Computer Support Forum

Awola.... sigh

Question: Awola.... sigh

I'm embarrassed that I got "suckered" into this spyware, but I clicked too quickly after seeing the security alert (bogus, of course). I've searched and read everything, and can't believe I'm unable to get rid of it!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:36 AM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\acs.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ISS\BlackICE\blackd.exe
c:\em\opt\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\TDS\tdssvc.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\cz9h3d\Application Data\lnxhow.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lotus\Notes\NLNOTES.EXE
C:\Program Files\Lotus\Notes\ntaskldr.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com/socratesna.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.gm.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Office Project Fix] C:\Program Files\Microsoft Office\Office\DoO2kcu.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISYNCUSER] "C:\PROGRAM FILES\PUMATECH\ISYNCUSER.VBS"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Microsft Windows Adapter 5.1.3013] C:\Documents and Settings\cz9h3d\Application Data\uumvdmbhbq.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d8 -f video -m logitech -d 10.5.0.1091 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d8 -f video -m logitech -d 10.5.0.1091 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d8 -f video -m logitech -d 10.5.0.1091 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d8 -f video -m logitech -d 10.5.0.1091 (User 'Default user')
O4 - Global Startup: ACS.lnk = ?
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O4 - Global Startup: D-Link REG Utility.lnk = ?
O4 - Global Startup: HP Notebook LidSwitch Utility.lnk = C:\Program Files\hewlett-packard\LidSwitch Policy\PwrSchem.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.nam.corp.gm.com
O15 - Trusted Zone: www.youtube.com
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - https://ww5.teamgm.com/qp2.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://digitas.webex.com/client/T23...ex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nam.corp.gm.com
O17 - HKLM\Software\..\Telephony: DomainName = nam.corp.gm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nam.corp.gm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = nam.corp.gm.com
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINNT\system32\acs.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - c:\em\opt\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINNT\system32\nslsvice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\bin\ONRSD.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\spool\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\RapApp.exe
O23 - Service: Tactical Deployment Service (TDS) - Electronic Data Systems 2005 - C:\Program Files\TDS\tdssvc.exe

--
End of file - 9801 bytes

Relevance 100%
Preferred Solution: Awola.... sigh

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Awola.... sigh

Stupid spyware! Ran SDFIX and COMBOFIX with fingers crossed

Anyways....the Awola popup from the tray is still there!!


SDFix: Version 1.129

Run by LocalAdmin on Tue 01/22/2008 at 10:54 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found






Removing Temp Files...

ADS Check:

C:\WINNT
No streams found.

C:\WINNT\system32
No streams found.

C:\WINNT\system32\svchost.exe
No streams found.

C:\WINNT\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 23:00:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:conf"
"C:\\Program Files\\VPN Client\\Extranet.exe"="C:\\Program Files\\VPN Client\\Extranet.exe:*:Enabled:Extranet"
"C:\\Tivoli\\lcf\\dat\\1\\Mobile\\mobile.exe"="C:\\Tivoli\\lcf\\dat\\1\\Mobile\\mobile.exe:*:Enabled:mobile"
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Enabled:FrameworkService.exe"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\em\\opt\\Tivoli\\lcf\\bin\\w32-ix86\\mrt\\lcfd.exe"="C:\\em\\opt\\Tivoli\\lcf\\bin\\w32-ix86\\mrt\\lcfd.exe:*:Enabled:lcfd"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Tivoli\\lcf\\dat\\1\\Mobile\\mobile.exe"="C:\\Tivoli\\lcf\\dat\\1\\Mobile\\mobile.exe:*:Enabled:mobile"
"C:\\Tivoli\\lcf\\inv\\SCAN\\wepmcoll.exe"="C:\\Tivoli\\lcf\\inv\\SCAN\\wepmcoll.exe:*:Enabled:wepmcoll"
"C:\\Tivoli\\lcf\\bin\\w32-ix86\\mrt\\lcfep.exe"="C:\\Tivoli\\lcf\\bin\\w32-ix86\\mrt\\lcfep.exe:*:Enabled:lcfep.exe"
"C:\\Program Files\\ISS\\BlackICE\\blackd.exe"="C:\\Program Files\\ISS\\BlackICE\\blackd.exe:*:Enabled:blackd.exe"
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Enabled:FrameworkService.exe"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\em\\opt\\Tivoli\\lcf\\bin\\w32-ix86\\mrt\\lcfd.exe"="C:\\em\\opt\\Tivoli\\lcf\\bin\\w32-ix86\\mrt\\lcfd.exe:*:Enabled:lcfd"

Remaining Files:
---------------


Files with Hidden Attributes:

Tue 3 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Mon 1 Aug 2005 62,976 A..H. --- "C:\Documents and Settings\cz9h3d\My Documents\Personal\PMP\~WRL2081.tmp"

Finished!






ComboFix 08-01-14.2 - LocalAdmin 2008-01-22 23:11:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1616 [GMT -5:00]
Running from: D:\Downloaded Files\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\system32\grouppolicy\machine\scripts\scripts.ini
C:\WINNT\system32\msacm32.drv

.
((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-22 23:10 . 2000-08-31 08:00 51,200 --a------ C:\WINNT\NirCmd.exe
2008-01-22 22:35 . 2008-01-22 22:35 <DIR> d-------- C:\WINNT\ERUNT
2008-01-22 11:31 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\uxherwdkjo.exe
2008-01-22 10:09 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\mabd.exe
2008-01-21 10:59 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\szhq.exe
2008-01-21 10:46 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\qph.exe
2008-01-20 08:30 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\mlwmjch.exe
2008-01-19 20:28 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\mkii.exe
2008-01-19 17:36 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\csyvfisv.exe
2008-01-18 07:50 . 2008-01-18 07:50 <DIR> d-------- C:\WINNT\ms
2008-01-18 07:49 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\cgpqc.exe
2008-01-17 20:49 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\eiyvvcm.exe
2008-01-16 10:32 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\mllgcrjmvc.exe
2008-01-15 20:53 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\duxk.exe
2008-01-15 08:57 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\nujfharrpibf.exe
2008-01-14 20:12 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\hgyizbji.exe
2008-01-14 12:07 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\mslyjyfne.exe
2008-01-14 11:10 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\ovozrtzwwydz.exe
2008-01-14 10:32 . 2008-01-14 10:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-14 10:25 . 2008-01-14 10:25 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-01-14 10:04 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\uumvdmbhbq.exe
2008-01-14 08:56 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\lnxhow.exe
2008-01-13 22:43 . 2007-06-05 10:56 44,928 --a------ C:\WINNT\system32\drivers\SDTHOOK.SYS
2008-01-13 22:26 . 2008-01-14 00:35 <DIR> d-------- C:\WINNT\system32\ActiveScan
2008-01-13 22:26 . 2008-01-13 22:26 30,590 --a------ C:\WINNT\system32\pavas.ico
2008-01-13 22:26 . 2008-01-13 22:26 2,550 --a------ C:\WINNT\system32\Uninstall.ico
2008-01-13 22:26 . 2008-01-13 22:26 1,406 --a------ C:\WINNT\system32\Help.ico
2008-01-13 22:22 . 2008-01-13 22:22 <DIR> d-------- C:\Program Files\CCleaner
2008-01-13 22:16 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\zyrdjqt.exe
2008-01-13 21:35 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\ixiawfmfbg.exe
2008-01-13 10:06 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\ojriumc.exe
2008-01-12 10:29 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\jms.exe
2008-01-11 19:16 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\ncdax.exe
2008-01-10 22:17 . 2008-01-10 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-10 19:53 . 2008-01-10 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-10 19:53 . 2008-01-13 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-01-10 19:10 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\qmwpp.exe
2008-01-10 08:03 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\yyz.exe
2008-01-09 20:50 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\zzkd.exe
2008-01-09 11:37 . 2007-09-24 23:31 69,632 --a------ C:\WINNT\system32\javacpl.cpl
2008-01-09 08:14 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\wwkhuazno.exe
2008-01-08 13:00 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\celdqx.exe
2008-01-08 07:16 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\bpcxqoxkjoj.exe
2008-01-07 17:22 . 2008-01-07 17:22 0 --ahs---- C:\Documents and Settings\cz9h3d\Application Data\b925c42d8ddd88ce44d8964f97682908d9d0d949.dat
2008-01-07 16:49 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\ewpnk.exe
2008-01-07 08:48 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\uaelpctft.exe
2008-01-06 09:59 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\mfxzzhgipbh.exe
2008-01-04 08:01 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\yfszc.exe
2008-01-03 09:46 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\hvkunrwzsigq.exe
2008-01-02 08:15 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\irkv.exe
2008-01-01 16:00 . 2008-01-02 08:03 <DIR> d-------- C:\WINNT\SxsCaPendDel
2008-01-01 15:51 . 2008-01-01 15:55 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-01 14:52 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\mmqgefh.exe
2007-12-31 19:39 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\zlyyuoxgehi.exe
2007-12-31 16:47 . 2007-12-31 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-31 10:26 . 2005-09-23 08:29 626,688 --a------ C:\WINNT\system32\msvcr80.dll
2007-12-31 09:40 . 2007-12-31 09:40 19,456 --a------ C:\IExdxK.exe
2007-12-31 09:40 . 2007-12-31 09:40 19,456 --a------ C:\Documents and Settings\cz9h3d\Application Data\xtmmyf.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 16:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-14 13:54 --------- d-----w C:\Program Files\Release Enhancements
2008-01-14 05:09 --------- d-----w C:\Program Files\TDS
2008-01-14 05:00 --------- d-----w C:\Program Files\Google
2008-01-14 05:00 --------- d-----w C:\Program Files\D-Link AirPlus Xtreme G
2008-01-09 16:43 --------- d-----w C:\Program Files\Java
2008-01-02 13:03 --------- d-----w C:\Program Files\Common Files\Logitech
2001-05-24 19:32 271 --sha-w C:\Program Files\desktop.ini
2001-05-24 19:32 21,952 ---ha-w C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-03 13:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Promon.exe"="Promon.exe" []
"Synchronization Manager"="mobsync.exe" [2004-08-03 13:56 143360 C:\WINNT\system32\mobsync.exe]
"Office Project Fix"="C:\Program Files\Microsoft Office\Office\DoO2kcu.exe" [2002-03-07 10:01 41026]
"IgfxTray"="C:\WINNT\system32\igfxtray.exe" [2004-12-21 10:16 155648]
"HotKeysCmds"="C:\WINNT\system32\hkcmd.exe" [2004-12-21 10:11 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 11:18 88363 C:\WINNT\AGRSMMSG.exe]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [2007-03-27 14:06 136768]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-07-28 17:26 82009]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 15:07 729177]
"ISYNCUSER"="C:\PROGRAM FILES\PUMATECH\ISYNCUSER.VBS" [2005-11-01 10:13 12288]
"IMJPMIG8.1"="C:\WINNT\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 07:32 208952]
"PHIME2002ASync"="C:\WINNT\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 07:32 455168]
"PHIME2002A"="C:\WINNT\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 07:32 455168]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 07:00 98304]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 08:48 147514]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2004-08-23 15:45 35528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [ ]
"tscuninstall"="C:\WINNT\system32\tscupgrd.exe" [2004-08-03 07:59 44544]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ACS.lnk - C:\WINNT\system32\ACS.BAT [2007-01-11 16:14:40]
D-Link AirPlus Xtreme G Configuration Utility.lnk - C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe [2007-01-11 16:14:41]
D-Link REG Utility.lnk - C:\Program Files\D-Link AirPlus Xtreme G\Reg.exe [2007-01-11 16:14:40]
HP Notebook LidSwitch Utility.lnk - C:\Program Files\hewlett-packard\LidSwitch Policy\PwrSchem.exe [2004-04-27 12:58:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)
"RunLogonScriptSync"= 1 (0x1)
"MaxGPOScriptWait"= 10800 (0x2a30)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoWebServices"= 1 (0x1)
"NoOnlinePrintsWizard"= 1 (0x1)
"PreXPSP2ShellProtocolBehavior"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Folders"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
"Btn_PrintPreview"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoLogoff"= 0 (0x0)
"NoTrayContextMenu"= 0 (0x0)
"EnforceShellExtensionSecurity"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"Btn_Media"= 0 (0x0)
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 TivoliAP

