1

I believe I'm having a spyware issue, but I'm not certain. Here's my hijack this scan.
Hope someone can help. Thanks all!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:08:51 PM, on 12/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\M-Audio\Black Box\Install\BlackBoxInst.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\TW9t\command.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\system32\dldurlso.exe
C:\Program Files\M-Audio\Install\EvoInst.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\M-Audio\Transit\Install\TUSBInst.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\WINDOWS\system32\MAFWTray.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Messenger\meven77798.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Insider\Insider.exe
C:\PROGRA~1\COMMON~1\ziri\zirim.exe
C:\Program Files\WinAble\winable.exe
C:\Documents and Settings\Terry\Application Data\frodjm.exe
C:\Program Files\IEEE 802.11g USB Wireless LAN\Wireless LAN\WlanUtil.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\ziri\ziria.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\COMMON~1\ziri\ziril.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Terry\Desktop\HiJackThis_v2.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?.intl=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {820BE8EA-AC30-4125-8BF8-5EB74ABD5840} - C:\WINDOWS\system32\jkkjj.dll
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll (file missing)
O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive3.dll (file missing)
O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O2 - BHO: {b5672177-ad2e-86d8-8fd4-65614b7983d9} - {9d3897b4-1656-4df8-8d68-e2da7712765b} - C:\WINDOWS\system32\tnmiscpm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\ddcdede.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\tsitra11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A284662E901F3D293314D6ECF32257895769ABCF75D7551F77C152BBD53B2C3823C477ACE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [meven] C:\Program Files\Messenger\meven77798.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [402d6dfe] rundll32.exe "C:\WINDOWS\system32\ydbpoywy.dll",b
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tjda] "C:\Documents and Settings\Terry\My Documents\??crosoft.NET\n?pdb.exe"
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [ziri] C:\PROGRA~1\COMMON~1\ziri\zirim.exe
O4 - HKCU\..\Run: [Vbloii] C:\WINDOWS\??sembly\e?plorer.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Microsft Windows Adapter 5.1.3013] C:\Documents and Settings\Terry\Application Data\qpwgcypuvwn.exe
O4 - HKCU\..\Run: [Awola] "C:\Documents and Settings\Terry\Application Data\Awola\Awola.exe" /MIN
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\IEEE 802.11g USB Wireless LAN\Wireless LAN\WlanUtil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: ddcdede - C:\WINDOWS\SYSTEM32\ddcdede.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Black Box Installer (BlackBoxInstallerService) - Unknown owner - C:\Program Files\M-Audio\Black Box\Install\BlackBoxInst.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TW9t\command.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\dldurlso.exe
O23 - Service: M-Audio Installer (EvoInstallerService) - Unknown owner - C:\Program Files\M-Audio\Install\EvoInst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: M-Audio Transit Installer (TransitInstallerService) - M-Audio - C:\Program Files\M-Audio\Transit\Install\TUSBInst.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\rtejegacaz.html

--
End of file - 11106 bytes

3
Contributors
6
Replies
7
Views
9 Years
Discussion Span
Last Post by Tabby8
0

I'd like to add that in my ignorance to solve the problem, I shut down a process that was running, suspecting that it may have been the virus. (The virus I believe I was dealing with was Awola).
I do not recall which process I shut down, nor do I have any idea how to turn it back on. The Awola pop ups stopped when I rebooted but unfortunately, I lost my ability to get into my control panel, I had no icons on my desktop, ect. I was able to get online and downloaded the hijack this program.
Anyway, I'm in a bit of a pickle. ;)
Hope someone out there has an idea how to get my computer running again.
Thanks again in advance, it's greatly appreciated.

0

Hi and welcome to Daniweb forums :).

Download the newest version of HiJackThis; version 2.0.2. Place it in a permanent folder before scanning.


Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

0

Hi!

Thank you so much for helping me!

I ran a fresh hijackthis, the results are below.
I could not get a log from the combo fix, unfortunately.
I ran it several times, but at the end, I would always receive an error message.
My desktop icons have returned, are functioning and I'm able to get into my control panel now, but Awola is still in my start up bar, reminding me with pop ups every five seconds that my computer is infected.
How do I get rid of it? I've tried the standard search and delete, I assume it's hiding elsewhere where I can't locate it.

