Obviously I have learnt a lot from you guys and rarely get problems and if I do, I can usually deal with them myself using your recommended tools.
Can't deal with this one though!! I've run my SuperAnti-Spyware, Malwarebytes, System Mechanic, Ad-Aware and CC Cleaner and the buggar is still there! Interesting, when I searched you (couldn't find the bookmark) when I clicked on the link, it kept diverting me to another page to buy anti-virus software. I had to type your web addy in manually to get to you.
Please help me ( as you always do ). Thank you!!!
Heres my Hijack this log:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:50, on 2009-11-07 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal
Ok, so I get passed the CCcleaner .... download the malware one and at the end I get a message saying unable to execute file, create process failed code 2 yadda yadda yadda
Should I still go ahead with the next steps? Or should I stick to the order and get malware sorted before I do the next step?
Here are my logs (minus the malware one) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:13, on 2009-11-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-10-26.01)
Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 2006-07-06 00:30:22 System Uptime: 2009-11-08 11:58:43 (4 hours ago)
Motherboard: Hewlett-Packard | | 30A8 Processor: Intel(R) Celeron(R) M CPU 410 @ 1.46GHz | U1 | 1462/mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 29 GiB total, 9.973 GiB free. D: is FIXED (NTFS) - 8 GiB total, 5.178 GiB free. E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1126: 2009-09-14 11:33:23 - System Checkpoint RP1127: 2009-09-15 12:31:44 - System Checkpoint RP1128: 2009-09-16 13:14:32 - System Checkpoint RP1129: 2009-09-17 16:16:01 - System Checkpoint RP1130: 2009-09-18 20:54:36 - System Checkpoint RP1131: 2009-09-19 23:02:05 - System Checkpoint RP1132: 2009-09-21 15:30:12 - System Checkpoint RP1133: 2009-09-22 15:47:42 - System Checkpoint RP1134: 2009-09-23 18:45:36 - System Checkpoint RP1135: 2009-09-25 14:04:40 - System Checkpoint RP1136: 2009-09-26 17:15:35 - System Checkpoint RP1137: 2009-09-28 02:13:19 - System Checkpoint RP1138: 2009-09-29 02:20:05 - System Checkpoint RP1139: 2009-09-30 12:18:25 - System Checkpoint RP1140: 2009-10-01 13:48:38 - System Checkpoint RP1141: 2009-10-02 18:37:23 - System Checkpoint RP1142: 2009-10-03 22:56:30 - System Checkpoint RP1143: 2009-10-05 07:41:17 - System Checkpoint RP1144: 2009-10-06 17:15:39 - System Checkpoint RP1145: 2009-10-07 18:57:16 - System Checkpoint RP1146: 2009-10-09 00:10:31 - System Checkpoint RP1147: 2009-10-10 10:53:08 - System Checkpoint RP1148: 2009-10-11 19:11:05 - System Checkpoint RP1149: 2009-10-12 20:17:05 - System Checkpoint RP1150: 2009-10-13 21:12:10 - System Checkpoint RP1151: 2009-10-15 12:37:44 - System Checkpoint RP1152: 2009-10-16 18:15:20 - System Checkpoint RP1153: 2009-10-17 19:17:04 - System Checkpoint RP1154: 2009-10-18 22:21:04 - System Checkpoint RP1155: 2009-10-19 23:49:20 - System Checkpoint RP1156: 2009-10-21 18:51:33 - System Checkpoint RP1157: 2009-10-22 22:28:47 - System Checkpoint RP1158: 2009-10-24 11:21:36 - System Checkpoint RP1159: 2009-10-25 13:43:59 - System Checkpoint RP1160: 2009-10-26 15:19:48 - System Checkpoint RP1161: 2009-10-27 15:32:44 - System Checkpoint RP1162: 2009-10-28 18:20:53 - System Checkpoint RP1163: 2009-10-29 22:16:08 - System Checkpoint RP1164: 2009-11-01 16:33:20 - System Checkpoint RP1165: 2009-11-03 16:30:22 - System Checkpoint RP1166: 2009-11-04 18:11:24 - System Checkpoint RP1167: 2009-11-05 22:55:42 - System Checkpoint RP1168: 2009-11-07 01:27:59 - Removed Google Toolbar for Internet Explorer RP1169: 2009-11-07 01:29:29 - Removed Virtual Earth 3D (Beta) RP1170: 2009-11-07 17:58:33 - Removed SUPERAntiSpyware Free Edition
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1) 3DVIA player 4.1 ABBYY FineReader 5.0 Sprint Plus Ad-Aware 2007 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe PageMaker 7.0 Adobe Reader 7.0 Adobe Shockwave Player 11.5 Apple Mobile Device Support Apple Software Update ArcSoft Software Suite avast! Antivirus Barbie(R) idesign(TM) Ultimate Stylist(TM) Bonjour BufferChm CCleaner Chuzzle Deluxe 1.01 Civilization III - Gold Edition Conexant HD Audio Coupon Printer for Windows CP_AtenaShokunin1Config CP_CalendarTemplates1 cp_LightScribeConfig cp_OnlineProjectsConfig CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config cp_PosterPrintConfig cp_UpdateProjectsConfig CueTour Destinations DeviceManagementQFolder Dream Day Wedding EPSON CardMonitor EPSON Copy Utility 3 EPSON CX6600 Reference Guide EPSON PhotoStarter3.2 EPSON Printer Software EPSON Scan EPSON Smart Panel Family Tree Maker 7.0 FullDPAppQFolder HDAUDIO Soft Data Fax Modem with SmartCP Hidden Expedition Titanic HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.0 (KB932471) Hotfix for Windows Internet Explorer 7 (KB947864) HP DVD Play 2.1 HP Game Console and games HP Help and Support HP Imaging Device Functions 6.0 HP Photosmart Premier Software 6.0 HP Quick Launch Buttons 6.00 E2 HP Rhapsody HP Software Update HP User Guides--System Recovery HP User Guides 0019 HP Wireless Assistant 2.00 E1 HpSdpAppCoreApp InstantShareDevices Intel(R) Graphics Media Accelerator Driver Intel(R) Network Connections Drivers iolo technologies' System Mechanic 6 J2SE Runtime Environment 5.0 Update 6 Kid Pix Studio Deluxe LightScribe 1.4.74.1 LimeWire 4.18.6 Little Shop - Memories 1.052 Little Shop - Road Trip Little Shop City Lights Little Shop of Treasures Little Shop Of