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=P07259.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script"=P07157.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\2\0]
"Script"=GMclientheatlh.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\3\0]
"Script"=P06180v3.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\4\0]
"Script"=EWO_P05117m.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\5\0]
"Script"=EWO_P05192.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\6\0]
"Script"=XPStartup.1.1.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\6\1]
"Script"=admingrps.wsf

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\6\2]
"Script"=P06216.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\6\3]
"Script"=P06217.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\6\4]
"Script"=P06223.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\6\5]
"Script"=P07074.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\6\6]
"Script"=P06266.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\6\7]
"Script"=P07140.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\6\8]
"Script"=P07043.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\6\9]
"Script"=EWO_P05170.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\6\a]
"Script"=inotesdll.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\6\b]
"Script"=P05190.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\6\c]
"Script"=P07221_QP8_Install.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\7\0]
"Script"=isync532.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2484819571-2125529598-2454565363-93215\Scripts\Logon\0\0]
"Script"=Main.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2484819571-2125529598-2454565363-93215\Scripts\Logon\1\0]
"Script"=Tia_Banner_LogonTime.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2484819571-2125529598-2454565363-93215\Scripts\Logon\2\0]
"Script"=P07150.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2484819571-2125529598-2454565363-93215\Scripts\Logon\3\0]
"Script"=XPLogon.1.1.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2484819571-2125529598-2454565363-93215\Scripts\Logon\4\0]
"Script"=P05047u.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2484819571-2125529598-2454565363-93215\Scripts\Logon\4\1]
"Script"=P05044u.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINNT\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

R0 aic116x;aic116x;C:\WINNT\system32\DRIVERS\aic116x.sys [1999-09-25 10:11]
R0 cpqfcalm;cpqfcalm;C:\WINNT\system32\DRIVERS\cpqfcalm.sys [1999-09-25 10:11]
R0 cpqfws2e;cpqfws2e;C:\WINNT\system32\DRIVERS\cpqfws2e.sys [1999-09-25 10:11]
R0 Fd16_700;Fd16_700;C:\WINNT\system32\DRIVERS\fd16_700.sys [1999-09-25 10:11]
R0 fireport;fireport;C:\WINNT\system32\DRIVERS\fireport.sys [1999-10-27 13:58]
R0 flashpnt;flashpnt;C:\WINNT\system32\DRIVERS\flashpnt.sys [1999-09-25 10:11]
R0 ipsraidn;ipsraidn;C:\WINNT\system32\DRIVERS\ipsraidn.sys [1999-09-25 10:11]
R0 lp6nds35;lp6nds35;C:\WINNT\system32\DRIVERS\lp6nds35.sys [2003-06-19 11:05]
R0 ql2100;ql2100;C:\WINNT\system32\DRIVERS\ql2100.sys [1999-09-25 10:11]
R0 ultra66;ultra66;C:\WINNT\system32\DRIVERS\ultra66.sys [1999-09-25 10:11]
R1 RapDrv;RapDrv;C:\WINNT\system32\drivers\RapDrv.sys [2002-06-14 14:23]
R1 RapFile;RapFile;C:\WINNT\system32\drivers\RapFile.sys [2002-06-14 14:23]
R1 RapNet;RapNet;C:\WINNT\system32\drivers\RapNet.sys [2002-06-14 14:24]
R2 CcmExec;SMS Agent Host;C:\WINNT\system32\CCM\CcmExec.exe [2006-03-24 10:52]
R2 lcfd;Tivoli Endpoint;"c:\em\opt\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe" [2006-04-17 16:29]
R2 TDS;Tactical Deployment Service;C:\Program Files\TDS\tdssvc.exe [2005-11-21 07:40]
R3 Eacfilt;Eacfilt Miniport;C:\WINNT\system32\DRIVERS\eacfilt.sys [2002-10-11 15:49]
R3 GTIPCI21;GTIPCI21;C:\WINNT\system32\DRIVERS\gtipci21.sys [2006-04-06 15:49]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINNT\system32\DRIVERS\ipsecw2k.sys [2002-10-11 15:49]
S0 Ncrc710;Ncrc710;C:\WINNT\system32\DRIVERS\ncrc710.sys [1999-09-25 10:11]
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINNT\system32\DRIVERS\ipsecw2k.sys [2002-10-11 15:49]
S3 EntDrv50;EntDrv50;C:\WINNT\system32\drivers\EntDrv50.sys []
S3 ess;ESS Audio Driver (WDM);C:\WINNT\system32\drivers\ess.sys [2001-08-17 12:19]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache;C:\oracle\ora92\bin\ONRSD.EXE [2002-04-26 18:34]
S3 prepdrvr;SMS Process Event Driver;C:\WINNT\system32\CCM\prepdrv.sys [2006-02-09 03:50]
S3 usbhub20;USB Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys [2003-06-19 11:05]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5E863175-E85D-44A6-8968-82507D34AE7F}]
C:\Documents and Settings\All Users\Application Data\Apple Computer\QuickTime\launch2.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmactedp.inf,PerUserStub
.
Contents of the 'Scheduled Tasks' folder
"2008-01-11 12:10:03 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 23:18:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-22 23:23:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-23 04:23:28

4 more replies
Relevance 44.69%

I searched previous threads about this pesky malware, but I think my problem might be a little different...
So my computer automatically shut down, and then after rebooting I noticed a popup (from the taskbar only) telling me that my computer is infected and that I should download "special antispyware"...

I haven't clicked it, and don't plan on it, BUT I'm wondering if my computer is already infected ( I ran spybot and AVG and both found no infections.) and if not how do I stop that pop up from well popping up.

Thanks
 

Answer:Not sure if I have awola yet...

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.


If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can try running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.


Plus a guide on HOW TO: Attach Items To Your Post
 

1 more replies
Relevance 44.69%
Question: Awola

Hi,

I've tried to clean Awola off of my system by piecing together what to do from the treads in this forum, and it appears to have removed the pop-ups. Can you guys take a look at my HJThis log and let me know if I missed anything? Also, please let me know if I should post anything else to be reviewed.

Thanks very much
 

Answer:Awola

Your HJT log is clean...although we recommend that the exe be renamed to analyse.

Are you still having problems? If you are:

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide
 

1 more replies
Relevance 44.69%

I'm infected with Awola.

I don't know if that's what it's called exactly, and there could be more to my problem than that; but there are other threads on this very problem. As far as I could tell, netiquette on MajorGeeks says I should make my own thread rather than invade someone else's.

If I'm wrong, I'm very sorry for having made a redundant thread.

Symptoms:

- A yellow triangle with a black exclamation point in it sitting in my task bar. It spawns a large, intrusive word bubble telling me I'm infected with spyware and that Windows will download the Awola anti-spyware program if I click the bubble.

- My system will freeze for several seconds at a seemingly random frequency. It always unfreezes, and anything I've done during the 'frozen' period (words I've typed, things I've clicked on, etc.) eventually happens after things come unfrozen.

What I was doing when I first noticed the infection:

- I'd been gone for two days, and my computer had been left on. When I came back I noticed my internet browser was open, and the word bubble was staring at me. I don't believe anyone touched my computer while I was gone.

Hopefully I've attached everything properly.

I did an AVG scan, but the log reads:





"[1/21/2008 15:03:15 PM] synchronize database and filecache"Click to expand...

I followed the directions in the "read me first and do these thi... Read more

Answer:Awola, maybe others.

Welcome to Major Geeks!

Is your copy of Spywar Doctor a paid version or free trial? If free, uninstall it now.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below software:
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 3
Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\system32\s1940.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\system32\s1940.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Microsoft Windows Adapter 5.1.3214] C:\Documents and Settings\RICHARD\Application Data\pzruv.exe
O4 - HKCU\..\Run: [Awola] "C:\Documents and Settings\RICHARD\Application Data\Awola\Awola.exe" /MIN
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WIND... Read more

4 more replies
Relevance 44.69%
Question: Awola Bug?

There's a little bubble on the right side of my screen, near the clock, that keeps popping up (and won't go away, which is very annoying), saying "Your computer is infected!" Unknowingly, I clicked it and it presented me with "Awola Anti-Spyware 6.0" or something to that effect. I Googled Awola and found out that it was a rogue anti-spyware program, or something. So, I checked out Add/Remove Programs, and it wasn't in there. So I went through the Start menu to Uninstall Awola, and it said it was removed successfully, but the bubble will still not go away.

I am completely computer-stupid and have no idea what to do. Any help?
 

More replies
Relevance 44.69%
Question: Awola

thanks for your advice boopme.

i had so much trouble getting rid of awola and i finally did it thanks to your suggestions.
thanks alot!

Answer:Awola

You're welcome and welcome to BC. I split your post away into it's wn topic as that one is still working and you are further along. Always mke your own topic it is the better method and keeps things from being confused. As in The stpe for you to do is not the step for them,thanks. I would recommend you do this step now. Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:Go to Start > Programs > Accessories > System Tools and click "System Restore".Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.Then use Disk Cleanup to remove all but the most recently created Restore Point.Then go to Start > Run and type: CleanmgrClick "OK".Click the "More Options" Tab.Click "Clean Up" in the System Restore section to remove all ... Read more

3 more replies
Relevance 44.69%
Question: Awola

Well I got the AWola bug and it's a killer. Dang "Your Computer is infected!" pops up every 5 seconds after closing it and that is the good news. I can't go anywhere without being redirected. I am not even sure how I have made it to this site. Anyway I have done a HIJACK THIS log and I am posting it if anyone knows what to do I am all EARS.Thanks!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:58:00 PM, on 12/28/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchosts.exeC:\WINDOWS\UmVlc2UgQnJpZGdlcw\command.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Network Monitor\netmon.exeC:\Program Files\PC Tools AntiVirus\PCTAVSvc.exeC:\WINDOWS\system32\lpcywinp.exeC:\WINDOWS�... Read more

Answer:Awola

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

3 more replies
Relevance 44.69%
Question: AWOLA

Just picked up Awola on my computer.Please help, how do I get rid of it??
 

