Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
awola virus awola virus
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 4 1 234 >
 
Thread Tools
Old 12-18-2007, 10:29 PM   #1 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 40
OS: Windows XP


awola virus
I am running windows xp and believe I caught the awola virus probably bundled with a lot of other things.
Ok, all I really want to do is copy my files to my external hard drive so I can reformat my computer. But, the virus has taken away my administrator status. It has disabled copying files to my external hard drive or dragging and dropping files. I cannot install Norton antivirus. The error message is "Setup was unable to update the MSI system component. If this problem continues please contact Microsoft at www.microsoft.com". I try to open my network connections, and they won't open.

Is my best bet just paying for the phishing scheme and going along with awola? Will it give me back these capabilities after I have paid, so I can reformat my computer?

Please help. I am desperate.
Jacob Myers is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-18-2007, 10:51 PM   #2 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 40
OS: Windows XP


Re: awola virus
Oh, I am also considering buying XoftSpySE. I downloaded the program of the internet, and it did locate many corrupt files. However, I am worried if I purchase it, I will not be able to install it fully and use it as I wasnt able to install Nortan Antivirus from disk. Is this a legitimate fear, or did this program already install, and when I purchase the license key, it will simply remove the corrupt files?

I hope I explained this well. Please reply.
Jacob Myers is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-19-2007, 10:55 AM   #3 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,758
OS: 2000 Pro; XP Pro; XP Home


Re: awola virus
First, do not succomb to fear mongering. awola is foistware/scareware

http://www.symantec.com/security_res...613-99&tabid=2

http://ca.com/us/securityadvisor/pes...x?id=453117654

Second, XoftSpy is not one I would recommend. It has a checkered past. I can provide you with free alternatives which will remove what they find.

From the sounds of things, you may have something more serious than awola on this machine.

However, to help you, we first need a set of logs to work from, to better see the state of your machine.

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Note:

DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts


    If the following message from DSS appears, please click on "Yes" to allow it to download HijackThis, if you don't already have it.



    Allow DSS through your firewall to download HijackThis by clicking "OK"




    DSS has installed HijackThis, and placed a shortcut on your desktop. Click "OK" to allow the scan to continue.




    .
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
Last edited by tetonbob : 12-19-2007 at 10:56 AM.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-19-2007, 12:06 PM   #4 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 40
OS: Windows XP


Re: awola virus
I still don't have administrator rights I am pretty sure, but I was able to run this. But my main problem still exists. I cannot copy/paste or drag/drop files, which means I cannot back up my data externally (unless y'all know of another way). But, here is my log file. Please help!!


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

Architecture: X86; Language: English

Percentage of Memory in Use: 22%
Physical Memory (total/avail): 2047.48 MiB / 1576.83 MiB
Pagefile Memory (total/avail): 3939.25 MiB / 3539.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1966.17 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 465.75 GiB total, 193.47 GiB free.
D: is CDROM (No Media)
F: is CDROM (CDFS)
G: is Fixed (FAT32) - 74.51 GiB total, 6.85 GiB free.