I think it may be connected to internet explorer, which I would love to permanently remove from my system anyway. I've tried many times unsuccessfully. How do I do this? Can I without upsetting my system?

Also, when I purchased this used custom PC, I foolishly believed that it had anti virus protection, and it does not. What should I install on my system?
I would greatly appreciate any recommendations that you may have.

Thanks for your time and effort! It means a lot :)

Here is my fresh hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13, on 2007-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\M-Audio\Black Box\Install\BlackBoxInst.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\TW9t\command.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\system32\dldurlso.exe
C:\Program Files\M-Audio\Install\EvoInst.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\M-Audio\Transit\Install\TUSBInst.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Terry\Desktop\HiJackThis.exe
C:\Documents and Settings\Terry\Desktop\HiJackThis(2).exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\ComboFix\nircmd.cfexe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\findstr.exe
C:\ComboFix\mtee.cfexe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?.intl=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {509E863B-4CB6-4337-BF54-1656D6984C74} - C:\WINDOWS\system32\jkkjj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll (file missing)
O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive3.dll (file missing)
O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O2 - BHO: {b5672177-ad2e-86d8-8fd4-65614b7983d9} - {9d3897b4-1656-4df8-8d68-e2da7712765b} - C:\WINDOWS\system32\tnmiscpm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\ddcdede.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [meven] C:\Program Files\Messenger\meven77798.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [402d6dfe] rundll32.exe "C:\WINDOWS\system32\ydbpoywy.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tjda] "C:\Documents and Settings\Terry\My Documents\??crosoft.NET\n?pdb.exe"
O4 - HKCU\..\Run: [ziri] C:\PROGRA~1\COMMON~1\ziri\zirim.exe
O4 - HKCU\..\Run: [Vbloii] C:\WINDOWS\??sembly\e?plorer.exe
O4 - HKCU\..\Run: [Microsft Windows Adapter 5.1.3013] C:\Documents and Settings\Terry\Application Data\qpwgcypuvwn.exe
O4 - HKCU\..\Run: [Awola] "C:\Documents and Settings\Terry\Application Data\Awola\Awola.exe" /MIN
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\IEEE 802.11g USB Wireless LAN\Wireless LAN\WlanUtil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: ddcdede - C:\WINDOWS\SYSTEM32\ddcdede.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Black Box Installer (BlackBoxInstallerService) - Unknown owner - C:\Program Files\M-Audio\Black Box\Install\BlackBoxInst.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TW9t\command.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\dldurlso.exe
O23 - Service: M-Audio Installer (EvoInstallerService) - Unknown owner - C:\Program Files\M-Audio\Install\EvoInst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: M-Audio Transit Installer (TransitInstallerService) - M-Audio - C:\Program Files\M-Audio\Transit\Install\TUSBInst.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\rtejegacaz.html

--
End of file - 9419 bytes

0

I was able to do a system restore and I think I may have solved the Awola issue. I ran combo fix again and was able to get a log.

I think my issue may be resolved. I've included the log in this post just in case it's still there and hiding.

I do still need to install an anti virus program and would like to get rid of internet explorer.
Suggestions?

Thanks again!!