Answer:AWOLA

have you tried any of the google search links?
http://www.google.com/search?aq=t&oq=awola+re&hl=en&safe=active&q=atwola+removal&btnG=Search

i havent had specific experience with this one.
 

1 more replies
Relevance 44.28%

Hi can anyone assist me? I am trying to repair my cousin's computer which appears to have Awola installed on it.

I also unable to get the computer to detect any wireless signals even after manually entering the settings for my network. In addition, the user also installed SystemTech Spyware Cleaner. Is this is a good program to use? Am I better off using Windows Defender?

Below is a log file


Deckard's System Scanner v20071014.68
Run by RASHIDA XXXX on 2008-05-03 20:53:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as RASHIDA ROACH.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:54:15 PM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wirele... Read more

Answer:Please help Awola 6 on laptop

I am sorry to bump this thread. I was wondering if there was something that I left out or should have done before posting this thread.

I did complete steps 1-4. I was unable to connect to the internet to do an online scan.

I apologize if I incorrectly posted. Sorry for bumping this thread.

4 more replies
Relevance 44.28%
Question: awola help needed

my sweet husband contracted awola and I am left to figure out how to get rid of it... any help is much appreciated - here is the HijackThis Log I just ran



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:01:50 PM, on 1/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09... Read more

Answer:awola help needed

I have now also completed ComboFix but the popup "Your computer is infected!" is still there... log listed below but not sure if I did it correctly. It is also affecting other programs and now I cannot print. Please help before I divorce my husband or at least throw the computer at him!!!




WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

19 more replies
Relevance 44.28%
Question: awola removal

My brother-in-law has managed to install awola and now I have to get rid of it. Any ideas? He lives 60miles away and is techno-phobic.

Answer:awola removal

click here

10 more replies
Relevance 44.28%
Question: Awola infection!

My computer is infected with Awola anti spyware. I searched Google for some solutions for this aggrevating problem. This website caught my eye. I hope that I can be helped for my problem. As of right now my computer crashes on normal mode within 5 min's of startup. The only way I can use the computer is on safe mode.
Once I entered the website I was reading a forum for Awola removal and downloaded the file SDfix (this was from a link on the thread. I decided that is would be best if I discontinue any attemp at correcting the problem myself because I am not extremely knowledgable. Thanks for any help I can get.

Answer:Awola infection!

why doesnt anyone want to help me with my issue?

1 more replies
Relevance 44.28%

Awola is driving me crazy!! And just about the time I get started on another paper, I get a pop-up. I can't tell you how many times I have had to re-connect to this site just to finish this thread.
I wasn't able to perform a Windows Update because the Windows Genuine Advantage Validation Tool wouldn't install. (KB892130).
Here is the log;

Deckard's System Scanner v20071014.68
Run by gc on 2008-01-18 13:44:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-01-18 19:44:32 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as gc.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:51:41 PM, on 1/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C... Read more

Answer:Awola & numerous pop-ups

Download SDFix from here and save it to your desktop.


Please then reboot your computer in Safe Mode by doing the following :
Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.

It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.

Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum.


=========================================


Download Combofix from any of the links below, and save it to your desktop. For information regarding this d... Read more

3 more replies
Relevance 44.28%
Question: Awola hijack

My sister's computer has been hijacked, any help will be much appreciated. Here's the HJT log:
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll (file missing)
O2 - BHO: Farstone Popup Blocker - {E22F9B9D-1A1F-473E-BED6-D8BC152441F4} - C:\PROGRA~1\PCSECU~1\THESHI~1\FARPOP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - ... Read more

More replies
Relevance 44.28%
Question: awola virus

I am running windows xp and believe I caught the awola virus probably bundled with a lot of other things.
Ok, all I really want to do is copy my files to my external hard drive so I can reformat my computer. But, the virus has taken away my administrator status. It has disabled copying files to my external hard drive or dragging and dropping files. I cannot install Norton antivirus. The error message is "Setup was unable to update the MSI system component. If this problem continues please contact Microsoft at www.microsoft.com". I try to open my network connections, and they won't open.

Is my best bet just paying for the phishing scheme and going along with awola? Will it give me back these capabilities after I have paid, so I can reformat my computer?

Please help. I am desperate.

Answer:awola virus

Oh, I am also considering buying XoftSpySE. I downloaded the program of the internet, and it did locate many corrupt files. However, I am worried if I purchase it, I will not be able to install it fully and use it as I wasnt able to install Nortan Antivirus from disk. Is this a legitimate fear, or did this program already install, and when I purchase the license key, it will simply remove the corrupt files?

I hope I explained this well. Please reply.

19 more replies
Relevance 44.28%
Question: Awola Malware

My computer has been infected with Awola. I am normally pretty good with computers but this has caused me to waste the last 6 hours on trying to removed it with no luck. From what I have read this is pretty common but extremly hard to remove. I really need help before me and my computer play fisty cuffs.Here is the log named main.txt:Deckard's System Scanner v20071014.68Run by Barry on 2008-04-22 22:52:31Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...success.-- Last 1 Restore Point(s) --1: 2008-04-23 02:52:32 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Barry.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:57:25 PM, on 4/22/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\... Read more

Answer:Awola Malware

Hello BarryCareyWelcome to BleepingComputer ========================If you are still in need of assistance please post a new Hijackthis log.

1 more replies
Relevance 44.28%
Question: Awola Invastion

Good Day Doctors, I'm helping another friend with their system. It looks like they got caught in one of those sites that pull you in and the next thing you know the software is on your system. I trying to uninstall a program called AWOLA. It states that it is an ANTI -SYPWARE and the system has been infected. I tried to uninstall it but no luck. It seems you have to buy the program to have the option available to uninstall it.

Has anyone heard of this program and how can I get it off my friend's system?
Thx in advance
Steve
 

More replies
Relevance 44.28%
Question: Awola Removal!!!!

I got infected with Awola and cant get it off. Thanks for you help.

Incident Status Location

Spyware:Application/Awola Not disinfected c:\documents and settings\kris\application data\awola\awola.exe
Spyware:Application/Awola Not disinfected C:\Documents and Settings\Kris\load.exe
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Kris\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe ... Read more

Answer:Awola Removal!!!!

Any suggestions on how to get rid of this. Plzzz my computer is crashing and i need help bad. Thanks

10 more replies
Relevance 44.28%
Question: Awola Removal

dealt with AWOLA removal today. here are the following steps used to remove it:

0. DISABLE System Restore.

1. download, install and update Malwarebytes AntiMalware removal tool.
http://www.malwarebytes.org/

2. reboot your system into Safe Mode with networking.

3. verify that you have the latest update of Malwarebytes by performing the update again.

4. perform a FULL SCAN with Malwarebytes and, after the scan is complete, remove all items in the list.

5. perform a search on your computer for the following:
*awola*.*
this will search for ANY file in your system with the word 'awola' anywhere within its name, regardless of the file extension. DELETE any 'awola' files.

6. open the registry (ie. regedit) and do a search for 'awola' and remove any items you find.

7. perform another scan with Malwarebytes to be certain your system is clean.

8. restart your system.

if anyone has comments, please share them.
 

More replies
Relevance 44.28%
Question: Awola Removal!!!!

I have Awola virus on my computer and i cannot get it off. i have deleted the registry values and everything. I ran spybot s&d and ad-aware. Please help in any way you can. Thanks.

Answer:Awola Removal!!!!

help plzzzz, i can barely use my computer with it this bad. thanks

2 more replies
Relevance 44.28%

Howdy!

My computer seems to have been infected with this malware Awola. It is driving me bonkers. I cannot seem to rid my computer of this program. I've tried my antispyware programs and uninstalling and basic registry deletions, but it keeps regenerating.

Any help would be tremendously appreciated.

Thanks,
Andrew
 

More replies
Relevance 44.28%
Question: Awola virus

How do I get rid of the awola virus?

Answer:Awola virus

Hi and welcome to TSF.

Please start here and follow the instructions.

http://www.techsupportforum.com/secu...sting-log.html

If you cannot complete any of the Steps, simply move on to the next one - remember to let the Analyst know about this when you post your logs.

Do not post your logs back in this thread - follow the guidance in the above link!

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply.

1 more replies
Relevance 43.87%

Hi, my mother recently infected her PC with AWOLA, and ever since, everything has been running much worse. I've tried to use previous posts / fixes, but to no avail. I've included the DSS report below. Thank you so much.

Deckard's System Scanner v20071014.68
Run by sconstan on 2008-02-01 14:59:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-01 14:59:34
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Progress\OpenEdge\bin\admsrvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Microsoft SQL ... Read more

Answer:Older PC Infected with AWOLA, Please Help

Bump. Thanks again.

8 more replies
Relevance 43.87%

I keep getting pop-ups and a little notification at the bottom right of my screen saying: "Your computer is infected! Windows has detected spyware infection. It is recommended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you. Click here to protect your computer from spyware."

I clicked it and found that it was installing a program "Awola," which I later found to be some sort of spyware or something. I uninstalled and did some Ad Aware scans (both in normal and safe modes), but I keep getting this notification CONSTANTLY. It's really annoying. Can anyone help?

Thanks!!
 

Answer:Awola program--How do I remove it?

14 more replies
Relevance 43.87%

My Bosses computer got hit with AWOLA before finding your site I tried to fix it. We run McaFee antivirus. His firewall was down, which has been fixed.

His computer runs XP Pro, he can do what he needs to do however, he still is getting the message poping up. Your computer is infected.

Yes, I deleted files and some registry stuff already. I ran spybot and found a few more files. On the last run of spybot there are not offending files showing. Is there any way of ridding that annoying message?

Thanks,
 

Answer:AWOLA- Continued Pop Up Message

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide
 

3 more replies
Relevance 43.87%

hello guys/gals:



here with my computer again. it now has a phony anti-virus software on it "awola" the computer has been taken over, no task manager, no wallpaper, random shut downs, constant "warning" pop ups, i cant do anything anymore......


please help thanks


here are the logs:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 18:02:31.03 on Mon 04/06/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.500 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\awolaantispy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTune... Read more

Answer:AWOLA has infected my system

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please explain why this computer has no antivirus program installed and running. This is an open invitation for infection.

It can take as little as eight seconds to infect an unprotected computer.

Please keep this computer offline except when downloading tools and posting in the forum until we get one installed. Let me know your intentions for an antivirus program.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs ... Read more

2 more replies
Relevance 43.87%

I have a simular issue to other but I dont see a common fix - HELP!

I've ran all the programs you recommended. Here are the logs.

This virus puts a yellow bang in my tray and states i've been infected. After closing the message a few times it launches Awola.

I belive it hit me 2 weeks ago.
 

Answer:Awola virus has infected my pc

More files attached.
 