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jacob Myers\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DESKTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jacob Myers
LOGONSERVER=\\DESKTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Smart Projects\IsoBuster
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b01
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JACOBM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JACOBM~1\LOCALS~1\Temp
USERDOMAIN=DESKTOP
USERNAME=Jacob Myers
USERPROFILE=C:\Documents and Settings\Jacob Myers
VSEDEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Jacob Myers (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
Acronis*True*Image*Home --> MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AdwareAlert 1.9.0 --> "C:\Program Files\AdwareAlert\unins000.exe"
AmpegSVX --> C:\Program Files\InstallShield Installation Information\{CF1D7323-8A0A-49C7-83B0-088DB90721E2}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
AmpliTube2 --> C:\Program Files\InstallShield Installation Information\{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Analog Channel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E6941CA-15B4-4AC5-A54D-2A1C739323B6}\setup.exe" -l0x9 -removeonly
Antares AVOX Vocal Kit Bundle VST v1.02 --> C:\Music\CUBASE~1\VSTPLU~1\MYPLUG~1\AVOXVO~1\Choir\UNWISE.EXE C:\Music\CUBASE~1\VSTPLU~1\MYPLUG~1\AVOXVO~1\Choir\INSTALL.LOG
ASIO4ALL --> C:\Music\VST\Deckadance\Deckadance\asio4all beta\ASIO4ALL v2\uninstall.exe
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{B5376B0E-C352-4B07-880C-8BB01179FCA5}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Parental Control & Encoder --> MsiExec.exe /I{9862B19F-4CAD-4EED-920F-2F378D84393F}
ATI Problem Report Wizard --> MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
Audio Damage VST plug-ins --> C:\WINDOWS\Audio Damage VST plug-ins Uninstaller.exe
AVIVO Codecs --> MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
Cisco Systems VPN Client 5.0.00.0340 --> MsiExec.exe /X{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}
Collab --> C:\Music\FL Studio 5\Collab\uninstall.exe
Cool Edit Pro 2.1 --> C:\Music\Cool Edit Pro\cep2unin.exe
Cubase SX3-CSi MASTER --> MsiExec.exe /I{49CB05B9-A289-420D-ADC3-63C0FC3B2A74}
Deckadance --> C:\Music\VST\Deckadance\Deckadance\uninstall.exe
discWelder BRONZE --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Minnetonka Audio Software\discWelder BRONZE\Uninst.isu" -c"C:\Program Files\Minnetonka Audio Software\discWelder BRONZE\UNINSTALL\UninstWDM.dll"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drivers Install For Linksys Easylink Advisor --> MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
FL Studio 5 --> C:\Music\FL Studio 5\uninstall.exe
Free Voxengo VST plug-ins collection --> "C:\Music\VST\Voxengo\Free Voxengo VST plug-ins\uninstall.exe"
Guitar Pro 5.0 --> "C:\Music\Guitar Pro 5\unins000.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
IsoBuster 2.2 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{54C0D94A-F467-4ABC-9D02-6E58748668D4} /l1033
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Development Kit 6 Update 3 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160030}
Linksys EasyLink Advisor 1.6 (0032) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
McAfee VirusScan Enterprise --> MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSI Wireless LAN Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCD71234-2287-41D2-96AD-3D3C66D60FBC}\setup.exe" -l0x9 -removeonly
MusicLab RealGuitar v1.5 --> C:\Music\REALGU~1\UNWISE.EXE C:\Music\REALGU~1\INSTALL.LOG
Musicnotes Player V1.23.1 and Viewer --> "C:\Program Files\Musicnotes\Player\unins000.exe"
Native Instruments Absynth v3.0.2 --> C:\Music\ABSYNT~1\UNWISE.EXE C:\Music\ABSYNT~1\INSTALL.LOG
Native Instruments Battery 3 --> C:\Music\BATTER~1\UNWISE.EXE C:\Music\BATTER~1\INSTALL.LOG
Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS --> C:\Music\FM8\UNWISE.EXE C:\Music\FM8\INSTALL.LOG
Native Instruments GuitarRig 2.01 RTAS VSTi DXi --> C:\Music\GUITAR~2\UNWISE.EXE C:\Music\GUITAR~2\INSTALL.LOG
Native Instruments Kontakt 2 --> C:\Music\KONTAK~1\UNWISE.EXE C:\Music\KONTAK~1\INSTALL.LOG
Native Instruments Massive v1.0.1.008 VSTi DXi RTAS --> C:\Music\VST\Massive\UNWISE.EXE C:\Music\VST\Massive\INSTALL.LOG
Nero 8 Demo --> MsiExec.exe /X{5E6EC4DD-7B1F-4E10-82B9-EA1B90791033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetBeans IDE 5.5.1 --> C:\Program Files\netbeans-5.5.1\_uninst\uninstaller.exe
Numark Cue (Atomix Productions) --> C:\Music\NUMARK~1\UNWISE.EXE C:\Music\NUMARK~1\INSTALL.LOG
NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI
Pluggo Jr. 3.5.2 --> MsiExec.exe /I{C13CEB18-54A3-493F-880F-CF1FEBE4F581}
Power Tab Editor 1.7 --> MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PreSonus 1394 Audio Driver v2.46 (FireBox) --> "C:\Program Files\PreSonus\1394AudioDriver_FireBox\uninst.exe" Software\PreSonus\1394AudioDriver_FireBox\Setup
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
Reason 3.0 --> "C:\Music\Reason\Uninstall Reason\unins000.exe"
SmartNAV --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{00126F77-7EFC-472D-AD35-C6BD971582AA}\setup.exe"
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Steinberg Cubase SX v3.1.1.944 --> C:\Music\CUBASE~1\UNWISE.EXE C:\Music\CUBASE~1\INSTALL.LOG
Steinberg Virtual Guitarist --> C:\Music\VST\STEINB~1\UNINST~1.EXE C:\Music\VST\STEINB~1\INSTALL.LOG
Syncrosoft's License Control --> C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
SyncroSoft Emu (Remove only) --> C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
Synful Orchestra --> MsiExec.exe /I{FC66B1A5-9EC3-4DC5-B8A9-81FF2ADEB0E0}
Synth One --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1980CB8C-DFB1-4B8F-9CD6-3DBF79785304}\setup.exe" -l0x9 -removeonly
Tascam GigaStudio v3.21 --> C:\Music\Gstudio\UNWISE.EXE C:\Music\Gstudio\INSTALL.LOG
TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Waves Diamond Bundle v5.2 --> C:\Music\Waves\MUSICI~1\DIAMON~1\UNWISE.EXE C:\Music\Waves\MUSICI~1\DIAMON~1\INSTALL.LOG
Waves GTR 3 --> C:\Music\Waves\GTR3\Logs\WAVESG~1\UNWISE.EXE C:\Music\Waves\GTR3\Logs\WAVESG~1\INSTALL.LOG
Waves GTR Guitar Tool Rack v1.0 --> C:\Music\Waves\UNWISE.EXE C:\Music\Waves\INSTALL.LOG
Waves IRx v5.2 --> C:\Music\Waves\IRXV5~1.2\UNINST~1\UNWISE.EXE C:\Music\Waves\IRXV5~1.2\UNINST~1\INSTALL.LOG
Waves L3 v5.2 --> C:\Music\Waves\L3V5~1.2\UNINST~1\UNWISE.EXE C:\Music\Waves\L3V5~1.2\UNINST~1\INSTALL.LOG
Waves Mercury Bundle --> C:\Music\Mercury\Logs\WAVESM~1\UNWISE.EXE C:\Music\Mercury\Logs\WAVESM~1\INSTALL.LOG
Waves Musicians Bundle v5.0 --> C:\Music\Waves\MUSICI~1\UNINST~1\UNWISE.EXE C:\Music\Waves\MUSICI~1\UNINST~1\INSTALL.LOG
Waves SSL 4000 Collection 1.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6D9FC789-D02E-488C-B233-124AA80930A5}\Setup.exe" -l0x9
Waves Vocal Bundle v1.1 --> C:\Music\Waves\VOCALB~1.1\AIRLOG~1\WAVESV~1\UNWISE.EXE C:\Music\Waves\VOCALB~1.1\AIRLOG~1\WAVESV~1\INSTALL.LOG
Waves Znoise v1.0 --> C:\Music\Waves\ZNoisev1.0\AIRLOG~1\ZNOISE~1\UNWISE.EXE C:\Music\Waves\ZNoisev1.0\AIRLOG~1\ZNOISE~1\INSTALL.LOG
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_6FE44FCD212D4A086C7BC0C98B9A619782073FB7\amdk8.inf
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XoftSpySE --> C:\Program Files\XoftSpySE\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type9918 / Error
Event Submitted/Written: 12/19/2007 00:52:49 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type9911 / Warning
Event Submitted/Written: 12/18/2007 11:41:20 PM
Event ID/Source: 258 / McLogEvent
Event Description:
The file C:\WINDOWS\fkwggshm.exe contains Generic AdClicker.h Trojan. The file was successfully deleted.