Treasures 2 Macromedia Flash Player 8 Malwarebytes' Anti-Malware Mia Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 3.0 Service Pack 1 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Expression Web Microsoft Expression Web MUI (English) Microsoft Expression Web Service Pack 1 (SP1) Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money 2006 Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Project 2007 Service Pack 1 (SP1) Microsoft Office Project MUI (English) 2007 Microsoft Office Project Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Visio 2007 Service Pack 1 (SP1) Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Mozilla Firefox (3.0.15) MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6 Service Pack 2 (KB954459) muvee autoProducer 4.5 MyPoints Toolbar Nero 7 Ultra Edition Netscape Browser (remove only) NetWaiting Norton PartitionMagic Norton PartitionMagic 8.0 Office 2003 Trial Assistant OptionalContentQFolder Peggle Deluxe 1.0 PhotoGallery Quicken 2006 QuickTime RandMap RealArcade Scholastic's I SPY Fantasy Scholastic's I SPY Treasure Hunt Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951944) Security Update for 2007 Microsoft Office System (KB958439) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office Excel 2007 (KB958437) Security Update for Microsoft Office OneNote 2007 (KB950130) Security Update for Microsoft Office PowerPoint 2007 (KB951338) Security Update for Microsoft Office Project 2007 (KB949046) Security Update for Microsoft Office Publisher 2007 (KB950114) Security Update for Microsoft Office system 2007 (KB954326) Security Update for Microsoft Office Visio 2007 (KB947590) Security Update for Microsoft Office Word 2007 (KB956358) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) SkinsHP1 SmartAudio Sonic Audio Module Sonic Copy Module Sonic Data Module Sonic Express Labeler Sonic MyDVD Plus Sonic Update Manager Sonic_PrimoSDK Synaptics Pointing Device Driver Texas Instruments PCIxx21/x515/xx12 drivers. The Digital Arts and Crafts Studio TIPCI TourSetup U.B. Funkeys Unity Web Player Unload Update for Microsoft Office Outlook 2007 (KB952142) Update for Office 2007 (KB946691) Update for Outlook 2007 Junk Email Filter (kb949037) WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Live Messenger Windows Live Sign-in Assistant Windows Media Connect Windows Media Format 11 runtime Windows Media Player 11 Windows Presentation Foundation Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB883667 Windows XP Hotfix - KB884575 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885464 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885855 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888239 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB888402 Windows XP Hotfix - KB889673 Windows XP Hotfix - KB891781 Wireless Home Network Setup
==== Event Viewer Messages From Past Week ========
2009-11-07 17:59:05, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The system cannot find the file specified. 2009-11-07 17:58:39, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists. 2009-11-07 17:57:20, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 2009-11-03 12:57:15, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service. 2009-11-01 12:42:55, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
DDS (Ver_09-10-26.01) - NTFSx86 Run by Arwen Evans-Batt at 15:28:33.65 on 2009-11-08 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.80 [GMT -5:00]
Begin copying here: Files to delete: c:\windows\system32\risowupa.dll c:\windows\system32\gudozida.dll c:\windows\system32\kidevudi.dll c:\windows\system32\lahonozi.exe c:\windows\system32\nifuweri.dll c:\windows\system32\nodedeje.dll c:\windows\system32\norupahe.dll c:\windows\system32\notijiku.dll c:\windows\system32\pedabara.dll c:\windows\system32\pevulizo.dll c:\windows\system32\risowupa.dll c:\windows\system32\zufajudi.dll c:\windows\system32\zugahohe.dll
Copy/Paste all the textin the above codebox into the main window
Click Execute
The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions.
This log file will be located atC:\avenger.txt
Post C:\avenger.txt in next reply, along with a combofix log ->
Double-click on the combofix icon found on your desktop.
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
When finished, it will produce a logfile located at C:\combofix.txt.
Post the contents of that log in your next reply
The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.
Touch said... Wow, you´ve certainly got som crap there
How does it get in??? I run Avast (infact, the night this happened a malware alert did pop up and I moved to chest as recommended) and I very rarely download music, never download movies etc. I visit 'known' websites so I'm not sure what else I can do. Does anything 'pop out' at you that I shouldn't be doing? Ho hum ....
Here are my latest logs ....
Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully. Script file read successfully.
Backups directory opened successfully at C:\Avenger
Error: file "c:\windows\system32\risowupa.dll" not found! Deletion of file "c:\windows\system32\risowupa.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist
Currently it is Saturday, November 21, 2009 2:15 AM (GMT +1) There are a total of 73.021 posts in 17.116 threads. In the last 3 days there were 15 new threads and 70 reply posts. View Active Threads
Who's Online
This forum has 30330 registered members. Please welcome our newest member, DarkPrincess. 50 Guest(s), 0 Registered Member(s) are currently online. Details
). Thank you!!!
|