------------------------------
REBOOT Your Machine
-----------------------------------------------------------
Post a New HiJackThis Log
Start HijackThis
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.

So we are looking for a new HiJackThis log and the log from CKScanner.
askey127

[NonSuch]

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.