Event Record #/Type9910 / Warning
Event Submitted/Written: 12/18/2007 11:41:20 PM
Event ID/Source: 258 / McLogEvent
Event Description:
The file C:\WINDOWS\FKWGGSHM.EXE contains Generic AdClicker.h Trojan. The file was successfully deleted.

Event Record #/Type9909 / Warning
Event Submitted/Written: 12/18/2007 11:22:17 PM
Event ID/Source: 258 / McLogEvent
Event Description:
The file C:\WINDOWS\fkwggshm.exe contains Generic AdClicker.h Trojan. The file was successfully deleted.

Event Record #/Type9908 / Warning
Event Submitted/Written: 12/18/2007 11:22:17 PM
Event ID/Source: 258 / McLogEvent
Event Description:
The file C:\WINDOWS\FKWGGSHM.EXE contains Generic AdClicker.h Trojan. The file was successfully deleted.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type14628 / Error
Event Submitted/Written: 12/19/2007 00:46:22 PM / 12/19/2007 00:46:28 PM
Event ID/Source: 10265 / ati2mtag
Event Description:
Edid checksum error

Event Record #/Type14622 / Warning
Event Submitted/Written: 12/18/2007 07:34:08 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

Event Record #/Type14621 / Warning
Event Submitted/Written: 12/18/2007 07:34:08 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

Event Record #/Type14620 / Warning
Event Submitted/Written: 12/18/2007 07:34:08 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

Event Record #/Type14619 / Warning
Event Submitted/Written: 12/18/2007 07:34:08 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.



-- End of Deckard's System Scanner: finished at 2007-12-19 12:59:05 ------------
Jacob Myers is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-19-2007, 12:11 PM   #5 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 40
OS: Windows XP


Re: awola virus
I disabled my firewall and ran DSS again, and it would not allow me to install hijackthis.

And just another bit of information: My wallpaper keeps automatically setting itself to a black screen with this written:

Warning! Spyware threat has been detected on your PC.
Your computer has several fatal errors due to spyware activity.
Your IP address is 75.32.___.___ and via this address an unauthorized access was gained by another computer. It is strongly recommended to install an antispyware software to close all security vulnerabilities.

(It wrote out my full IP address).