10 more replies
Relevance 43.87%

Had a recent problem with malware. The main culprits seemed to be Awola, Security Toolbar, Kukkakreck taking over my home page with numerous pop-ups and slow performance. Followed your nine step program and am greatly appreciative for the concise advice. Most of my problems seemed to be solved but I will post the log and hope for the best. Thank you in advance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:24:34 PM, on 12/14/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\Program Files\Sygate\SEA\smc.exeC:\WI... Read more

Answer:Awola, Kukkakreck, Etc. And Other Villains

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Thom TMy name is Richie and i'll be helping you to fix your problems.Please disable Spybot S&D?s protection,or it will interfere.You can enable it after you're clean.Open Spybot and click on 'Mode' and check 'Advanced Mode'.Click on 'Tools' in bottom left hand corner.Click on the 'System Startup' icon.Uncheck 'Teatimer' box and/or uncheck 'Resident'.Click the 'Allow Change' box.Then, check next to the computer clock to see if the icon for Spybot is still there.If it is, right click it and choose 'exit Spybot-S&D Resident'.Restart the computer.If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:http://www.russelltexas.com/malware/teatimer.htmViewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546You are well advised to remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present,then restart your pc:ViewpointViewpoint ManagerViewpoint Media PlayerYour version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest versio... Read more

15 more replies
Relevance 43.87%

My machine has been infected with AntivirusXP 08 and Awola. Have cleaned out alot but now am left with random non-fatal BSOD's that I think are a trademark of these infections. Kaspersky scan of the critical areas is clean so there is no log to attach.I am including to two logs from the DSS scan.Deckard's System Scanner v20071014.68Run by Samantha on 2008-07-19 14:35:13Computer is in Normal Mode.--------------------------------------------------------------------------------Total Physical Memory: 480 MiB (512 MiB recommended).-- HijackThis (run as Samantha.exe) --------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:35:42 PM, on 7/19/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exeC:\Program Files... Read more

Answer:Antivirusxp 08 And Awola Infection

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...]Please uninstall Viewpoint Media Player from your computer..Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.------------------------Please download the OTMoveIt2 by OldTimer.Save it to your desktop.Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
C:\Documents and Settings\Samantha\Application Data\internaldb6334.dat
C:\Documents and Settings\Samantha\Application Data\internaldb41.dat
C:\Documents and Settings\Sam\Application Data\shc3ubj0enb9
C:\WINDOWS\system32\blphc5ubj0enb9.scr
C:\Program Files\Viewpoint
EmptyTemp
puri... Read more

2 more replies
Relevance 43.87%

gettin tons of pop ups, mainly says "internet speed monitor" or "outerinfo" on em, also awola self downloaed dis now automatically coming on and what not, and of course comp running slow as heck. Thanks for help, im computer stupid, haha.Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exeC:\Program Files\VentSrv\ventrilo_svc.exeC:\Program Files\VentSrv\ventrilo_srv.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\system32\Rundll32.exeC:\Program Files\Java\jr... Read more

Answer:Pop Ups, Awola, Sloooow Comp, Help!

already fixed it, didnt know how to just delete the topic, thanks.

2 more replies
Relevance 43.87%

I have run the XP cleaning procedure with combofix, spybot, AVG and MG tools as suggeste by this great site, but I still have a nasty Awola bug on my computer. I will try to attach the logs, but AVG stated that it did not create one.

Please help, and thanks in advance!
 

Answer:awola still giving me fits

Welcome to Major Geeks!

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Spybot - Search & Destroy 1.3 <-- this has not been used for more than 2 years.
Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME

Then install the proper version of Spybot as given in the READ ME. MAKE SURE to uncheck the option for using Teatimer.

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKCU\..\Run: [Microsft Windows Adapter 5.1.3013] C:\Documents and Settings\Home\Application Data\zpbfwsb.exe
O4 - HKLM\..\Policies\Explorer\Run: [ngm] C:\WINDOWS\System32\ngm.exe
O4 - HKCU\..\Policies\Explorer\Run: [nhhp] C:\WINDOWS\System32\nhhp.exe
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O20 - Winlogon Notify: khfdbxx - khfdbxx.dll (file missing)
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe (file missing)

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is ... Read more

9 more replies
Relevance 43.87%

Hello TechGuy users,
I am a new user to TechGuy after my friend had an encounter with... AWOLA.
They said they were getting pop-ups even if not on the internet and their whole Compaq Windows XP Laptop is slowing down. I told them to get Spybot Search & Destroy and update to the newest version and they did. They scanned their whole computer and they destroyed some AWOLA software, but it is still there.

What should they do?
Thanks,
Michael
 

Answer:AWOLA Spyware... AAAHHHHH!

More info:
I told my friend to do System Restore they said it didnt work, then also tried to uninstall it manually but they want them to pay for it...

 

1 more replies
Relevance 43.87%

Hi there I REALLY need help okay so first i got infected with awola its a flashy trojan virus that disguises itself as a antivirus spyware and i thought i removed it and then today i turn on my computer and i have 2 drives C and D and my D drive would not load like its would just show my background with no icons or side bars on it. Please if you know how to help would you please i would be forever grateful thank you
 

More replies
Relevance 43.87%

Hi, yesterday I starte getting some really annoying Awola anti-spywear popups on my PC. I used the information in some of the threads on this forum, and thought that I had it beat, but today, I'm having the same problem. Here's the HijackThis log. Any help is much appreciated. This is a really annoying issue.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:49:55 PM, on 1/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\aspimgr.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\QuickSet\bak\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunes... Read more

Answer:Solved: Awola Malware

16 more replies
Relevance 43.87%

I have read that some others have gotten help on the Awola virus, can someone help guide me through removing this malware?

More replies
Relevance 43.87%

After reviewing the forums I have found that I have a common issue as others do. I have the same Windows balloon pop-up and when clicked it will install the fake AWOLA anti-spyware. I have already followed the steps required to generate logs and I am posting them now. Could someone please provide me with any additional help to remove this malware from my system and thank you in advance.
 

Answer:AWOLA virus removal help

Welcome to Major Geeks!

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Do you use MusicMatch Jukebox?

You need to go back and follow the instructions in step 1 of the READ ME for MSconfig. You must not use MSconfig to control any startups or services. Select Normal Startup mode and remain in that state.

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 12
Java 2 Runtime Environment, SE v1.4.2
Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelDrv.exe] C:\WINDOWS\System32\KernelDrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_4\bin\jusched.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O17 - HKLM\System\CS2\... Read more

3 more replies
Relevance 43.87%

Hi there, I believe my computer was recently infected by the Awola Virus / Trojan, and I could really use some assistance. I thank you in advance for any suggestions and help, they are appreciated. I'll put up a detailed description here of what's happened so far, and can certainly provide any additional information that may be required. My computer knowledge is okay, but very limited in terms of spyware and troubleshooting complex problems like this one.

Operating System = Windows XP

A couple of days ago I was doing some stuff online at 7:45pm, preoccupied and in somewhat of a rush. I got a popup menu that a trojan had been found, I assumed it was from my McAfee Security Centre (as this has happened several times before) but I didn't really look at it that closely, and selected okay (I think). I then started to receive a bunch of popups about Spyware, and Awola spyware removal program. I kept closing them because I was in a rush, didn't really look that closely, thought it was just ads and may very well have clicked something I shouldn't have. I did see the Awola Program box come up at one point and I thought I attempted to close it, but I may have clicked on something inadvertently.

Upon rebooting later, I realized that the computer was probably infected. I cannot click or open any application, by double-clicking an icon or program name I always receive the same error message (tailored to whatever application I attempted to open). A black empty box a... Read more

Answer:Infected By Awola 6.0 And Could Really Use Some Help Removing It

if you have not already done so you could try the superantispyware program?http://www.superantispyware.com/superantis...efreevspro.htmldownload it fromhttp://www.superantispyware.com/downloadfi...ANTISPYWAREFREErun the installation program and start the program from the desktop icon; fully update the definitions , reboot the computer into safe mode if it will let you , then run superantispyware from the desktop icon on a full computer scan when the scan is complete, reboot your computer into normal mode, and come back and post the log report you should find by opening the program and go to preferences/statistics.logsleft mouse click on the most recent entry, click on 'view log' and copy and paste that report into here for examination so folks can see what help you may need

30 more replies
Relevance 43.46%

Hi there. I believe I contracted a virus / trojan through Awola 6.0 a few weeks back. I started a thread in the 'Am I Infected' section, here's the link for that full thread: http://www.bleepingcomputer.com/forums/t/143729/infected-by-awola-60-and-could-really-use-some-help-removing-it/Long story short, I believe this virus was contracted on Wednesday, April 23 around 745pm. My operating system is Windows XP. Whenever I double-click on any .exe file I get an all-black window, and a little window above it with an error message similar to this: "16-bit MS-DOS SubsystemC:\Documents and Settings\All Users\Desktop\Winamp.InkThe NTVDM CPU has encountered an illegal instruction.CS:054d IP: 013d OP: f0 85 38 90 3a Choose 'Close' to terminate the application." I can right-click certain programs and select "Run As" to use them, but can't double-click on anything. I also think this virus has taken over Administrator duties, changed my registry and is preventing me from properly installing programs. It was also preventing me from running anti-virus scans, but I believe we have found a way around this, and I was finally able to process a scan with DSS (and Hijack This). I also did a scan using the Kaspersky scanner. I will copy and paste all logs below. Thanks in advance for all your help. HIJACK THIS MAIN.TXTDeckard's System Scanner v20071014.68Run by Mania on 2008-05-19 22:51:49Computer is in Normal Mode.---------------------------------------------------------------------------------- ... Read more

Answer:Infected With Awola 6.0 Virus / Trojan

HelloApologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click on dss.exe to run it and follow the prompts.If your anti-virus or firewall complains, please allow this script to run as it is not
malicious.When the scan is complete, two text files will open in Notepad:main.txt <- this one will be maximizedextra.txt <- this one will be minimizedIf not, they both can be found in the C:\Deckard\System Scanner folder.Please copy (Ctrl+C) and paste (Ctrl+V) the c... Read more

18 more replies
Relevance 43.46%

A big thanks in advance.Windows XP Professional SP2I am working on a friend's PC that was hit with Awola 6. He followed removal procedures described at http://www.spyware-techie.com/awola-or-awo...-removal-guide/He brought me the computer with no signs of the Awola 6 files or registry entries mentioned in the link above yet his network adapter stops receiving packets only about a minute after the Windows desktop has booted.I used system restore to take him back to before the attack but no help. Ran Smitfraud again and no help. I weeded through the running processes and ensured that there was no proxy set up in Internet options.Since the system has no available network connection I wasn't able to run the Kaspersky online scanner.I ran DSS and here is the log: Please note that I didn't have the computer hooked up to the router at the time of the DSS scan. If it is important I can hook the computer up and make a new log.Deckard's System Scanner v20071014.68Run by Santa B on 2008-06-20 04:50:22Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...success.-- Last 1 Restore Point(s) --1: 2008-06-20 11:50:23 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Santa B.exe) ---------------------------------------------Logfile of Trend Micro HijackThi... Read more

Answer:Awola 6 Removed But Packets Are Not Being Received.

