Advertising Pop-Ups and Slowness

DDS (Ver_09-12-01.01) - NTFSx86 
Run by knoy001 at 13:02:12.50 on Tue 01/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2006 [GMT -5:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)   {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\Program Files\Novell\CASA\bin\micasad.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\Program Files\Novell\ZENworks\bin\ZenworksWindowsService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Novell\ZENworks\bin\nzrWinVNC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Novell\Zenworks\bin\ZenNotifyIcon.exe
C:\Program Files\Novell\ZENworks\bin\ZenUserDaemon.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\iprntctl.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\knoy001\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\knoy001\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://feeds.eng.fiu.edu/
mWinlogon: System=c:\program files\novell\zenworks\bin\preboot\ZISWIN.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uvc7jk640c] c:\docume~1\knoy001\locals~1\temp\c.exe
uRun: [ZagrebLand] c:\docume~1\knoy001\locals~1\temp\b.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [NWTRAY] NWTRAY.EXE
mRun: [ZenNotifyIcon] c:\program files\novell\zenworks\bin\ZenNotifyIcon.exe
mRun: [ZENWorksUserDaemon] c:\program files\novell\zenworks\bin\ZenUserDaemon.exe
mRun: [NalView] c:\program files\novell\zenworks\bin\nalview.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [iPrint Tray] c:\windows\system32\iprntctl.exe TRAY_ICON
mRun: [iPrint Event Monitor] c:\windows\system32\iprntlgn.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
StartupFolder: c:\docume~1\knoy001\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\knoy001\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254237067046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: LCredMgr - c:\program files\novell\casa\bin\lcredmgr.dll
Notify: nzrNotifier - nzrNotifier.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: EIC Software Distribuition: {763370c4-268e-4308-a60c-d8da0342be32} - c:\program files\novell\zenworks\bin\NalShell.dll
LSA: Authentication Packages = msv1_0 nwv1_0
Hosts: 127.0.0.1    www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\knoy001\applic~1\mozilla\firefox\profiles\s27f5eiz.default\
FF - prefs.js: browser.startup.homepage - hxxp://feeds.eng.fiu.edu/
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\documents and settings\knoy001\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\knoy001\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\knoy001\application data\mozilla\firefox\profiles\s27f5eiz.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-29 340592]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2009-9-29 34592]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-9-29 12672]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-3-10 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-9-29 67904]
R2 Novell Identity Store;Novell Identity Store;c:\program files\novell\casa\bin\micasad.exe [2009-6-24 245760]
R2 Novell ZENworks Agent Service;Novell ZENworks Agent Service;c:\program files\novell\zenworks\bin\ZenworksWindowsService.exe [2009-11-26 28672]
R2 nzwinvnc;Novell ZENworks Remote Management powered by VNC;c:\program files\novell\zenworks\bin\nzrWinVNC.exe [2009-11-20 2379776]
R2 WNTHW;WNTHW;c:\windows\system32\drivers\WNTHW.SYS [2009-9-29 9176]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2009-4-7 31896]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-29 90360]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-29 42424]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-9-29 64432]
S3 ZENPreAgent;Novell ZENworks Pre Agent;c:\windows\novell\zenworks\bin\ZENPreAgent.exe [2009-9-29 188416]

=============== Created Last 30 ================

2010-01-04 18:27:18    127    ----a-w-    c:\documents and settings\knoy001\webct_upload_applet.properties
2009-12-22 20:50:25    0    d-----w-    c:\program files\Trend Micro
2009-12-22 20:47:09    0    d-----w-    c:\program files\Spybot - Search & Destroy
2009-12-22 20:47:09    0    d-----w-    c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-12-22 20:40:43    0    d-----w-    c:\program files\CleanUp!
2009-12-22 20:40:22    0    d-----w-    c:\program files\CCleaner
2009-12-21 15:49:35    0    d-----w-    C:\Quarantine
2009-12-21 15:43:12    221184    ----a-w-    c:\windows\system32\wmpns.dll
2009-12-15 17:22:27    0    d-----w-    c:\program files\Paint.NET
2009-12-11 22:15:44    0    d-----w-    c:\docume~1\knoy001\applic~1\MozillaControl
2009-12-11 22:13:51    0    d-----w-    c:\program files\Mozilla ActiveX Control v1.7.12
2009-12-11 22:12:58    0    d-----w-    c:\program files\VideoLAN
2009-12-11 22:11:08    0    d-----w-    c:\program files\Graboid
2009-12-11 20:16:54    73728    ----a-w-    c:\windows\NalRedir.dll