And, I do have mcafee antivirus but its full system does not detect anything, and it will not allow me to update virus definitions.
Last edited by Jacob Myers : 12-19-2007 at 12:15 PM.
Jacob Myers is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-19-2007, 12:21 PM   #6 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 40
OS: Windows XP


Re: awola virus
Ok, with the firewall disabled, I ran DSS. Sorry for so many posts:

Deckard's System Scanner v20071014.68
Run by Jacob Myers on 2007-12-19 13:17:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-19 13:18:28
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\Crypserv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\lpcywinp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\msg32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\McAfee\Common Framework\Mctray.exe
C:\Documents and Settings\Jacob Myers\Application Data\bgvvsfnzd.exe
C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FireBox.exe
C:\Program Files\MSI\Common\RaUI.exe
G:\dss.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcconsol.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\lpcywinp.exe,C:\WINDOWS\system32\userinit.exe
O1 - Hosts: 194.54.90.238 www.google.com
O1 - Hosts: 194.54.90.238 www.google.ca
O1 - Hosts: 194.54.90.238 www.google.com.ag
O1 - Hosts: 194.54.90.238 www.google.com.ar
O1 - Hosts: 194.54.90.238 www.google.com.au
O1 - Hosts: 194.54.90.238 www.google.at
O1 - Hosts: 194.54.90.238 www.google.az
O1 - Hosts: 194.54.90.238 www.google.be
O1 - Hosts: 194.54.90.238 www.google.com.br
O1 - Hosts: 194.54.90.238 www.google.vg
O1 - Hosts: 194.54.90.238 www.google.bi
O1 - Hosts: 194.54.90.238 www.google.ca
O1 - Hosts: 194.54.90.238 www.google.td
O1 - Hosts: 194.54.90.238 www.google.cl
O1 - Hosts: 194.54.90.238 www.google.com.co
O1 - Hosts: 194.54.90.238 www.google.co.cr
O1 - Hosts: 194.54.90.238 www.google.dk
O1 - Hosts: 194.54.90.238 www.google.com.do
O1 - Hosts: 194.54.90.238 www.google.fm
O1 - Hosts: 194.54.90.238 www.google.fi
O1 - Hosts: 194.54.90.238 www.google.fr
O1 - Hosts: 194.54.90.238 www.google.gm
O1 - Hosts: 194.54.90.238 www.google.ge
O1 - Hosts: 194.54.90.238 www.google.de
O1 - Hosts: 194.54.90.238 www.google.com.gi
O1 - Hosts: 194.54.90.238 www.google.com.gr
O1 - Hosts: 194.54.90.238 www.google.gl
O1 - Hosts: 194.54.90.238 www.google.gg
O1 - Hosts: 194.54.90.238 www.google.co.il
O1 - Hosts: 194.54.90.238 www.google.it
O1 - Hosts: 194.54.90.238 www.google.co.kr
O1 - Hosts: 194.54.90.238 www.google.lu
O1 - Hosts: 194.54.90.238 www.google.mw
O1 - Hosts: 194.54.90.238 www.google.ro
O1 - Hosts: 194.54.90.238 www.google.se
O1 - Hosts: 194.54.90.238 www.google.co.uk
O1 - Hosts: 194.54.90.238 www.google.uz
O1 - Hosts: 194.54.90.238 google.com
O1 - Hosts: 194.54.90.238 google.ca
O1 - Hosts: 194.54.90.238 google.com.ag
O1 - Hosts: 194.54.90.238 google.com.ar
O1 - Hosts: 194.54.90.238 google.com.au
O1 - Hosts: 194.54.90.238 google.at
O1 - Hosts: 194.54.90.238 google.az
O1 - Hosts: 194.54.90.238 google.be
O1 - Hosts: 194.54.90.238 google.com.br
O1 - Hosts: 194.54.90.238 google.vg
O1 - Hosts: 194.54.90.238 google.bi
O1 - Hosts: 194.54.90.238 google.ca
O1 - Hosts: 194.54.90.238 google.td
O1 - Hosts: 194.54.90.238 google.cl
O1 - Hosts: 194.54.90.238 google.com.co
O1 - Hosts: 194.54.90.238 google.co.cr
O1 - Hosts: 194.54.90.238 google.dk
O1 - Hosts: 194.54.90.238 google.com.do
O1 - Hosts: 194.54.90.238 google.fm
O1 - Hosts: 194.54.90.238 google.fi
O1 - Hosts: 194.54.90.238 google.fr
O1 - Hosts: 194.54.90.238 google.gm
O1 - Hosts: 194.54.90.238 google.ge
O1 - Hosts: 194.54.90.238 google.de
O1 - Hosts: 194.54.90.238 google.com.gi
O1 - Hosts: 194.54.90.238 google.com.gr
O1 - Hosts: 194.54.90.238 google.gl
O1 - Hosts: 194.54.90.238 google.gg
O1 - Hosts: 194.54.90.238 google.co.il
O1 - Hosts: 194.54.90.238 google.it
O1 - Hosts: 194.54.90.238 google.co.kr
O1 - Hosts: 194.54.90.238 google.lu
O1 - Hosts: 194.54.90.238 google.mw
O1 - Hosts: 194.54.90.238 google.ro
O1 - Hosts: 194.54.90.238 google.se
O1 - Hosts: 194.54.90.238 google.co.uk
O1 - Hosts: 194.54.90.238 google.uz
O1 - Hosts: 194.54.90.238 search.yahoo.com
O1 - Hosts: 194.54.90.238 de.search.yahoo.com
O1 - Hosts: 194.54.90.238 search.msn.com
O1 - Hosts: 194.54.90.238 search.msn.de
O1 - Hosts: 194.54.90.238 search.live.com
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - C:\WINDOWS\system32\egmulhxk.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll
O2 - BHO: (no name) - {86660a32-1dd2-11b2-a4c2-9bd634f61e88} - C:\WINDOWS\qdutwdwd.dll
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll (file missing)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [EW Message Server] msg32.exe
O4 - HKLM\..\Run: [ixkrqtkd] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ixkrqtkd.dll"
O4 - HKLM\..\Run: [ChkDsk32] C:\DOCUME~1\JACOBM~1\LOCALS~1\Temp\ssmmt.exe
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [QdrModule10] "C:\Program Files\QdrModule\QdrModule10.exe"
O4 - HKCU\..\Run: [Microsft Windows Adapter 5.1.3013] C:\Documents and Settings\Jacob Myers\Application Data\onkd.exe
O4 - HKCU\..\Run: [Awola] "C:\Documents and Settings\Jacob Myers\Application Data\Awola\Awola.exe" /MIN
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKLM\..\Policies\Explorer\Run: [GuDEEhHiLI] rundll32.exe "C:\WINDOWS\KBOpt\fwhupyri.dll",DllCleanServer
O4 - Global Startup: FireBox Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FireBox.exe
O4 - Global Startup: MSI Wireless Utility.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain - C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet - C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll - C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O21 - SSODL: discWelder BRONZE - {DEB4B63E-29FF-38BF-6B06-F5342AD07FBE} - C:\Program Files\Minnetonka Audio Software\discWelder BRONZE\winttlq8.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\system32\Crypserv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: dlbt_device - Unknown owner - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe


--
End of file - 15167 bytes

-- Files created between 2007-11-19 and 2007-12-19 -----------------------------

2007-12-19 12:52:42 12800 --a------ C:\Documents and Settings\Jacob Myers\Application Data\onkd.exe
2007-12-18 22:26:55 12800 --a------ C:\Documents and Settings\Jacob Myers\Application Data\bgvvsfnzd.exe
2007-12-18 18:20:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-18 18:19:21 12800 --a------ C:\Documents and Settings\Jacob Myers\Application Data\ngyzfzicr.exe
2007-12-18 15:42:15 12800 --a------ C:\Documents and Settings\Jacob Myers\Application Data\ukidr.exe
2007-12-18 15:28:27 0 d-------- C:\Program Files\amsys
2007-12-18 15:28:27 0 d-------- C:\Program Files\Accoona
2007-12-18 15:28:24 0 d-------- C:\Program Files\akl
2007-12-18 15:27:19 0 d-------- C:\Program Files\3721
2007-12-18 15:22:32 12800 --a------ C:\Documents and Settings\Jacob Myers\Application Data\sluhwvxh.exe
2007-12-18 15:08:08 0 d-------- C:\QUARANTINE
2007-12-18 14:58:46 0 d-------- C:\Program Files\Spyware Doctor
2007-12-18 14:58:46 0 d-------- C:\Documents and Settings\Jacob Myers\Application Data\PC Tools
2007-12-18 14:11:19 0 d-------- C:\Program Files\XoftSpySE
2007-12-18 14:07:09 0 d-------- C:\Documents and Settings\Jacob Myers\Application Data\AdwareAlert
2007-12-18 14:07:06 0 d-------- C:\Program Files\AdwareAlert
2007-12-18 13:54:33 0 d-------- C:\Program Files\e-zshopper
2007-12-18 13:35:27 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-18 13:15:13 12800 --a------ C:\Documents and Settings\Jacob Myers\Application Data\nzcmycedjcv.exe
2007-12-18 02:02:04 12800 --a------ C:\Documents and Settings\Jacob Myers\Application Data\cietvsho.exe
2007-12-18 01:56:33 12800 --a------ C:\Documents and Settings\Jacob Myers\Application Data\xitro.exe
2007-12-18 01:52:36 12800 --a------ C:\Documents and Settings\Jacob Myers\Application Data\zgowqsa.exe
2007-12-18 01:42:02 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-12-18 01:40:45 17152 --a------ C:\WINDOWS\eventlowg.dll
2007-12-18 01:40:45 21760 --a------ C:\WINDOWS\daxtime.dll
2007-12-18 01:40:44 32512 --a------ C:\WINDOWS\xadbrk.dll
2007-12-18 01:40:44 30976 --a------ C:\WINDOWS\system32\msole32.exe
2007-12-18 01:40:44 8192 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2007-12-18 01:40:44 10496 --a------ C:\WINDOWS\liqui.exe
2007-12-18 01:40:44 19712 --a------ C:\WINDOWS\liqui.dll
2007-12-18 01:40:44 16128 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2007-12-18 01:40:44 22528 --a------ C:\WINDOWS\fhfmm.exe
2007-12-18 01:40:43 15360 --a------ C:\WINDOWS\xadbrk_.exe
2007-12-18 01:40:43 11008 --a------ C:\WINDOWS\xadbrk.exe
2007-12-18 01:40:43 20480 --a------ C:\WINDOWS\liqad.exe
2007-12-18 01:40:43 22272 --a------ C:\WINDOWS\liqad.dll
2007-12-18 01:40:43 29696 --a------ C:\WINDOWS\liqad$.exe
2007-12-18 01:40:43 24832 --a------ C:\WINDOWS\kkcomp.exe
2007-12-18 01:40:43 8448 --a------ C:\WINDOWS\kkcomp.dll
2007-12-18 01:40:43 17408 --a------ C:\WINDOWS\kkcomp$.exe
2007-12-18 01:40:42 14848 --a------ C:\WINDOWS\settn.dll
2007-12-18 01:40:42 22784 --a------ C:\WINDOWS\kvnab.exe
2007-12-18 01:40:42 24320 --a------ C:\WINDOWS\kvnab.dll
2007-12-18 01:40:42 23040 --a------ C:\WINDOWS\kvnab$.exe
2007-12-18 01:40:42 24832 --a------ C:\WINDOWS\hcwprn.exe
2007-12-18 01:40:42 19200 --a------ C:\WINDOWS\cbinst$.exe
2007-12-18 01:40:41 11520 --a------ C:\WINDOWS\wbeInst$.exe
2007-12-18 01:40:41 18432 --a------ C:\WINDOWS\wbeCheck.exe
2007-12-18 01:40:41 10240 --a------ C:\WINDOWS\pbsysie.dll
2007-12-18 01:40:41 32000 --a------ C:\WINDOWS\iexplorr23.dll
2007-12-18 01:40:40 23808 --a------ C:\WINDOWS\spredirect.dll
2007-12-18 01:40:40 21248 --a------ C:\WINDOWS\jd2002.dll
2007-12-18 01:40:40 16640 --a------ C:\WINDOWS\adbar.dll
2007-12-18 01:40:39 14336 --a------ C:\WINDOWS\system32\ESHOPEE.exe
2007-12-18 01:40:37 14080 --a------ C:\WINDOWS\ie_32.exe
2007-12-18 01:40:37 14848 --a------ C:\WINDOWS\aconti.exe
2007-12-18 01:40:36 24832 --a------ C:\WINDOWS\xxxvideo.exe
2007-12-18 01:40:36 0 d-------- C:\WINDOWS\system32\acespy
2007-12-18 01:40:36 14080 --a------ C:\WINDOWS\system32\ace16win.dll
2007-12-18 01:40:36 9728 --a------ C:\WINDOWS\ngd.dll
2007-12-18 01:40:36 24320 --a------ C:\WINDOWS\hotporn.exe
2007-12-18 01:40:36 23552 --a------ C:\WINDOWS\dp0.dll
2007-12-18 01:40:35 0 d-------- C:\Program Files\p2pnetworks