xoxo

ComboFix 07-12-09.1 - Pipeline 2007-12-10 14:43:21.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.643 [GMT -8:00]
Running from: C:\Documents and Settings\Terry\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Terry\Application Data\SMBOLS~1
C:\Program Files\Common Files\sks~1
C:\Program Files\Common Files\smante~1
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Common Files\ziri\ziria.exe
C:\Program Files\Common Files\ziri\ziria.lck
C:\Program Files\Common Files\ziri\zirid\ziric.dll
C:\Program Files\Common Files\ziri\ziril.exe
C:\Program Files\Common Files\ziri\ziril.lck
C:\Program Files\Common Files\ziri\zirim.exe
C:\Program Files\Common Files\ziri\zirim.lck
C:\Program Files\Common Files\ziri\zirip.exe
C:\Program Files\Common Files\ziri\zirip.lck
C:\Program Files\curity~1
C:\Program Files\fnts~1
C:\Program Files\inetget2
C:\Program Files\inetget2\emg.exe
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\ISM2
C:\Program Files\ISM2\adhydraupd.exe
C:\Program Files\ISM2\ISMPack7.exe
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\Program Files\WinAble\winable.exe
C:\Program Files\WindowsUpdate\rtejegacaz.html
C:\Program Files\ystem~1
C:\WINDOWS\b103.exe
C:\WINDOWS\b104.exe
C:\WINDOWS\b111.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b143.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\b148.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\mbols~1
C:\WINDOWS\mrofinu.exe
C:\WINDOWS\sembly~1
C:\WINDOWS\stem~1
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\btllrduq.dll
C:\WINDOWS\system32\ddcdede.dll
C:\WINDOWS\system32\dldurlso.exe
C:\WINDOWS\system32\dtkfkays.dll
C:\WINDOWS\system32\galidnfa.exe
C:\WINDOWS\system32\hwcvvhjt.dll
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\qudrlltb.ini
C:\WINDOWS\system32\smbols~1
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\wyeeqlox.exe
C:\WINDOWS\system32\xyysijkm.exe
C:\WINDOWS\TW9t\
C:\WINDOWS\TW9t\\asappsrv.dll
C:\WINDOWS\TW9t\\command.exe
C:\WINDOWS\TW9t\\nq6Q.vbs
C:\WINDOWS\TW9t\command.exe
C:\WINDOWS\uninstall_nmon.vbs
.
---- Previous Run -------
.
C:\A.tmp
C:\C.tmp
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Terry\Application Data\SMBOLS~1
C:\Documents and Settings\Terry\My Documents\CROSOF~1.NET
C:\Documents and Settings\Terry\My Documents\MANTEC~1
C:\Documents and Settings\Terry\My Documents\MBOLS~1
C:\Documents and Settings\Terry\My Documents\SMBOLS~1
C:\Documents and Settings\Terry\My Documents\YSTEM~1
C:\F.tmp
C:\Program Files\Common Files\sks~1
C:\Program Files\Common Files\smante~1
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Common Files\ziri
C:\Program Files\Common Files\ziri\ziria.exe
C:\Program Files\Common Files\ziri\ziria.lck
C:\Program Files\Common Files\ziri\zirid\class-barrel
C:\Program Files\Common Files\ziri\zirid\vocabulary
C:\Program Files\Common Files\ziri\zirid\ziric.dll
C:\Program Files\Common Files\ziri\zirih
C:\Program Files\Common Files\ziri\ziril.exe
C:\Program Files\Common Files\ziri\ziril.lck
C:\Program Files\Common Files\ziri\zirim.exe
C:\Program Files\Common Files\ziri\zirim.lck
C:\Program Files\Common Files\ziri\zirip.exe
C:\Program Files\Common Files\ziri\zirip.lck
C:\Program Files\curity~1
C:\Program Files\fnts~1
C:\Program Files\inetget2
C:\Program Files\inetget2\emg.exe
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\ISM2
C:\Program Files\ISM2\adhydraupd.exe
C:\Program Files\ISM2\dictionary.gz
C:\Program Files\ISM2\ISMPack7.exe
C:\Program Files\ISM2\targets.gz
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\Program Files\WinAble\winable.exe
C:\Program Files\WindowsUpdate\rtejegacaz.html
C:\Program Files\ystem~1
C:\WINDOWS\b103.exe
C:\WINDOWS\b104.exe
C:\WINDOWS\b111.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b128.exe.bin
C:\WINDOWS\b138.exe
C:\WINDOWS\b143.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\b148.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\mbols~1
C:\WINDOWS\mrofinu.exe
C:\WINDOWS\sembly~1
C:\WINDOWS\stem~1
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\ddcdede.dll
C:\WINDOWS\system32\dldurlso.exe
C:\WINDOWS\system32\dtkfkays.dll
C:\WINDOWS\system32\feskqfox.dll
C:\WINDOWS\system32\galidnfa.exe
C:\WINDOWS\system32\hwcvvhjt.dll
C:\WINDOWS\system32\jjkkj.bak1
C:\WINDOWS\system32\jjkkj.bak2
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\smbols~1
C:\WINDOWS\system32\tnmiscpm.dll
C:\WINDOWS\system32\toonaqku.dll
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\wyeeqlox.exe
C:\WINDOWS\system32\xyysijkm.exe
C:\WINDOWS\system32\ydbpoywy.dll
C:\WINDOWS\system32\ywyopbdy.ini
C:\WINDOWS\TW9t\
C:\WINDOWS\TW9t\\asappsrv.dll
C:\WINDOWS\TW9t\\command.exe
C:\WINDOWS\TW9t\\nq6Q.vbs
C:\WINDOWS\TW9t\command.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\ziri
C:\WINDOWS\ziri\wu
C:\WINDOWS\ziri\ziri.dat