==================== Find3M  ====================

2009-11-26 16:55:32    94208    ----a-w-    c:\windows\system32\ZenCCS.dll
2009-11-26 16:55:02    126976    ----a-w-    c:\windows\system32\ZenLgn.dll
2009-11-26 16:53:40    24576    ----a-w-    c:\windows\system32\ZenPol.dll
2009-11-20 12:36:02    57344    ----a-w-    c:\windows\system32\nzrNotifier.dll
2009-11-10 23:20:54    424960    ----a-w-    c:\windows\system32\NWGina.dll
2009-10-13 23:46:39    411368    ----a-w-    c:\windows\system32\deploytk.dll
2009-06-24 23:58:12    114688    ----a-w-    c:\program files\ad_ff.dll
2009-06-01 23:19:08    6253    ----a-w-    c:\program files\eula.rtf

============= FINISH: 13:03:05.57 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/28/2009 3:48:58 PM
System Uptime: 1/4/2010 8:08:58 AM (29 hours ago)

Motherboard: Dell Inc.           |  | 0M3918
Processor:               Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 57.961 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP21: 10/13/2009 1:26:37 PM - System Checkpoint
RP22: 10/13/2009 7:46:28 PM - Installed Java(TM) 6 Update 16
RP23: 10/14/2009 8:07:39 PM - System Checkpoint
RP24: 10/15/2009 8:08:02 PM - System Checkpoint
RP25: 10/16/2009 8:43:40 PM - System Checkpoint
RP26: 10/17/2009 9:07:40 PM - System Checkpoint
RP27: 10/18/2009 9:55:40 PM - System Checkpoint
RP28: 10/19/2009 10:19:42 PM - System Checkpoint
RP29: 10/20/2009 10:31:40 PM - System Checkpoint
RP30: 10/21/2009 11:07:33 PM - System Checkpoint
RP31: 10/22/2009 11:19:33 PM - System Checkpoint
RP32: 10/24/2009 12:19:33 AM - System Checkpoint
RP33: 10/25/2009 1:52:28 AM - System Checkpoint
RP34: 10/26/2009 2:43:33 AM - System Checkpoint
RP35: 10/27/2009 3:07:33 AM - System Checkpoint
RP36: 10/28/2009 3:51:07 AM - System Checkpoint
RP37: 10/29/2009 4:31:33 AM - System Checkpoint
RP38: 10/30/2009 5:07:33 AM - System Checkpoint
RP39: 10/31/2009 6:07:33 AM - System Checkpoint
RP40: 11/1/2009 6:43:33 AM - System Checkpoint
RP41: 11/2/2009 7:44:19 AM - System Checkpoint
RP42: 11/3/2009 7:55:34 AM - System Checkpoint
RP43: 11/4/2009 8:10:03 AM - System Checkpoint
RP44: 11/5/2009 8:25:22 AM - System Checkpoint
RP45: 11/6/2009 9:25:22 AM - System Checkpoint
RP46: 11/7/2009 10:25:22 AM - System Checkpoint
RP47: 11/8/2009 10:25:22 AM - System Checkpoint
RP48: 11/9/2009 11:25:22 AM - System Checkpoint
RP49: 11/10/2009 1:03:58 PM - System Checkpoint
RP50: 11/11/2009 1:25:24 PM - System Checkpoint
RP51: 11/12/2009 2:25:17 PM - System Checkpoint
RP52: 11/13/2009 2:29:39 PM - System Checkpoint
RP53: 11/14/2009 3:25:17 PM - System Checkpoint
RP54: 11/15/2009 4:25:17 PM - System Checkpoint
RP55: 11/16/2009 4:39:49 PM - System Checkpoint
RP56: 11/17/2009 6:31:13 PM - System Checkpoint
RP57: 11/18/2009 7:13:29 PM - System Checkpoint
RP58: 11/19/2009 7:25:17 PM - System Checkpoint
RP59: 11/20/2009 8:25:18 PM - System Checkpoint
RP60: 11/21/2009 9:25:17 PM - System Checkpoint
RP61: 11/22/2009 10:12:03 PM - System Checkpoint
RP62: 11/23/2009 10:25:17 PM - System Checkpoint
RP63: 11/24/2009 11:25:17 PM - System Checkpoint
RP64: 11/25/2009 11:37:56 PM - System Checkpoint
RP65: 11/26/2009 11:49:17 PM - System Checkpoint
RP66: 11/30/2009 12:14:47 PM - System Checkpoint