2007-12-18 01:40:34 26368 --a------ C:\WINDOWS\vxddsk.exe
2007-12-18 01:40:34 26880 --a------ C:\WINDOWS\system32\wml.exe
2007-12-18 01:40:34 20480 --a------ C:\WINDOWS\system32\vxddsk.exe
2007-12-18 01:40:33 17152 --a------ C:\WINDOWS\wml.exe
2007-12-18 01:40:33 10496 --a------ C:\WINDOWS\flt.dll
2007-12-18 01:40:33 31744 --a------ C:\WINDOWS\7search.dll
2007-12-18 01:40:33 27904 --a------ C:\WINDOWS\764.exe
2007-12-18 01:40:32 27648 --a------ C:\WINDOWS\pbar.dll
2007-12-18 01:19:42 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
2007-12-18 01:19:23 0 d-------- C:\WINDOWS\PerfInfo
2007-12-18 01:19:23 0 d-------- C:\WINDOWS\jdlmmjhv
2007-12-18 01:19:22 0 d-------- C:\WINDOWS\KBOpt
2007-12-18 01:19:19 67072 --a------ C:\WINDOWS\qdutwdwd.dll
2007-12-18 01:19:19 67072 --a------ C:\Documents and Settings\All Users\Application Data\ixkrqtkd.dll
2007-12-18 01:19:18 108551 --a------ C:\WINDOWS\system32\lpcywinp.exe <Not Verified; Microsoft; _>
2007-12-18 01:19:18 21504 --a------ C:\WINDOWS\system32\egmulhxk.dll <Not Verified; Microsoft; Windows Explorer cdrom optimizer>
2007-12-18 01:19:12 4150 --a------ C:\info.exe
2007-12-18 01:18:19 12800 --a------ C:\Documents and Settings\Jacob Myers\Application Data\ogphgrgvogyr.exe
2007-12-14 03:09:29 24330 --a------ C:\scope
2007-12-13 16:26:30 233920 --a------ C:\WINDOWS\system32\drivers\nmippexp.sys <Not Verified; TASCAM; GigaStudio 3.21>
2007-12-13 16:26:30 37472 --a------ C:\WINDOWS\system32\drivers\gp2mpm.sys <Not Verified; TASCAM; GigaStudio 3.21>
2007-12-13 16:26:30 26992 --a------ C:\WINDOWS\system32\drivers\filespy.sys <Not Verified; TASCAM; GigaStudio 3.21>
2007-12-13 16:26:29 18944 --a------ C:\WINDOWS\system32\drivers\nstation.sys <Not Verified; TASCAM; GigaStudio 3.21>
2007-12-13 15:31:50 1447040 --a------ C:\WINDOWS\system32\drivers\ew.sys <Not Verified; TASCAM; GigaStudio 3.21>
2007-12-12 02:58:31 0 d-------- C:\g3LicenseBackup
2007-12-12 02:49:48 165888 --a------ C:\WINDOWS\Ckconfig.exe <Not Verified; Kenonic Controls; CKCONFIG Application>
2007-12-12 02:49:47 61440 -----n--- C:\WINDOWS\system32\Crypserv.exe <Not Verified; CrypKey (Canada) Ltd.; CrypKey Software Licensing System>
2007-12-12 02:49:47 28518 --a------ C:\WINDOWS\system32\Ckldrv.sys
2007-12-12 02:49:45 81920 --a------ C:\WINDOWS\system32\MidiAutomation32.dll <Not Verified; TASCAM; GigaStudio 3.20>
2007-12-12 02:49:45 27648 --a------ C:\WINDOWS\Setup_ck.exe
2007-12-12 02:49:45 18432 --a------ C:\WINDOWS\Setup_ck.dll
2007-12-12 02:49:45 11776 --a------ C:\WINDOWS\Ckrfresh.exe
2007-12-12 02:49:42 45056 --a------ C:\WINDOWS\system32\msg32.exe <Not Verified; TASCAM; GigaStudio 3.21>
2007-12-12 02:49:42 5632 --a------ C:\WINDOWS\system32\gmidi.dll <Not Verified; TASCAM; GigaStudio 3.21>
2007-12-12 02:49:42 253952 --a------ C:\WINDOWS\system32\ewctl32.dll <Not Verified; TASCAM; GigaStudio 3.21>
2007-12-12 02:49:38 139264 --a------ C:\WINDOWS\system32\Wstrm32.dll <Not Verified; TASCAM; GigaStudio 3.21>
2007-12-12 02:39:01 0 d-------- C:\Program Files\McDSP
2007-12-07 02:24:10 0 d-------- C:\WINDOWS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303
2007-12-07 02:24:10 0 d-------- C:\WINDOWS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05
2007-12-07 02:24:10 0 d-------- C:\WINDOWS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700
2007-12-07 02:24:02 0 d-------- C:\Program Files\Synful
2007-12-07 02:24:02 0 d-------- C:\Program Files\Common Files\Synful
2007-12-04 18:20:34 21504 --a------ C:\WINDOWS\system32\hidserv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-04 18:20:28 14848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-29 16:45:57 0 d-------- C:\Documents and Settings\Jacob Myers\Application Data\Waves
2007-11-29 16:45:56 0 d-------- C:\Documents and Settings\Jacob Myers\Application Data\Waves Preferences
2007-11-29 16:41:18 0 d-------- C:\Program Files\Waves
2007-11-28 23:56:46 49536 --a------ C:\WINDOWS\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>
2007-11-28 23:56:46 21456 --a------ C:\WINDOWS\system32\drivers\SilvrLnk.sys <Not Verified; Texas Instruments Incorporated; TI SilverLink Cable>
2007-11-28 23:56:33 0 d-------- C:\Program Files\Common Files\TI Shared
2007-11-28 23:56:32 0 d-------- C:\Program Files\TI Education
2007-11-28 23:55:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