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\DomainService
-------\Network Monitor


-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\DomainService
-------\Network Monitor




-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\DomainService
-------\Network Monitor


(((((((((((((((((((((((((   Files Created from 2007-11-10 to 2007-12-10  )))))))))))))))))))))))))))))))
.

2007-12-10 14:35 . 2007-12-10 14:35 <DIR>    d--------   C:\WINDOWS\ziri
2007-12-09 21:08 . 2007-12-09 22:36 <DIR>    d--------   C:\Program Files\Enigma Software Group
2007-12-09 20:59 . 2007-12-09 20:59 0   --ahs----   C:\Documents and Settings\Terry\Application Data\fce5fdab156bd88783e251422e52ecd50d8a7395.dat
2007-12-08 11:57 . 2007-12-10 14:35 <DIR>    d--------   C:\Program Files\WinZip Self-Extractor
2007-12-03 11:10 . 2007-08-03 10:10 185,960 -ra------   C:\UNRAR.DLL
2007-11-30 14:01 . 2007-11-30 18:41 793,682 ---hs----   C:\WINDOWS\system32\vmtylewj.ini
2007-11-15 03:14 . 2007-11-15 03:14 <DIR>    d--------   C:\Documents and Settings\LocalService\Application Data\Talkback
2007-11-12 20:41 . 2007-11-12 20:41 25  --a------   C:\WINDOWS\mixerdef.ini
2007-11-12 13:51 . 2004-08-03 23:08 10,624  --a------   C:\WINDOWS\system32\drivers\gameenum.sys
2007-11-12 13:51 . 2004-08-03 23:08 10,624  --a--c---   C:\WINDOWS\system32\dllcache\gameenum.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-10 22:45    ---------   d-----w C:\Documents and Settings\Terry\Application Data\DNA
2007-11-18 19:01    ---------   d-----w C:\Program Files\RegistrySmart
2007-11-12 08:14    ---------   d-----w C:\Documents and Settings\Terry\Application Data\BitTorrent
2007-11-02 01:04    ---------   d-----w C:\Documents and Settings\Terry\Application Data\RegistrySmart
2007-10-11 22:28    ---------   d-----w C:\Program Files\IrfanView
2007-10-11 22:09    ---------   d-----w C:\Program Files\Java
2007-10-11 21:48    ---------   d-----w C:\Program Files\FriendBlasterPro
2007-10-11 18:02    ---------   d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-11 01:58    ---------   d-----w C:\Documents and Settings\Terry\Application Data\MSN6
2007-10-10 18:46    ---------   d--h--w C:\Program Files\InstallShield Installation Information
2007-03-07 01:18    48,034  -c--a-w C:\Program Files\uninstal_msi.log
2007-03-07 01:18    23,307  -c--a-w C:\Program Files\setuplog.txt
2007-03-06 23:59    20,521  -c--a-w C:\Program Files\EthnoInstr_uninstal.log
2003-11-04 00:07    499,712 -c--a-w C:\Program Files\msvcp71.dll
2003-11-04 00:07    348,160 -c--a-w C:\Program Files\msvcr71.dll
2003-05-30 16:22    344,064 -c--a-r C:\Program Files\msvcr70.dll
2003-03-21 20:37    16,056  -c--a-w C:\Program Files\owcstp16.dll
2002-01-05 10:40    487,424 -c--a-w C:\Program Files\msvcp70.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}]
            C:\Program Files\ISM\BndDrive7.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B27CC68-110C-46a9-80D3-F3107DE6EB98}]
            C:\Program Files\ISM\BndDrive3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}"= C:\WINDOWS\system32\WinNB58.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}]
[HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 19:25]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 12:08]
"DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-06-06 21:42]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-03-01 15:11]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Tjda"="C:\Documents and Settings\Terry\My Documents\??crosoft.NET\n?pdb.exe" []
"Vbloii"="C:\WINDOWS\??sembly\e?plorer.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"M-Audio Taskbar Icon"="C:\WINDOWS\System32\M-AudioTaskBarIcon.exe" [2005-10-18 10:00]
"MAFWTaskbarApp"="C:\WINDOWS\system32\MAFWTray.exe" [2005-09-20 18:17]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 02:46]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"NexusServer"="C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" [2004-04-28 00:41]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 15:26]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2006-02-14 23:31]
"SoundMan"="soundman.exe" [2005-06-20 05:42 C:\WINDOWS\soundman.exe]
"meven"="C:\Program Files\Messenger\meven77798.exe" [2007-08-07 12:30]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 C:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 00:48 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
IEEE 802.11g USB Wireless LAN Utility.lnk - C:\Program Files\IEEE 802.11g USB Wireless LAN\Wireless LAN\WlanUtil.exe [2006-12-22 15:23:25]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
WinZip Quick Pick.lnk - C:\WZQKPICK.EXE [2007-08-03 10:10:00]