RP67: 12/1/2009 12:44:54 PM - System Checkpoint
RP68: 12/2/2009 1:23:53 PM - System Checkpoint
RP69: 12/3/2009 2:12:23 PM - System Checkpoint
RP70: 12/4/2009 6:12:02 PM - System Checkpoint
RP71: 12/5/2009 6:12:23 PM - System Checkpoint
RP72: 12/6/2009 7:12:23 PM - System Checkpoint
RP73: 12/7/2009 8:50:55 PM - System Checkpoint
RP74: 12/8/2009 9:12:22 PM - System Checkpoint
RP75: 12/9/2009 10:12:22 PM - System Checkpoint
RP76: 12/10/2009 11:12:22 PM - System Checkpoint
RP77: 12/12/2009 12:12:22 AM - System Checkpoint
RP78: 12/13/2009 1:12:22 AM - System Checkpoint
RP79: 12/14/2009 2:12:22 AM - System Checkpoint
RP80: 12/15/2009 3:12:20 AM - System Checkpoint
RP81: 12/15/2009 12:22:27 PM - Paint.NET v3.5.1
RP82: 12/16/2009 12:23:31 PM - System Checkpoint
RP83: 12/17/2009 1:12:20 PM - System Checkpoint
RP84: 12/18/2009 1:15:03 PM - System Checkpoint
RP85: 12/19/2009 2:12:21 PM - System Checkpoint
RP86: 12/20/2009 3:12:23 PM - System Checkpoint
RP87: 12/21/2009 3:31:32 PM - System Checkpoint
RP88: 12/22/2009 6:01:38 PM - System Checkpoint
RP89: 1/4/2010 8:43:08 AM - System Checkpoint
RP90: 1/5/2010 9:28:40 AM - System Checkpoint

==== Installed Programs ======================


Action Handler Resources
actions-langs
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
bundle-langs
CASA
CCleaner
CleanUp!
content-distribution-point-langs
CPUID CPU-Z 1.52.2
Dropbox
Graboid Video 1.65
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
hp deskjet 960c series
hp deskjet 960c series (Remove only)
Intel(R) PRO Network Adapters and Drivers
inventory-langs
Java(TM) 6 Update 16
McAfee Agent
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Move Media Player
Mozilla Firefox (3.5.6)
NICI (Shared) U.S./Worldwide (128 bit) (2.7.3-1)
NMAS Challenge Response Method
NMAS Client
Novell CASA Authentication Token Client
Novell Client for Windows
Novell iPrint Client v05.12.00
Novell ZENworks
Novell ZENworks Adaptive Agent Help
Novell ZENworks Remote Management
OGA Notifier 2.0.0048.0
Paint.NET v3.5.1
policy-langs
Policy Action Handler Resources
Policy Handler Resources
primary-agent-langs
remotemanagement-langs
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SoundMAX
Spybot - Search & Destroy
status-collection-point-langs
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb973514)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
usermanagement-langs
VideoLAN VLC media player 0.8.6d
WebFldrs XP
windows-desktop-langs
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows Search 4.0
WinProxy-langs
WinRAR archiver
zencore-agent-langs
zennotifyicon-langs
ZENworks Action Handlers
ZENworks Action Utilities
ZENworks Actions
ZENworks Agent Bundle Management
ZENworks Agent Core Modules
ZENworks Agent Inventory Management
ZENworks Agent Policy Management
ZENworks Agent System Update Module
ZENworks Agent WinProxy Module
ZENworks Content Distribution Point
ZENworks Extensions Libraries
ZENworks Image-Safe Data Agent
ZENworks Image Management
ZENworks Imaging Server
ZENworks Information Icon
ZENworks Policy Handlers
ZENworks Policy Libraries
ZENworks Primary Agent
ZENworks Remote Management
ZENworks Status Collection Point
ZENworks Uninstaller
ZENworks User Management
ZENworks Version Information
ZENworks Windows UI