-- Find3M Report ---------------------------------------------------------------

2007-12-18 13:35:27 0 d-------- C:\Program Files\Common Files
2007-12-18 01:19:13 24162 --a------ C:\WINDOWS\system32\svchost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-14 00:05:02 0 d-------- C:\Program Files\dl_Cats
2007-12-13 15:29:54 0 d-------- C:\Documents and Settings\Jacob Myers\Application Data\Macromedia
2007-12-13 15:28:39 0 d-------- C:\Program Files\Alfred Interactive
2007-12-13 15:28:14 0 d-------- C:\Program Files\X3watch
2007-12-12 03:00:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-12 02:26:24 32 --a------ C:\WINDOWS\system32\msvcsv60.dll
2007-12-12 02:26:24 32 --a------ C:\WINDOWS\msocreg32.dat
2007-12-07 15:03:24 0 d-------- C:\Documents and Settings\Jacob Myers\Application Data\uTorrent
2007-12-07 02:28:23 0 d-------- C:\Documents and Settings\Jacob Myers\Application Data\PACE Anti-Piracy
2007-11-09 21:00:20 0 d-------- C:\Program Files\MSXML 4.0
2007-11-09 16:28:08 0 d-------- C:\Documents and Settings\Jacob Myers\Application Data\Nero
2007-11-09 16:27:19 0 d-------- C:\Program Files\Common Files\Nero
2007-11-09 16:26:16 0 d-------- C:\Program Files\Nero
2007-11-09 15:44:59 0 d-------- C:\Program Files\Smart Projects
2007-11-09 15:30:55 0 d-------- C:\Program Files\Image-Line
2007-11-06 15:26:10 0 d-------- C:\Documents and Settings\Jacob Myers\Application Data\Propellerhead Software
2007-11-06 15:22:58 225280 -----n--- C:\WINDOWS\system32\ReWire.dll <Not Verified; Propellerhead Software AB; ReWire>
2007-10-29 16:43:03 1287680 --a------ C:\WINDOWS\system32\quartz.dll
2007-10-27 17:40:06 227328 --a------ C:\WINDOWS\system32\wmasf.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2007-10-10 23:13:49 4 --a------ C:\KLSA.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{477840F3-BA52-44D9-8E41-38D61CAA010F}]
12/18/2007 01:19 AM 21504 --a------ C:\WINDOWS\system32\egmulhxk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86660a32-1dd2-11b2-a4c2-9bd634f61e88}]
12/18/2007 01:19 AM 67072 --a------ C:\WINDOWS\qdutwdwd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}]
C:\Program Files\QdrDrive\QdrDrive8.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [05/15/2006 08:04 PM C:\WINDOWS\SkyTel.exe]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [10/22/2005 11:00 PM]
"RTHDCPL"="RTHDCPL.EXE" [10/29/2006 09:49 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/02/2005 08:43 PM C:\WINDOWS\Alcmtr.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [09/25/2006 08:12 AM]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [10/16/2006 08:12 PM]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [10/16/2006 08:17 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [10/16/2006 08:13 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 02:06 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/30/2007 06:14 PM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [11/30/2006 07:50 AM]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [11/17/2006 12:39 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 09:51 AM]
"EW Message Server"="msg32.exe" [12/10/2006 01:08 AM C:\WINDOWS\system32\msg32.exe]
"ixkrqtkd"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\ixkrqtkd.dll" []
"ChkDsk32"="C:\DOCUME~1\JACOBM~1\LOCALS~1\Temp\ssmmt.exe" []
"DLBTCATS"="C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [02/22/2007 08:26 AM]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [11/02/2007 05:24 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [11/12/2006 04:48 AM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [03/15/2007 05:16 PM]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 09:37 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [09/20/2007 03:35 PM]
"QdrModule10"="C:\Program Files\QdrModule\QdrModule10.exe" []
"Microsft Windows Adapter 5.1.3013"="C:\Documents and Settings\Jacob Myers\Application Data\onkd.exe" [12/18/2007 01:18 AM]
"Awola"="C:\Documents and Settings\Jacob Myers\Application Data\Awola\Awola.exe" []
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [12/18/2007 01:38 PM]


-- End of Deckard's System Scanner: finished at 2007-12-19 13:19:32 ------------
Jacob Myers is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-19-2007, 01:51 PM   #7 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,758
OS: 2000 Pro; XP Pro; XP Home


Re: awola virus
I see you have Acronis True Image installed. If it's been set up right, you should already have a nice backup image to work from if needed.

As far as backing up files goes...do the menu bar functions work? In other words, can you open up multiple instances of My Computer, navigate to and open whatever folder you want to back up, and use the Menu Bar Options such as Select All, Copy To Folder?

Anyway, we can try to clean up what I do see....you've got a pile of mess on your hands.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
  1. Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

    * IMPORTANT !!! Place combofix.exe on your Desktop


  2. Disconnect from the internet....pull the plug!
  3. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  4. Doubleclick on ComboFix.exe
  5. Follow the prompts. Type "1" and press Enter to begin the scan.
  6. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  7. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  8. Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.
  9. Re-establish an internet connection.
  10. Please download HijackThis to your desktop

    Alternate link

    Double-click on the file you just downloaded.
    Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

    Upon install, HijackThis should open for you.

    Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

    1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
    2. If you don't get the intro screen, just hit Scan and then click on Save log.
    3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

    ---------------------------------------------------------------------------------------------

    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-19-2007, 03:01 PM   #8 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 40
OS: Windows XP


Re: awola virus
Ok, I think things got a little bit better when I ran combofix. at least the black wallpaper went away.
when i ran it, several stages showed 'access denied'. then the program froze up. so i rebooted and ran it again. this time, fewer stages were 'access denied' and the program completed.
however, after it said preparing log on reboot, it again said 'access denied'.

i went ahead and ran hijackthis next. here is it's log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:55, on 2007-12-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\msg32.exe
C:\Documents and Settings\Jacob Myers\Application Data\njtypkitdff.exe
C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FireBox.exe
C:\Program Files\MSI\Common\RaUI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {86660a32-1dd2-11b2-a4c2-9bd634f61e88} - C:\WINDOWS\qdutwdwd.dll
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll (file missing)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [EW Message Server] msg32.exe
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DA