R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys
R2 BlackBoxInstallerService;Black Box Installer;C:\Program Files\M-Audio\Black Box\Install\BlackBoxInst.exe
R2 EvoInstallerService;M-Audio Installer;C:\Program Files\M-Audio\Install\EvoInst.exe
R2 TransitInstallerService;M-Audio Transit Installer;C:\Program Files\M-Audio\Transit\Install\TUSBInst.exe
R2 WUSB300NSvc;WUSB300NSvc;"C:\Program Files\Linksys\WUSB300N\WLService.exe" "WUSB300N.exe"
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys
S3 EVOLUSB;%EVOL_USB.SvcDesc%;C:\WINDOWS\system32\drivers\evolusb.sys
S3 iLokDrvr;iLok;C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys
S3 MA_CMIDI;M-Audio USB Driver;C:\WINDOWS\system32\drivers\ma_cmidi.sys
S3 ma763006;M-Audio Transit USB;C:\WINDOWS\system32\drivers\MA763006.sys
S3 MADFU006;MADFU006;C:\WINDOWS\system32\DRIVERS\MADFU006.sys
S3 ZD1211BU(WLAN);IEEE  802.11g USB Wireless LAN(WLAN);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys

*Newly Created Service* - GTNDIS5 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}]
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\CChat25.inf,PerUserAdd.NT
.
Contents of the 'Scheduled Tasks' folder
"2007-12-03 14:07:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
--------------------- DLLs Loaded Under Running Processes --------------------- 

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\Terry\LOCALS~1\Temp\cjelyjqo.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-12-10 14:47:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

C:\WINDOWS\QTFont.for 1409 bytes
C:\WINDOWS\QTFont.qfn 54156 bytes

scan completed successfully 
hidden files: 2 

**************************************************************************
.
Completion time: 2007-12-10 14:48:18 - machine was rebooted
.
    --- E O F ---

Edited by mike_2000_17: Fixed formatting

0

There is a decent AV link in my signature below. IE cannot be removed from your system. Just do not use it :).

==

Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the
    Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract
    All
    ,
  • Open the extracted folder and double click RunThis.bat to
    start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the
    registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool
    will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and
    display Finished, then press any key to end the script and load
    your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the
    contents of the results file Report.txt back onto the forum with
    a new HijackThis log
0

"IE cannot be removed from your system. Just do not use it ."

In add/remove taking out the windows component of IE doesn't remove it? It seems to at least on the surface..

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.