==== End Of File ===========================

Let's try this again, and hopefully, we can keep this thread running to resolve this soon.

Please run a scan with MBAM. * If you are unable to download or install MBAM on your computer, see if you can use a friend's or family member's computer to download MBAM. Use the update link mentioned below to manually update. Once downloaded, rename the program installer "mbam-setup.exe" file to something else like "lookinhere.exe". Copy the installer file and the update file to a CD or flash drive. Transfer the files to the infected computer. Install the "lookinhere.exe" file, then run the update so that you will have the current definitions. After that, run a full system scan and select to have the program REMOVE whatever it finds.

  Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself.
• Press the OK button to close that box and continue.
• If you encounter any problems while downloading the updates,
• manually download them from here
  and just double-click on mbam-rules.exe to install.
  Alternatively, you can update through MBAM's interface from a clean computer,
  copy the definitions (rules.ref) located in
  C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes'
  Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top.
• It may take some time to complete so please be patient.
  
• When the scan is finished, a message box will say "The scan completed successfully.
• Click 'Show Results' to display all objects found".
  
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report along with any other requested logs into your next reply and exit MBAM.

Note:-- If MBAM encounters a file that is difficult to remove,
you may be asked to reboot your computer so it can proceed with the disinfection process.
Regardless if prompted to restart the computer or not, please do so immediately.
Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

-- MBAM may make changes to your registry as part of its disinfection routine.
If you're using other security programs that detect registry changes (like Spybot's Teatimer),
they may interfere with the fix or alert you after scanning with MBAM.
Please disable such programs until disinfection is complete or permit them to allow the changes.

**If you need to re-install MBAM but encounter issue in re-installing, try using the MBAM Cleanup Utility by downloading it from HERE

No Reply within 3 days will result in this topic being closed. If you require more time, please let me know.

Thanks again!

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/7/2010 7:18:35 PM
mbam-log-2010-01-07 (19-18-35).txt

Scan type: Quick Scan
Objects scanned: 126036
Time elapsed: 5 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ZagrebLand (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\uvc7jk640c (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zagrebland (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uvc7jk640c (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\Spool\prtprocs\w32x86\00002475.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Spool\prtprocs\w32x86\00004f87.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\ad_ff.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Please run your CCleaner per these instructions:

** Because CCleaner removes everything in temp folders, if you have anything saved in a temp folder, back it up or move it to a permanent folder prior to running CCleaner.

** We will be cleaning cookies as well. Make a note of any passwords, etc. that you want to save. If you do not want to delete cookies, simply uncheck that option.

1. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

2. Then select the items you wish to clean up. In the Windows Tab:

• Clean all entries in the "Internet Explorer" section.
• Clean all the entries in the "Windows Explorer" section
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose. In the Applications Tab:
• Clean all in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

3. Click the "Analyze" button. When the list of files comes up, click the "Run Cleaner" button.

4. A pop up box will appear advising this process will permanently delete files from your system.

5. Click "OK" and it will scan and clean your system.

6. Click "exit" when done. REBOOT.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6.
• Scroll down to where it says Java SE Runtime Environment (JRE) 6 Update 17 .(It is the second one listed on that page.)
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• NOTE: As always during installations, beware of any pre-checked option to install a toolbar. If you do not want it, UNcheck it.
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Then from your desktop double-click on jre-6u17-windows-i586.exe to install the newest version.

Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.

To disable the JQS service if you don't want to use it:

* Go to Start-->Control Panel-->Java-->Advanced-->Miscellaneous and uncheck the box for Java Quick Starter.

* Click Ok and reboot your computer.

Run an online virus scan by Kaspersky from HERE.

• 1. At the main page. Press on " Accept". After reading the contents.
  2. At the next window Select Update. Allow the Database to update.
  Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run.
  3. Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete.
  4. Select Scan Report.
  5. If any threats were found they will appear in the report
  6. Select "Save error report as"
  Then in the file name just type in kaspersky
  Under "save as type" select text .txt
  Save it to your Desktop.

Copy and post the results of the Kaspersky Online scan and a fresh HijackThis log. If no threats were found then report that as well.

Let me know how things are running at that point. Thanks.

Kaspersky did not seem to find any threats on the computer. The log was blank since there were 0 threats.

Do you have a new HijackThis log to post? Are you still getting popups? Does everything seem to be running normally now? If so, we'll flush System Restore and you'll be good to go.

Below is the newest log. It seems to be running a little better. No pop ups as of yet. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:09:39 PM, on 1/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Novell\CASA\bin\micasad.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Novell\ZENworks\bin\ZenworksWindowsService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Novell\ZENworks\bin\nzrWinVNC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Novell\Zenworks\bin\ZenNotifyIcon.exe
C:\Program Files\Novell\ZENworks\bin\ZenUserDaemon.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\iprntctl.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\knoy001\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\knoy001\Local Settings\Temp\jkos-knoy001\binaries\ScanningProcess.exe
C:\Documents and Settings\knoy001\Local Settings\Temp\jkos-knoy001\binaries\ScanningProcess.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feeds.eng.fiu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ZenNotifyIcon] C:\Program Files\Novell\Zenworks\bin\ZenNotifyIcon.exe
O4 - HKLM\..\Run: [ZENWorksUserDaemon] C:\Program Files\Novell\ZENworks\bin\ZenUserDaemon.exe
O4 - HKLM\..\Run: [NalView] C:\Program Files\Novell\ZENworks\bin\nalview.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\knoy001\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254237067046
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = fiu.edu,eng.fiu.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = fiu.edu,eng.fiu.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = fiu.edu,eng.fiu.edu
O20 - Winlogon Notify: LCredMgr - C:\Program Files\Novell\CASA\bin\lcredmgr.dll
O20 - Winlogon Notify: nzrNotifier - C:\WINDOWS\SYSTEM32\nzrNotifier.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Novell Identity Store - Novell, Inc - C:\Program Files\Novell\CASA\bin\micasad.exe
O23 - Service: Novell ZENworks Agent Service - Novell, Inc. - C:\Program Files\Novell\ZENworks\bin\ZenworksWindowsService.exe
O23 - Service: Novell ZENworks Remote Management powered by VNC (nzwinvnc) - Novell, Inc. - C:\Program Files\Novell\ZENworks\bin\nzrWinVNC.exe
O23 - Service: Novell ZENworks Pre Agent (ZENPreAgent) - Unknown owner - C:\WINDOWS\novell\zenworks\bin\ZENPreAgent.exe

--
End of file - 9030 bytes

It appears that the malware that was in your original log has been removed.

If you have not already done so, you  can delete DDS anzd the two logs that it produced:

DDS.txt

Attach.txt

If everything is still running well....

Please flush the XP System Restore Points: (Using XP, you must be logged in as Administrator to do this.)

Go to Start>Run and type msconfig Press enter.

When msconfig opens, click the Launch System Restore Button.

On the next page, click the System Restore Settings Link on the left.

Check the box labeled Turn Off System Restore.

Reboot. Go back in and turn System Restore ON. A new Restore Point will be created.

Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.