I'm hoping somebody can get to solving this soon.

5 more replies
Relevance 43.46%

Ive had this infection for sometime. Tried a bunch of methods from computerforum but still cant finish the virus off. I constantly get CID popups and on my moms guest account she has this annoying AWOLA popup that appears to say its an anto virus program. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:31:45 PM, on 5/10/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Ulead Systems\D... Read more

Answer:Badly Infected With Cid Popups And Awola

also in my c: folder I have like 200 TMP files that look like pos1A2F.tmp what are these??

3 more replies
Relevance 43.46%

Here's my logfile. Is this the right thing to post?



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:38:27 PM, on 5/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINXP\Explorer.EXE
C:\WINXP\StartupMonitor.exe
C:\Program Files\Antivirus\Clamwin\bin\ClamTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINXP\system32\RDSHOST.exe
C:\WINXP\system32\sessmgr.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\logonui.exe
C:\WINXP\system32\rdpclip.exe
C:\WINXP\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINXP\system32\logon.scr
C:\Program Files\Antivirus\HijackThis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\Antivirus\SpyCatcher\SCAc... Read more

Answer:Awola fake anti-spyware

Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.
Please visit this webpage for download links, and instructions for running ComboFix

When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

=======================================

Please download SDFix from here and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extra... Read more

1 more replies
Relevance 43.46%

Hi,

Earlier today I managed to get the Awola malware onto my computer. I have run Ad-Aware & Spybot S&D along with F-Prot anti-virus software. I have also ran Hijackthis! & removed the Awola line. I also ran a search of my computer files & removed all files relating to Awola. I have rebooted my computer & the annoying yellow triangle warning message continues to popup every 30 seconds. Could someone help to squash this pest?

Thanks in advance!
haroldff1082

Answer:Annoying "your Computer Is Infected!" Pop-up (awola)

Hello and welcome haroldff1082What antivirus procuct do you have installed and have you scanned with it in safe move.Please do this also Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop .. DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to start Windows in Safe ModeDouble-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click it at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan with SUPEROpen from the desktop icon or the program Files listOn the left, make sure you check C:\Fixed Drive.Perform a Complete scan. After scan,Verify they are all checked.Click OK on the summary screen to quarantine all found items.If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs... Read more

3 more replies
Relevance 43.46%

Hi everyone-

I'm trying to help my younger brother get his computer functioning properly.

Within the last couple of weeks, he's acquired the AWOLA problem, the machine runs incredibly slow and also his home page starts out at something completely different even though we've changed it back many times.

I've gone through the 5 steps and this is what I have.
Thank you all for your help.




Deckard's System Scanner v20071014.68
Run by Adam on 2008-04-25 23:30:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-04-26 04:31:07 UTC - RP1005 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 255 MiB (512 MiB recommended).
System Drive C: has 4.34 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-25 23:35:32
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe... Read more

Answer:AWOLA + Hijacked IE Home Page + others...

Hello and welcome to TSF.

Scan with HijackThis and put a checkmark against the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32/left.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=7&ar=msnhome
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O15 - Trusted Zone: about://internet (HKCU)
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} () - http://hotsearchbar.com/toolbar2/winhot32.cab

Close all browsers and windows other than HijackThis and click on "fix checked".

I am not sure if you set this as your start page yourself or not... Read more

11 more replies
Relevance 43.46%

Have an AWOLA infection. was going to use info from this forum which suggested downloading a couple of files to help. But when I try to go to the sites, I get redirected to no page. Can't go anywhere.

Also, when doing a search now to locate and delete AWOLA files I get an error notice and Search shuts down.

Ad-Aware will run then stops about half way through.

Continuously get a little popup about infections. And there is a little yellow triangle on the startup menu bar (lower right) that, if clicked, will start Awola again.

Any suggestion, or do I just through the box away?

Thanks,

Pete

Answer:Awola - can't download fixes due to redirect

You should be able to download this tool. If not, use another machine, and a usb stick or CDR to carry it to the afflicted machine.

Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

------------------------------------------------------------------------------------... Read more

3 more replies
Relevance 43.46%

This is definitely not an anti-spyware program. It opens a window off the toolbar disguised as a Windows security update. It warns, "Your computer is infected! Click here to protect your computer...". The balloon does not go away. It worked its way onto the computer uninvited. I've followed all the procedures listed in the Preparation Guide but to no avail. Please help. Thanks for your time and expertise. Here's the hijack log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:35:13 PM, on 8/31/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exeC:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\M... Read more

Answer:Infected With "awola Anti-spyware 6.0"

Welcome to the BleepingComputer HijackThis Logs and Analysis forum rosevilledad My name is Richie and i'll be helping you to fix your problems.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove each Java versions.12. Reboot your computer once all Java components are removed.13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.Download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:... Read more

7 more replies
Relevance 43.46%

This morning I had a little yellow triangle with a black exclamation mark appear in my toolbar . Upon doing some investigation and updating Spybot S&D and running it in the safe mode as well as searching files and deleting them from my program files , control panel and other locations , after re-booting , the yellow triangle continues to reappear as well as I can hear my pop-up blocker blocking tons of attempts . I need help getting rid of this cursed thing .I have included my HJT log which I just ran about 5 minutes ago .Thanks in advance for help . I look forward to hearing from anyone who can assist .

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:01 AM, on 3/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\ATT Internet Tools\blslo... Read more

Answer:AWOLA VIRUS - HJT log file included

Hello biddle1,

Infection is showing here, so assuming you have not made too made changes since posting this log let's work from what shows here for now.
To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.
To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.
Download ComboFix.exe from here to your desktop

Then disconnect from net access. Once you have done that, click the downloaded ComboFix.exe file to run the repair.
When starting ComboFix will cause your computer's internal speakers to produce two beeps, and during the start process display two warnings. These are intended to discourage people who are not getting help in the forum from just experimenting with tools they do not understand. Just to inform you so you will understand that the procedures are expected, and okay.

ComboFix will also change the drive autoplay settings there as it's own added security measure. When we have completed all repairs here we will return the default Windows settings.
A caution - do not touch you... Read more

3 more replies
Relevance 43.46%

Hey guys, I'm working on a PC for a friend, and she has the constant "Your Computer is infected!" crap going on... Here's the HJT and SmitFraud logs:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:18:29 PM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messen... Read more

Answer:HijackThis/SmitFraud logs - Awola!

Please see the new post below... the above scan was old...
 

2 more replies
Relevance 43.05%

Hello, new to the forum, think this is great learning for a novice like me and appreciate the help if I could get it here.

I have the AWOLA virus/scarewware on my system. My virus scan picks it up as Generic FakeAlert.b

A warning is posted on my right hand lower toolbar that says "Windows has detected syware infection. It is recommended to use a special antispyware to prevent data loss etc.."

I went through the 5 steps posted here and created this log, I hope I didn't screw this up.

Deckard's System Scanner v20071014.68
Run by Jeff on 2008-01-12 22:18:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
70: 2008-01-13 05:18:26 UTC - RP1052 - Deckard's System Scanner Restore Point
69: 2008-01-12 03:19:33 UTC - RP1051 - Removed QuickTime
68: 2008-01-12 03:08:02 UTC - RP1050 - Software Distribution Service 3.0
67: 2008-01-12 02:51:28 UTC - RP1049 - Spybot-S&D Spyware removal
66: 2008-01-11 03:57:49 UTC - RP1048 - Spybot-S&D Spyware removal


-- First Restore Point --
1: 2007-10-16 05:41:31 UTC - RP983 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Mic... Read more

Answer:AWOLA scareware help needed, Log posted inside.

Bump, any help would be appreciated. thx

- Installed Java 6.4

19 more replies
Relevance 42.64%

I am attempting to clean my in-laws computer but I have been unable to remove AWOLA spyware from their system. I have downloaded Ad-Aware and also followed the steps that you suggested and I am still seeing the yellow box pop-up and AWOLA will uninstall and then re-install itself. I have been unable to locate the original file only shortcuts. Also, I have not been able to do any Windows Updates on their system. PLEASE HELP!

Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-16 17:15:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 383 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:55 PM, on 5/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Owner\Applicati... Read more

Answer:AWOLA Removal and Your computer is infected! Popup continuous

Hi, welcome to TSF!

If you still need assistance, please post a fresh main.txt log

1 more replies
Relevance 41.82%

I'm not exactly sure at what time it happened or what I was doing, but the "Awola Anti-spyware 6.0" program is installed on my computer and won't uninstall. A pop-up box is constantly at the bottom right-hand corner of the taskbar saying Your computer is infected! , recomending that I use the tool to prevent data loss.

Also - on another note - I'm unable to use any open-source internet browers (ie. Firefox, Opera, Bonjour...). When I attempt to use Firefox (for example) I'm given the message "Firefox can't establish a connection to the server at www.google.com." It won't open any site. I'm given a similar message when I try to any other browser other than IE. The browser suggests that if my computer or network is protected by a firewall or proxy, to make sure make sure that Firefox is permitted to access the Web. I don't think this is the problem - but I really can't be sure. I never did anything to change these settings - nor would I know where to go to do such a thing. I'm not sure if these two things are related as the internet problem happened a good 2 months after the Awola problem started.

I really appreciate any help. From viewing other members' responses, your help seems very effective.

Thanks!

Deckard's System Scanner v20071014.68
Run by Frankie on 2008-02-22 23:17:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore -------------------------... Read more

Answer:Awola Virus :( .... May also be messing with my open-source internet browsers

One more thing I forgot to mention! --- On step 4 of what to do before posting a log - Updating the Operating System - I was unable to update Is there anything I can to do fix this?

Thanks so much!

13 more replies
Relevance 39.36%

Sorry for posting this again, but this is kinda important lol. Maybe it is just really simple and I'm thinking too hard...dunno.

This is the scenario, I had a 40GB hard drive in one computer and a 8.4 in another, I wanted to switch them, seeing how the 8.4GB HDD was rather small and it was on the main/superior comp. I popped each HD out, and switched them only to find how that someone had formated each one different, one was in NTFS and the Other (8.4GB) was fat32. So I hooked the the 40GB as slave to format it (keeping it NTFS). After I had done that I popped in my xp cd and *thought* that I did a convert to NTFS on the 8.4GB. Well I didn't, I installed XP to the 40GB instead now I'm dual booted and I can't remove the 8.4GB HD without getting a "NTLDR" error on startup. right now its set up like this:

Master = C:\ 8.4GB fat32
Slave = F:\ 40GB NTFS

this is how i want it:

Master = C:\ 40GB NTFS

How would I go about remeding this?

Thanks for any suggestions.

Oh yeah, I would rather not have to reformat the 8.4GB if i do not have to.

Answer:*sigh* Help me think, lol

When partioning the drive, when installing using the XP disk, doesn't it format it NTFS?