If you have used Malwarebytes' Anti-Malware as part of your cleaning procedures, keep it updated and use it to scan every so often for malware, or upgrade to the paid version for realtime scanning and auto updating.

The following suggestions are general prevention and are not customized for your computer. You may have already taken some of these steps, and depending on your current security, you may not need to implement all of these:

1. Visit Microsoft Update: Make sure that you have all the Critical Updates recommended for your operating system, Office, and IE. The first defense against infection is a properly patched OS from Microsoft Update at update.microsoft.com. More info HERE.

2. Please use a firewall and realtime anti-virus. Keep the anti-virus software and firewall software up to date.

3.You might consider installing Mozilla / Firefox.
http://www.mozilla.com/en-US/

4. Do not use file sharing. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

5. Before using or purchasing any Spyware/Malware protection/removal program, always check the following Rogue/Suspect Spyware Lists. http://www.spywarewarrior.com/rogue_anti-spyware.htm http://www.malwarebytes.org/database.php

6. If you have not already done so, you might want to install CCleaner and run it in each user's profile: http://www.ccleaner.com/ ** UNcheck the option to install the Yahoo toolbar that is checked by default for the Standard version, or download the toolbar-free versions (Slim or Basic) when given the option for those.

7.Web Of Trust , uses colored alerts to warn about risky websites warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Red for Warning = STOP
• Yellow for Use Caution
• Green for Safe
• Grey for Unknown

There is a Web Of Trust version for Firefox as well.

8. You might consider installing SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
It will:
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
Restrict the actions of potentially unwanted sites in Internet Explorer.
Tutorial here:http://www.bleepingcomputer.com/forums/tutorial49.html
Periodically check for updates

9. Here are some helpful articles:
"How did I get infected?"
http://www.bleepingcomputer.com/forums/topic2520.html

"I'm not pulling your leg, honest"
by Sandi Hardmeier
http://www.microsoft.com/windows/IE/community/columns/pulling.mspx

Topic reopened request of member.

I am getting redirections to other sites when using IE. Malwarebytes did not find anything. Here is my updated HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:52 PM, on 1/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Novell\CASA\bin\micasad.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Novell\ZENworks\bin\ZenworksWindowsService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Novell\ZENworks\bin\nzrWinVNC.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Novell\Zenworks\bin\ZenNotifyIcon.exe
C:\Program Files\Novell\ZENworks\bin\ZenUserDaemon.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\iprntctl.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\knoy001\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feeds.eng.fiu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ZenNotifyIcon] C:\Program Files\Novell\Zenworks\bin\ZenNotifyIcon.exe
O4 - HKLM\..\Run: [ZENWorksUserDaemon] C:\Program Files\Novell\ZENworks\bin\ZenUserDaemon.exe
O4 - HKLM\..\Run: [NalView] C:\Program Files\Novell\ZENworks\bin\nalview.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\knoy001\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254237067046
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = fiu.edu,eng.fiu.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = fiu.edu,eng.fiu.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = fiu.edu,eng.fiu.edu
O20 - Winlogon Notify: LCredMgr - C:\Program Files\Novell\CASA\bin\lcredmgr.dll
O20 - Winlogon Notify: nzrNotifier - C:\WINDOWS\SYSTEM32\nzrNotifier.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Novell Identity Store - Novell, Inc - C:\Program Files\Novell\CASA\bin\micasad.exe
O23 - Service: Novell ZENworks Agent Service - Novell, Inc. - C:\Program Files\Novell\ZENworks\bin\ZenworksWindowsService.exe
O23 - Service: Novell ZENworks Remote Management powered by VNC (nzwinvnc) - Novell, Inc. - C:\Program Files\Novell\ZENworks\bin\nzrWinVNC.exe
O23 - Service: Novell ZENworks Pre Agent (ZENPreAgent) - Unknown owner - C:\WINDOWS\novell\zenworks\bin\ZENPreAgent.exe

--
End of file - 8533 bytes

How many users do you have on this computer?

Just one user account. There is only one person that uses this computer.

Exactly what type of "little trouble" are you still  having? 

I am getting redirections to other sites when using IE.