7 more replies
Relevance 39.36%

Ok, would seem i am constantly posting here but here goes (again)

So, i managed to install my NEW psu, an ANTEC 480w Neo Power. previously my voltages were WAY off (in Speedfan)
After installing my new PSU my voltages still seem to be off, now it seems the situation has not changed (despite the PSU's being completely different, my previous was a 400W stock case PSU)

Any ideas as to whats going on?

Answer:*sigh* Once again....

I think that's okey.

7 more replies
Relevance 39.36%
Question: AOL :( *sigh*

Heya guys I was wondering if you could help me with a lil problem that I've been having for quite a few months now!

This is the message I've been getting on AOL..."The operation could not be completed due to low memory or hard disk space. Please close one or more windows, then try again."...The only time this message comes up if when I try to access a site on AOL...I can't see the Welcome Screen because it needs to connect to a site to get the info, and I can use very few of the AOL features...

There is nothing wrong with my memory or hard disk space...Even when there is no other programs running, I still get that message...

Does anyone know why this is happening?

Like I said, it's been a problem for months, but I've never plucked up the courage to call AOL...

If yous aint got any suggestions/answers, then I suppose that's what I'm going to have to do...

Thanks in advance guys...

Have fun and keep smiling...
 

Answer:AOL :( *sigh*

12 more replies
Relevance 39.36%

You all were so helpful in getting my desktop back in working order, was hoping you could help me with my work laptop. Did all suggested scans and procedures. Seemed to help for a day, and now the popups are back. Just got one now in fact when I clicked on the button for a new thread.

The window says "Powered by ZEDO"
Another windows title popped up "Search Inquire"
I inadvertantly clicked on an Ad on Myspace, so not sure if that is where this crap is coming from.

Would it be possible to submit a Hi-Jack this log?

Please advise, thank you everyone in advance !
 

Answer:Help.....again....*sigh*

If you have run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support then continue with the below steps. Otherwise complete ALL the sticky thread steps first.
After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

 

1 more replies
Relevance 39.36%
Question: Sigh...Help Please

I don't usually let this &%#$ get the best of me. I have used your READ & RUN ME sticky sucessfully in the past to remove spyware, etc. etc. etc. for some of my clients with much help from here and Chaslang. While I thought I was well protected myself, I now somehow have this winfixer party poker stuff going on with my own laptop now and can't get it GONE; think it might be related to the jkhfe.dll that keeps resurfacing. Followed the sticky directions as in the past, but no success this time; tried removing some HJT entries myself by following the HJT sticky; still no success. If I see this party poker or winfix pop up one more time i mgiht slit my wrists. LOL Help, HJT log attached.
 

Answer:Sigh...Help Please

When you follow the sticky thread you must complete all steps including step 6 and attaching the two online logs.

However, while reading the READ & RUN ME you should have clicked on the links for Special Removal Procedures where you would find the below that you should be running:





Virtumonde aka Trojan Vundo Removal - some people also refer to this as WinFixerClick to expand...


 

3 more replies
Relevance 39.36%
Question: sigh

why does it seem that when loading win98 that it takes forever on the "getting ready to run windows for the first time"?

or is it just me and my computer?

Answer:sigh

98 is ancient. All that power you have....shell out the cash for XP.

9 more replies
Relevance 39.36%
Question: Sigh

Ok so lets say i was retarded and lost my vista cd that came with the PC. Two moves..sigh you know the deal, anyway what if i wanted to erase everything off my pc cept for vista, is there a way to do it(beside doing it one by one in the program thingy. Not just programs too, i mean everything. I was to start fresh. Or is there a way to format without getting rid of vista, or whatever. any help would be greatly appreciated.

Answer:Sigh

Originally Posted by vvsniper


Ok so lets say i was retarded and lost my vista cd that came with the PC. Two moves..sigh you know the deal, anyway what if i wanted to erase everything off my pc cept for vista, is there a way to do it(beside doing it one by one in the program thingy. Not just programs too, i mean everything. I was to start fresh. Or is there a way to format without getting rid of vista, or whatever. any help would be greatly appreciated.



Nope. A clean install re-installs everything especially vista. If you have a computer with a pre-installed vista OS, it has a vista licence on the bottom of the computer. If thats the case you can download a vista ISO from many sources.

you really do want to re-install the vista files as well. it will make your system the most efficient it can be

ken

4 more replies
Relevance 39.36%
Question: IE help SIgh.. =*(

Hey guys i need help with an IE issue.
My dad's rig "IE" runs slow for his banking stuff. It only allows IE to be used.
What i need help from the community is anything i can do to speed things up in IE? My dad's rig is a P4 3ghz 512DDR400. The motherboard is ASUS P4PS800 SIS.
I am really curious as to what the problem is. It works fine on my com i got a different motherboard though.
Does anyone think this is a motherboard issue? I even reformatted my dad's com many times and now running Win2000. I tried installing WInxp and it makes things even worst. I did all updates etc. Its driving me up the wall.
 

Answer:IE help SIgh.. =*(

Soooo....
Your asking, what can be slowing down my father's online experience with IE? IE runs fine on your box(you dont use it) but not on his box?

OK, well heres a few ideas:
1. his internet connection is slower? Can I assume you use the same internet connection? I'm old, I no longer live with my father, do you?
2. next step in the internet chain would be NIC card. Latest drivers? I assume you already have them.
3. If his banking can ONLY be done over IE, and it is a secure connection, it may be server side. Is all his web surfing slow, or just his banking?
4. Has he updated IE and downloaded the 128 bit encryption plug in?

Anyway it doesnt seem like a mobo issue unless the drivers for the nic or modem(which one?)(onboard?) werent supported by win2k or win xp...
 

18 more replies
Relevance 39.36%
Question: *sigh*

Ok theres the deal.
I was just sitting in my comfortable office chair enjoying the A/C while surfing the net and playing Halo. Then from nowhere....*click*......*click click click*....
The End (literally)

Answer:*sigh*

Bet your temps went up. That really sux... It's 90F where I live, how is it there in LA?

9 more replies
Relevance 39.36%

recently i inadvertantly (spell check) visited a website that completely loaded my computer with spyware, adware, etc., i ran spybot, adware, and i have symantec antivirus on too.
I got all the threats out and my computer is running ok but I want to make sure I got it all. I appreciate your help a LOT.

Here's the log.

Logfile of HijackThis v1.99.1
Scan saved at 11:38:21 PM, on 8/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\DOCUME~1\JAMESP~1\LOCALS~1\Temp\Rar$EX00.062\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ykaoyfc.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - ... Read more

Answer:sigh. please look over this when you can

Hi and welcome..

Before we start working with your log, you are running Hijack This from a temporary location.This needs to have its own folder.Please download HijackThis Self-installer
This is a complete installer that installs HijackThis on the computer to C:\Program Files\HijackThis.
It is important that you uninstall any previous versions by using Add/Remove programs in your control panel before installing a newer version.


Please download Brute Force Uninstaller to your desktop. (rightclick on this link and choose save as, if using IE save target as)Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk" C:/ or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
Download qoofix.bat (rightclick on this link and choose save as, if using IE save target as)
Place qoofix.bat in your C:\BFU - folder. (Important!)
Doubleclick qooFix.bat, Close all browsers and explorer folders.
Choose option 1 (Qoolfix autofix) and follow the prompts.
Please be patient, it will take about five minutes.
After the PC has restarted please post another hijackthis log.

Also Download SILENT RUNNERS to a new folder,... Unzip if Zipped, and run the Silent ... Read more

1 more replies
Relevance 39.36%

I'm usually so careful.... but something's got me! I'm getting tons of popups and my system has slowed WAY down, things 'seem' to be running in the background, and very slow to start up. Here's my log for anyone interested in helping. Thank You in advance! Dave

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:00 AM, on 3/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\sy... Read more

Answer:Pop Ups and more Pop Ups!! *Sigh*

Your computer is infected. One of the malware experts in this section will need to assist you. This section is very busy, so you might have a long wait. If you don't get a reply in 2 - 3 days, bump your thread back to the top of the list.

In the meanwhile, make sure that AVG8 is up-to-date with the latest definition files, then run a full scan with it. It'll likely take over an hour.

----------------------------------------------------------------
 

1 more replies
Relevance 39.36%
Question: *Sigh*

Finally found a good use for YZ Dock and come to find out it disables my mouse software so i can't use my scroll buttons. (Mouseware 9.80)

Life is so unfair...
 

Answer:*Sigh*

Adrynalyne said:



Finally found a good use for YZ Dock and come to find out it disables my mouse software so i can't use my scroll buttons. (Mouseware 9.80)

Life is so unfair...Click to expand...

weird...it doesn't disable mine. i may not have the same mouseware version loaded either.
 

2 more replies
Relevance 39.36%
Question: /sigh

Alright so I bought an 8 gig iPod Touch about a month ago and when I first got it I couldn't figure out how to connect it to our router(Belkin G+ MIMO Router) until after I read a thread and it recommended resetting the router to default settings. So after I did that and I made sure to set the passphrase, made sure our other computer connected to it and everything and it worked but recently our computer(with the wireless antenna) and my iPod Touch lost connection and couldn't even find our router when I searched for it. So I reset our router to default settings again and set up the passphrase, etc. and our computer connected to it but when I connect to the router with my Touch it says I'm not connected to the internet.

Does anyone know WTF is going on?
 

Answer:/sigh

Hi

On your Router is SSID turned on and your ipod can find your networks name? and does it have any spaces in its name if so create a new one with no spaces (will need to have all other wifi devices reconnect to the router again as the SSID is changed) and then save and reset router and try again to connect ipod.

Is MAC address filtering on, if its on then enter your ipods MAC address in the list as this should allow it through, to find your MAC address on the ipod goto Settings > General > About and Wifi Address is your MAC code.
 

2 more replies
Relevance 39.36%
Question: *sigh*

I have pci-e gfx card but lol I switched primary lane to onboard, and now I see only black, how to fix this?... TY

do NOT ask WHY DID I DO THAT, BECAUSE I DONT KNOW xD
 

Answer:*sigh*

Okay, I won't ask:-D It appears as though you may just be having a driver conflict. If you want to stay with the pci-e card, go into your BIOS and set the on-board video to 'disable.' Personally, I'd stay with the pci-e card, but I can't really determine that until I know what kind of on-board graphics chip you have. Actually, I guess it's really a matter of personal preference. Which one do you prefer? If you could post the make and model of your motherboard, and of your vid card that would help alot! If you have an ATI card and a nVidia chipset, those 2 do not play well together
 

6 more replies
Relevance 39.36%

Hey everyone, umm well i was fiddling around with my bios, and im running a athlon X2 so i thought hey.. ill overclock it a bit, so i went into the overclocking option in the cpu options in the bios and took it off Auto and put in on the very first one which was 800mhz.. i thought eh.. shouldnt do anything bad considering it was the lowest one there... but after i saved the settings and rebooted, my moniter is saying "pc no signal" i checked my mobo and video card, they have nothing physically wrong with them and the pc seems like its booting up fine, but yeah as i said.. monitor says pc no signal so can anyone suggest on a fix, is there a way to reset the bios to default without a moniter?

Thanks,
Rome
 

Answer:**sigh... please help me

Unplug the power cord from the PC and hold in power button for 5 or 10 seconds. Open the case. Look for a round watch-type battery. There should be a jumper right near it (usually blue or red) with 3 pins. Lets call the pins A, B, and C. The jumper is on pins A and B. Move it pins B and C for 60 seconds or so. Then move it back to pins A and B. Close up the case. Plug it in, and power up. You'll probably get an error like "CMOS invalid" or " Checksum error" or something. No biggie. It's normal. Just enter the BIOS, set the date and time, make sure it sees your drives correctly, set the boot order if you want, save the changes and exit. If you can't find the jumper I mentioned, remove the battery for a minute or two. Make note of which side is up (it's almost always the + side). Put the battery back in before powering up and follow the steps to set the time and date....

Good Luck!
And Welcome to MajorGeeks! :major
 

3 more replies
Relevance 39.36%
Question: ~sigh~...

So, I installed 8.1.... what a freakin pain. By the time I got it installed, I was already steamed. (seriously, 5 minutes alone in a room with some of these poindexters .....)

Failed twice... "setting up a few more things 3%...)
What more things...??? How about a freaking clue....(a lot to ask from the clueless shits at ms central, perhaps).

Ended up uninstalling my ESET, and had to unplug my external hd.

And then... using it.... I tried, I really did, tho not for long....sorry, but tifkam just holds nothing usable for me... I hate it. Perhaps if the install process had not been such a freakin' nightmare, I may have been more inclined to force myself to try harder to like it.

Answer:~sigh~...

It'll grow on you & you'll come to love it.
It's a good learning experience.

4 more replies
Relevance 39.36%

I have a standard VGA adaptor right.

I can't play Warcraft III because it doesn't support directx6, nor can I play project69.

Help please? oh and it said i am uptodate with it.
 

Answer:-sigh- help please.

16 more replies
Relevance 39.36%
Question: Sigh,

I think I've posted around 3 times on here about issues of my computer freezing? Anyways I restarted it and now it wont even boot up. I've looked at several websites claiming that it's a freaking software issue. I've received hundreds of software issues and it's not that. Which is what is mind boggling. How often does hardware go bad? I was told to RMA my motherboard which seems like a pain but it's on my list. Anyways I start windows up through the Hard-drive and it wont boot it will just freeze on the stupid starting windows screen. It also does the same thing booting up on the CD which is freaking annoying. Good thing I have a laptop. I've tried everything.

It wont boot up in safemode, I reseated the RAM, I've reseated the video card and completely taken out RAM. I've tried other Harddrives/boot disks.

I'm making sure before my Dad looks at the computer and we decide to RMA the motherboard.

But on a serious note why is there such a high failure rate on parts?

Answer:Sigh,

Since you have tried the reloading the OS and all the other steps, it seems that it might be your only option. Have you tried only one stick of ram?

9 more replies
Relevance 39.36%
Question: Sigh!

ok ive been having problems with my new comp so i did a fresh reinstall of everything

i installed fear ran it and got this error message when trying to adjust video card settings

warning!: The auto detect has detected that your computer may not have enough video card memory to be able to run at the current advanced video card settings and the selected resolution. maintaining this resolution may degrade preformance severley.

it stays like this on even the lowest settings!

Answer:Sigh!

Well what are your system specs?

Fear is a demanding game in general. And i'm pretty sure it's just like quake 4, ultra high settings requires 512MB of vid ram.

3 more replies
Relevance 39.36%

...well atleast I hope it's not a big problem.

Everytime I go to click a link that pops up a new window my IE freezes and eventually I get an error. It also seems to happen anytime theres a java aplet.

Also any time a pop up window opens from a website it will freeze.

My homepage is constantly being changed.

I ran Spybot, Spy Sweeper, Ad-aware... none of this works for me. I deleted my temp Internet files, cookies, everything.

Thanks in advance.
 

Answer:..sigh please help me!

16 more replies
Relevance 39.36%
Question: <sigh> NEED HELP!!

OK. New machine I am putting together.
Specs:
MB: ASUS A7N8X-E
CPU: AMD 3200 400
RAM: KINGSTON VALUE RAM 1GIG DUEL CHANNEL KIT PC3200
HHD: 2 WD RAPTORS 37 GIG
VIDEO: ASUS GFORCE 5900
FLOPPY
DVD-CDRW

Running this system in a RAID 0 config

When loading the OS (tried both XP PRO and 2k PRO) get STOP: 0x
errors.
XP:
XP gets to loading operating system and blue screens.
Dont remember the whole of the error just that
Windows has detected an error and is being shutdown to prevent damage to you system.
It then goes on to tell me to check to make sure that I have enough disk space. To disable a driver if one is indicated (None).
Check for Bios updates. Disable BIOS memory options such as caching or shadowing.

I disabled the bios cache and was able to load XP (took me 4 hours).
After enabling bios cache I started to get STOP: 0x errors again. Three different ones.
1. Same as above
2. Driver_IRQL_NOT_LESS_OR_EQUAL
STOP: 0X000000D1 (0xA5CB7B30, 0x00000002, 0x00000000, 0xF73C8CBB)
nv4_mini.sys- Address F73C8CBB base at F73A4000
3. PAGEFAULT_IN_NO_PAGE_AREA
(this one I dont have the information on. The error is not exactly the way it was displayed)

I tried all the updates I could find for all hardware.
I have replaced the RAM tried running one hard drive, and tested Vid card on another PC. I also tried to reload OS with new RAM.

2000:
Thinking maybe my Windows Xp disk wasnt performing correctly I attempted to load WIN 2K
1. STOP: 0x0000001E (0x80000003, 0x8042AAF9, 0x00000000, ... Read more

Answer:<sigh> NEED HELP!!

Bah anyone with advice. anyone at all
 

1 more replies
Relevance 39.36%
Question: Sigh.....

Hey guys, my computers acting up, im afraid it might be malware...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:15:38 AM, on 10/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.21115)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\system32\fsproflt.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Sandboxie\SbieSvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\System32\TUProgSt.exeC:\Program Files\UPHClean\uphclean.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\taskswitch.exeC:\WINDOWS\RTHDCPL.EXEC:\Program File... Read more

Answer:Sigh.....

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 39.36%
Question: sigh

i recently received a toshiba laptop, everything works fine but there is a problems which puzzles me, occasionally these jumping lines appear as though there was a electronic device near such as a phone etc but even when there is no electronic device present, it still occurs.. what is the problem and how can it be resolved?

More replies
Relevance 38.95%

I just feel like something is off. I already used shredder and spybot...

Logfile of HijackThis v1.96.4
Scan saved at 10:36:12 AM, on 3/28/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: (no name) - {D8E25C53-9508-4f5c-9249-D98D438891D5} - C:\WINDOWS\SYSTEM\SSURF022.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\2.BIN\MYBAR.DLL
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O3 - Toolbar: &... Read more

Answer::Sigh: Need help with my hijack this log...

6 more replies
Relevance 38.95%
Question: sigh, format q

I reformatted my drive, by booting to the CDRom, chose to delete primary partition, then create one, followed all the steps, very simple with this OS , anyway, when I was done and booted to windows, all my old info was still there? proggy folders, user profile... faves, everything, so what did I miss? Thanks very much I know this is such a lame q, but for the life of me I cannot figure why this happened?
 

Answer:sigh, format q

6 more replies
Relevance 38.95%

Well another one of my PCs is infected with spyware and viruses.
Any help appreciated. The log is short but still having lots of problems.

Logfile of HijackThis v1.99.1
Scan saved at 6:17:51 PM, on 7/28/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O20 - Winlogon Notify: polymorphreg - C:\Documents and Settings\All Users\Documents\Settings\polymorph.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Brother Popup Suspend service for Resource mana... Read more

Answer:Another infected PC ..... sigh, help please

Before we can provide you any assistance, you need to go here and install "Service Pack 1" This will patch numerous security holes in IE and Windows. Many baddies get on your machine by taking advantage of these vulnerabilities. As your machine stands now it is wide open to attack from all sorts of nasties. You need to get these updates before we proceed or we will be wasting our time.

DO NOT install Service pack 2 yet. If you install SP 2 on an infected machine it will cause serious problems. Just get Service Pack 1 installed. After you get SP1 installed, restart your computer then rescan with Hijack This and save a new log. Come back here and post the new Hijack This log.
 

3 more replies
Relevance 38.95%

i accidentally installled some stupid spyware on my machine...


i got the latest version of Adaware and Spybot but I seem to still have things on my box...

whenever I boot and then run IE, I get a pop-up asking to install the latest version of "Toolbar by Web Search"

grr.........


search func no worky
 

Answer:*sigh* spyware help

try "hijackthis" and "cwshedder" and see if u have any luck
 

5 more replies
Relevance 38.95%

I covered this in this thread http://forums.majorgeeks.com/showthread.php?t=240755 and thought the problem was solved. I thought at that time the problem was Spybot. Now I have the same problem and Spybot is not on my system.

The latest happened after a Microsoft XP update and because I recently had a problem with a virus (SOLVED) there was no System Restore point to get the desktop back to its previous state as I had before.

I do not have the ability to create new shortcuts. That function has disappeared just as it did in the past. When I do try to create a shortcut it wants to know what site I want to link to and gives me a predetermined list of links -- most of which link to Microsoft functions. If I type in a link, such as http://www.refdesk.com is says it cannot find it. It will allow me to select a link which is already on the computer as a saved link but not a link from the actual favorites page.

This is truly frustrating. I am happy that I only had a few links that I had created but my ability to link to them is gone.

Any suggestions?

Thanks,

j
 

Answer:<sigh> Old problem, new cause

Well in your other thread you said you put Spybot back on in the last 2 or 3 posting.

Well how did you remove spybotI have good ways of completely removing items in xp.
 

12 more replies
Relevance 38.95%

Hi guys,

Everytime I open an application such or game I get this error
"The application failed to initialize properly (0x0000005). Click OK to terminate the application"

So I when I get this error I decided I might need to uninstall the application and reinstall it but the thing is I get another error when I uninstall the program.
"Setup launch failed to initialize engine
%1 is not a valid win32 application"

Anyone got any clues on how to fix this??
It wil be much appreciated.
 

Answer:sigh...I need help I'm getting errors

6 more replies
Relevance 38.95%

Hi, I'm new here. Name's Leila, and I have very limited knowledge of computers. To be frank, I've been retarded.
I have been downloading variouse things with out back up files (doh) or virus detection because funding is low (DOH).
Well, I installed Kazaa Lite and that lovely website suggested adAware, and that led me to here.
The thought that there would be a free virus scan on the internet never crossed my mind, but here I was, and there were some free virus scans. So I got one, and began scanning, and I have a lot of files that can't be helped and need to be deleted. Some of them are crucial files.
So, my question is, what should I do since I have no back ups?
And sorry for the novel.
 

Answer:*sigh* someone please help the blond

*sigh* Please help the blonde

Hi, I'm new here. Name's Leila, and I have very limited knowledge of computers. To be frank, I've been retarded.
I have been downloading variouse things with out back up files (doh) or virus detection because funding is low (DOH).
Well, I installed Kazaa Lite and that lovely website suggested adAware, and that led me to here.
The thought that there would be a free virus scan on the internet never crossed my mind, but here I was, and there were some free virus scans. So I got one, and began scanning, and I have a lot of files that can't be helped and need to be deleted. Some of them are crucial files.
So, my question is, what should I do since I have no back ups?
And sorry for the novel.
 

11 more replies
Relevance 38.95%
Question: *sigh* I'm back

Well, I don't have any obvious virus on my pc but it's been acting funny since I got rid of the SpySheriff thing. My IE won't open on the first try and once it does, it won't give me my back button. I've tried running webroot spysweeper, and that found somethings and got rid of them, but the problem is still there. I tried running Ad-Aware only to have it freeze up when it hits a file that starts with HKEY_LOCAL_MACHINE/Software...

Allmy files are opening extremely slow and I know something is on here. I just can't seem to get rid of it. :/

Here's my HJT log. Anyone have any ideas? Am I in the wrong thread and just don't know it?
Logfile of HijackThis v1.99.1
Scan saved at 11:39:00 AM, on 10/17/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Webroot\Spy S... Read more

Answer:*sigh* I'm back

14 more replies
Relevance 38.95%

well, i've been trying to figure this out for almost four months now.
My LAN doesn't work anymore. I the two computers, and used the LAN all the time, after a horrible crash, which i curse my little brother for, i had to re-install windows on one of the computers. ever scince the LAN doesn't work. I used al the default configurations and all but still nothing.

Now heres the weird thing.

if i hook the LAN cable up to my computer and my MAC it works fine. Actually it works superb. all i want is a simple home network so i can finish projects with a buddy of mine.

If anyone can help this problem i would greatly appreciate it.

P.S. i just read a thread that was made a while back, mentioning something about same workgroup name, i'm pretty sure they are the same, but then again, who knows i'll check it.

thank you!
 

Answer:*sigh* another LAN problem.

Your Local Area Network (LAN) doesn't work and you want help with it, right?

A LAN can be as simple as two devices communicating via wireless or over some type of cable, or as complicated as a modem, router, several switches, multiple computers connecting by wireless, others by ethernet, etc. Please describe yours so that we know with what we are dealing.

And then explain what about your network is not working and what, if anything, is working.
 

1 more replies
Relevance 38.95%

I have administration rights, and this is a fresh install on a formatted partition of my harddrive. This is driving me insane. It was working prior but I had to reinstall to get the drivers for my network adapter to work.

I have tried reformatting TWICE and it's still giving me trouble.

Here's some examples:

Latest 8800 GTS drivers:

1) Publisher could not be verified... etc. etc: I click Run
2) UAC does its annoying stuff: I click Allow
3) NVIDIA Windows Vista x64 Display Drivers has stopped working.
4) Close the program
5) The application failed to initialize properly (0xc0000005) Click OK to terminate the application: Click OK
6) NVIDIA Windows Vista x64 Display Drivers has stopped working.
7) Close the program
8) Lower right corner states the program was closed. (No crap)

Firefox 2.0.0.7

1) Publisher could not be verified... etc. etc: I click Run
2) UAC does its annoying stuff: I click Allow
3) Firefox has stopped working.
4) The program might have not installed correctly

Sound Blaster X-Fi Drivers (Latest)

1) UAC does its annoying stuff: I click Allow
2) Self installation has stopped working

I also get a "80200053" error in Windows update... and I dont know what this means. I've never seen it and can't find much of anything on it.

Any help is appreciated!

Answer:*sigh* nothing but headaches.

Well, I assume you get your network adapter to work (Is it a netgear?)

Try unplugging it, see if you get the same problems

22 more replies
Relevance 38.95%

I've got to find a way to stop this, as it seems to happen every time my nieces use my computer for any period of time. As always, here is my latest Hijack This log:
Logfile of HijackThis v1.99.0
Scan saved at 3:26:41 AM, on 1/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\twain_32\SiPix\SCBlink2\Srvany.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\twain_32\SiPix\SCBlink2\USBPNP.exe
C:\WINNT\System32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\PREVX\Prevx Home\PXAgent.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\WINNT\System32\SahAgent.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINNT\System32\wuauclt... Read more

Answer:*sigh* PLEASE help me with my Hijack This log once again, thanks a lot!

10 more replies
Relevance 38.95%

First of all, the thrill of finding these boards made the dismay of what is on my computer a great deal easier to take. Thank you all from the bottom of my heart. The day I get an income, you have a donation.

I was hit, quick and hard, by pop ups, then eveything else, bog down, so many things running I don't recognize and can't kill.
After spybot and adaware, I still have a few. I ran hijackthis, incredible, btw, and have my file ready to post if some wonderful techie has the time to help.

My biggest question is, how in the WORLD did these people get on my computer? Kazaalite? Do ALL music programs do this? I do not arbitrarily download anything and I don't visit porn pages.

I now realize that I ignored a few early clues and won't do that again. My web server tells me the most popular page of mine (at www.packrat-pro.com) that receives the "page not found" error is robot.txt. I don't HAVE robot.txt on may pages. Is this something to hunt down and kill? Any tips here, I have hundreds of pages.

Meanwhile, I am going to go read, read and read your postings. I a soo happy to have found such a wonderful geek place at long last.

Thank you! Anne, an old dog having to learn new tricks. Again.
 

Answer:[SOLVED] Mee too, sigh

16 more replies
Relevance 38.95%

brand new m8120 hp media center computer. took it outta the box and it wont power on. so far i have tried to:
switched the power cables
switch outlets
check the wiring
called tech support
disconnected and reconnected
im really hoping it isnt a defective power suppy. is there anyway to check whether it is the power supply without switching it?
 

Answer:Sigh new Hp won't power on

Look on the back of the power supply for an ON/OFF switch. If you want to open the case, look at the wires that lead from the front of the case switch to the motherboard and verify that they haven't come loose. Look for any other obvious unplugged cables.

There really isn't a way to test the power supply properly without trying it in another machine, or eliminating it by trying a known good supply in the problem box.

If there isn't one there, or if that isnt' the problem, you need to send it back. If this is brand new, let them replace it with one that works. It's really not your job to make it not defective. You have the right to a functioning machine. It's very unlike HP to ship a defective machine, and I'm sure they will take care of it--the process may be frustrating but I think they'll make it right for you.
 

1 more replies
Relevance 38.95%
Question: /sigh another bsod

Pc has been working fine for about 2 weeks since you guys helped me with my last BSOD........and today there is a new one. I'm getting so frustrated with this crap. It seems like every time there are updates for Win 7 there is a new problem.

Thanks for help!

Answer:/sigh another bsod

Sorry I forgot to add that these BSODs only occur on start up for me. I'm running all up to date drivers (as far as I know)and I have tested memory and CPU for hours looking for errors and none have been identified.

9 more replies
Relevance 38.95%

Ok, I've been through hell with this motherboard and I'm at a point now where I just have no idea and I've looked for so long to solutions for this and I don't know where to go at the moment so I'll tell my story...

About 5 months ago when the AM2 line was released I bought it right away(mistake I know) I bought these parts...

AMD X2 4200+ AM2
ASUS M2N-SLi Deluxe
2GB OCZ Gold DDR2-800 PC6400
2x 250GB Seagate SATA-II HDD's
ASUS DVD Burner(not sure of the model)
Antec True Power 2.0 550w PSU
2x eVGA 7900GT CO meant to be in SLi
Ok, the initial problems were as such, I'd try to install windows and it would get through the initial part where it said at the bottom, "setup is loading xxx" and then when it got to "setup is loading windows" it would freeze and not go to the next stage, at this point I researched and asked a ton of places what the problem could be, people suggested getting the SATA Drivers for the Hard drive, which I did to no avail same issue I loaded them as said. At this point I shattered my ankle and was rendered immobile for 4 months. 3I then across a person who had this same problem as I had and said it was the conflict of the OCZ RAM with the motherboard so I got the first RMA from OCZ saying this would fix the problem(they sent me 2GB of OCZ platinum) which, when it arrived would not even boot, gave post errors so I call OCZ back a while later saying this and they said they probably gave me the wrong... Read more

Answer:M2N-SLi Deluxe *sigh*

16 more replies
Relevance 38.95%

Hi all.

Running a Dell computer, with Windows XP..

Yesterday and today. ran ad-aware and both days.. one item appeared .. it was a registry file. and said, Possible browser hi jack..

Then when I clicked on it.. to see what it was.. Spyware guard,, said, it was a hi jack, and do I want my home page changed.. Of course, I said, NO.. Yesterday and today. exact same thing..

I just ran ad-aware, spybot, cwshredder, and attached is my hi jack log.

Can someone check it to make sure it's now 'clean'

Thanks .. Helene.

Logfile of HijackThis v1.97.7
Scan saved at 10:20:25 AM, on 5/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Hewlett-Packard\Digita... Read more

Answer:I Think I've been hijacked.. SIGH

Its clean
 

3 more replies
Relevance 38.95%

Hi all here is the latest info in my recurring bsod saga...


Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.256.4
Locale ID: 1033

Additional information about the problem:
BCCode: 9f
BCP1: 0000000000000003
BCP2: FFFFFA80062C5A20
BCP3: FFFFF80000B9C518
BCP4: FFFFFA8008C3A010
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\111610-13681-01.dmp
C:\Users\ron\AppData\Local\Temp\WER-19843-0.sysdata.xml

Read our privacy statement online:
Windows 7 Privacy Statement - Microsoft Windows

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

Answer:*sigh* STILL getting BSODs

Code:
Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Users\richc46\AppData\Local\Temp\Temp7_Windows_NT6_BSOD_jcgriff2[1].zip\Windows_NT6_BSOD_jcgriff2\110910-12558-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
DbsSplayTreeRangeMap::Add: ignoring zero-sized range at ?fffff800`00b9c500?
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02c1a000 PsLoadedModuleList = 0xfffff800`02e57e50
Debug session time: Tue Nov 9 19:01:50.313 2010 (GMT-5)
System Uptime: 0 days 1:26:39.357
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use ... Read more

3 more replies
Relevance 38.95%

Hello guys, I have run into another BSOD. (My OS is Windows 7 on a Thinkpad Lenovo x201)

This one is "Page_Fault_in_Nonpaged_Area"

STOP: 0x00000050 (0xFFFFF88004123000, 0x0000000000000001, 0xFFFFF80002c734f1, 0x0000000000000000)

The funny this about this BSOD is that it restarts by itself when the blue screen appears. Another thing is that I CANNOT access 'Safe Mode' or 'Debugging Mode' at all. I tried system restoring to a time when my laptop worked, but it did not fix the problem. I tried checking the memory and it still does not work.

I googled all about this, but most of them were useless because I could not access Safe Mode. This is very frustrating.

Anyone know what the problem is?

Thanks in advance
 

More replies