HijackThis Log (pop-ups & slow computer)

Your log is unreadable. Please read the announcements at the top of this forum (especially the one about "Automatically convert carriage returns" before posting, and repost your log. Thanks.

Sorry about that, I thought it was checked. I edited the original post.

Message Edited by John_Doe on 06-07-2007 10:58 AM

Hi,

You are using a BETA version of HijackThis. The announcements at the top of this forum provide instructions for downloading version 1.99.1.

In order not to waste time, we shall try to work with the version that you are using for now.

Please RIGHT-CLICK HERE to download Silent Runners.

• Save it to the desktop.
• 
  
• Run Silent Runners by doubleclicking the "Silent Runners" on the icon on your desktop.
• You will receive a prompt:
• • Do you want to skip supplementary searches?click NO
• You will see a text file appear on the desktop -. Another message box will appear saying: "Silent Runners has started It's not done, let it run (It won't appear to be doing anything!)
• Once you receive the prompt All Done! The results are in a file that the tool has created You will find it in the same directory as the script or on your desktop. The log is named "Startup Programs (ComputerName) date/timestamp.txt".
• Open the text file that the tool has created .
• Copy that entire log, and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.** Note: If you have a script blocking program you may get a warning asking if you want to allow the script to run. Some will say "malicious script warning" or something to that effect. There is nothing malicious about this script, you can click to allow it to execute.


* Also open Hijack This and click on the "Open the Misc Tools section" button.
Click on the "Open Uninstall Manager" button.
Click the "Save List" button.
After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad.
Copy and paste that list here.

If the forum software will not take the text in both logs, just keep replying to yourself until all is posted.
After that, we can start cleaning.

Thanks! :)

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NDPS" = "C:\WINDOWS\system32\dpmw32.exe" ["Novell, Inc."]
"NWTRAY" = "NWTRAY.EXE" ["Novell, Inc."]
"ZENRC Tray Icon" = "c:\WINDOWS\system32\zentray.exe" ["Novell, Inc."]
"ShStatEXE" = ""C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE" ["Network Associates, Inc."]
"Network Associates Error Reporting Service" = ""C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"" ["Network Associates, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"Windows Defender" = ""C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS]
"McAfeeUpdaterUI" = ""C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey" ["McAfee, Inc."]
"DeadAIM" = "rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs" [MS]
"ipqpwngj.exe" = "C:\Documents and Settings\All Users\Application Data\ipqpwngj.exe" [null data]
"ApachInc" = "rundll32.exe "C:\WINDOWS\system32\qotuehdi.dll",realset" [MS]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"j5281030" = "rundll32 C:\WINDOWS\system32\j5281030.dll sook" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{54CBB12C-3481-4C5D-942D-4976C0F0A406}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\rqrqppm.dll" [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll" ["Google Inc."]
{FD5F4DFE-7D6F-482B-90D2-40C358340924}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\pmkhi.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{AF8DE18D-9065-4102-BC40-EB294A95BB07}" = "Novell Connections"
-> {HKLM...CLSID} = "Novell Connections"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nwshlxnt.dll" ["Novell, Inc."]
"{04c23aa0-3d34-11d2-b788-008029605ac7}" = "NDPS Shell Extension"
-> {HKLM...CLSID} = "NDPS Shell Extension"
\InProcServer32\(Default) = "ndpsprop.dll" ["Novell, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Shell Extension DLL"
-> {HKLM...CLSID} = "SmartFTP Shell Extension DLL"
\InProcServer32\(Default) = "C:\Program Files\SmartFTP Client 2.0\smarthook.dll" ["SmartFTP"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
> "{763370C4-268E-4308-A60C-D8DA0342BE32}" = (no title provided)
-> {HKLM...CLSID} = "EIC Software Distribution"
\InProcServer32\(Default) = "c:\Program Files\Novell\ZENworks\NalShell.dll" ["Novell, Inc"]
> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
\InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]
> "{54CBB12C-3481-4C5D-942D-4976C0F0A406}" = "*j" (unwritable string)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\rqrqppm.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
> "GinaDLL" = "NWGINA.DLL" ["Novell, Inc."]
> "System" = "ziswin.exe" ["Novell"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
> NetIdentity Notification\DLLName = "C:\WINDOWS\system32\Novell\XtNotify.dll" ["Novell, Inc."]
> pmkhi\DLLName = "C:\WINDOWS\system32\pmkhi.dll" [null data]
> rqrqppm\DLLName = "rqrqppm.dll" [null data]
> winhld32\DLLName = "winhld32.dll" [null data]

HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\
DisplayName = "Local Group Policy"
0\ -> launches: "C:\WINDOWS\System32\GroupPolicy\User\Scripts\Logoff\logoff.bat" [null data]

HKLM\Software\Classes\PROTOCOLS\Filter\
> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
NetWareMenuItems\(Default) = "{e3bbbfc0-f61f-11cf-bb16-00c04fd371f4}"
-> {HKLM...CLSID} = "Menu Handlers for NetWare Capture"
\InProcServer32\(Default) = "novnpnt.dll" ["Novell, Inc."]
VirusScan\(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Network Associates\VirusScan\shext.dll" ["Network Associates, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
VirusScan\(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Network Associates\VirusScan\shext.dll" ["Network Associates, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NetWareMenuItems\(Default) = "{e3bbbfc0-f61f-11cf-bb16-00c04fd371f4}"
-> {HKLM...CLSID} = "Menu Handlers for NetWare Capture"
\InProcServer32\(Default) = "novnpnt.dll" ["Novell, Inc."]
NetWareServerMenu\(Default) = "{9b173360-732b-11ce-aa22-00805f9834b0}"
-> {HKLM...CLSID} = "Shell Extensions for NetWare Trees and Servers"
\InProcServer32\(Default) = "novnpnt.dll" ["Novell, Inc."]
VirusScan\(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Network Associates\VirusScan\shext.dll" ["Network Associates, Inc."]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"DisallowRun" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"CompatibleRUPSecurity" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"ShutdownWithoutLogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"UndockWithoutLogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"


Startup items in "FEEDS" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]


Enabled Scheduled Tasks:
------------------------

"MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\netware\NWWS2NDS.DLL" ["Novell, Inc."]
000000000005\LibraryPath = "%SystemRoot%\system32\netware\NWWS2SAP.DLL" ["Novell, Inc."]
000000000006\LibraryPath = "%SystemRoot%\system32\netware\NWWS2SLP.DLL" ["Novell, Inc."]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_01"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{C1994287-422F-47AA-8E5E-6323E210A125}\
"ButtonText" = "Novell delivered applications"
"CLSIDExtension" = "{4B5F7606-8666-4D5A-9780-DB92A9D8812B}"
-> {HKLM...CLSID} = "NalIeToolbarBtn Class"
\InProcServer32\(Default) = "c:\Program Files\Novell\ZENworks\AxNalServer.dll" ["Novell, Inc"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
McAfee Framework Service, McAfeeFramework, ""C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart" ["McAfee, Inc."]
Messenger Sharing Folders USN Journal Reader service, usnjsvc, ""C:\Program Files\MSN Messenger\usnsvc.exe"" [MS]
Multi-user Cleanup Service, Multi-user Cleanup Service, ""C:\Program Files\lotus\notes\ntmulti.exe"" ["IBM Corp"]
Network Associates McShield, McShield, ""C:\Program Files\Network Associates\VirusScan\Mcshield.exe"" ["Network Associates, Inc."]
Network Associates Task Manager, McTaskManager, ""C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"" ["Network Associates, Inc."]
Novell Application Launcher, NALNTSERVICE, "c:\Program Files\Novell\ZENworks\nalntsrv.exe" ["Novell, Inc."]
Novell XTier Agent Services, XTAgent, "C:\WINDOWS\System32\Novell\XTAgent.exe" ["Novell, Inc."]
Novell ZENworks Remote Management Agent, Remote Management Agent, "c:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe" ["Novell, Inc."]
Windows Defender, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS]
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]}
Workstation Manager, ZFDWM, "c:\Program Files\Novell\ZENworks\wm.exe" ["Novell, Inc."]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
EPSON BiD Monitor1\Driver = "EBPMON2.DLL" ["SEIKO EPSON CORPORATION"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 231 seconds.
---------- (total run time: 356 seconds)

Message Edited by John_Doe on 06-08-2007 12:45 PM

uninsall_list...


Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
AOL Instant Messenger
AsfTools 3.1 (remove only)
CCleaner (remove only)
CDBurnerXP Pro 3
DeadAIM
DivX Web Player
EPSON Printer Software
Google Talk (remove only)
Google Toolbar for Internet Explorer
HijackThis 2.0.0
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
ImgBurn (Remove Only)
J2SE Runtime Environment 5.0 Update 10
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 2.77 Full
Lotus Notes 6.5.1
Macromedia Dreamweaver 8
Macromedia Extension Manager
McAfee VirusScan Enterprise
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft MSDN 2005 Express Edition - ENU
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C# 2005 Express Edition - ENU
Microsoft Visual C# 2005 Express Edition - ENU
Mozilla Firefox (1.5.0.12)
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser
NetIdentity 1.2.3
NICI (Shared) U.S./Worldwide (128 bit) (2.6.8-2)
Novell Client for Windows
Outerinfo
QuickTime
Rummy Royal
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
TVUPlayer 2.3.2.34
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908521)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB916846)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Viewpoint Media Player
Windows Communication Foundation
Windows Defender
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
ZENworks Desktop Management Agent

Thank you for the additional information.

Please download Combofix from here: http://download.bleepingcomputer.com/sUBs/combofix.exe
Or
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
** Take note that the links are case sensitive

Save ComboFix to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
Do not proceed with the rest of the fix if you fail to run combofix.

thanks again for your help, my log is below:

"FEEDS" - 2007-06-11 12:37:11 Service Pack 2 NTFS
ComboFix 07-06-3B - Running from: "C:\Documents and Settings\FEEDS\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\pmkjg.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 )))))))))))))))))))))))))))))))


2007-06-11 06:21 249,363 --a------ C:\WINDOWS\system32\ddcyv.dll
2007-06-10 08:21 258,123 --a------ C:\WINDOWS\system32\mlljk.dll
2007-06-10 03:21 249,363 --a------ C:\WINDOWS\system32\pmnlm.dll
2007-06-09 11:18 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-07 22:02 58,420 --a------ C:\WINDOWS\system32\qpjvmutb.dll
2007-06-07 18:35 58,420 --a------ C:\WINDOWS\system32\ylnewucm.dll
2007-06-07 17:57 58,420 --a------ C:\WINDOWS\system32\ykuixpfc.dll
2007-06-07 16:23 58,420 --a------ C:\WINDOWS\system32\rossqajk.dll
2007-06-07 14:33 58,420 --a------ C:\WINDOWS\system32\hbdstsdt.dll
2007-06-07 14:14 58,420 --a------ C:\WINDOWS\system32\hjnmhusj.dll
2007-06-06 21:22 55,316 --a------ C:\WINDOWS\system32\khmdyedr.dll
2007-06-06 12:34 33,302 --a------ C:\WINDOWS\system32\ddcaawx.dll
2007-06-05 21:10 10,752 --a------ C:\WINDOWS\system32\j5281030.dll
2007-06-05 15:39 33,302 --a------ C:\WINDOWS\system32\cbxwxxw.dll
2007-06-05 11:05 d-------- C:\DOCUME~1\FEEDS\APPLIC~1\Lavasoft
2007-06-05 11:03 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-06-05 11:03 d-------- C:\Program Files\Lavasoft
2007-06-05 11:02 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-05 11:00 d-------- C:\DOCUME~1\FEEDS\.housecall6.6
2007-06-05 00:59 131,124 --a------ C:\WINDOWS\system32\qotuehdi.dll
2007-06-05 00:53 2,580 --a------ C:\WINDOWS\system32\ekgvqujk.exe
2007-06-04 14:47 56,832 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\ipqpwngj.exe
2007-06-04 14:45 33,302 --a------ C:\WINDOWS\system32\rqrqppm.dll
2007-06-04 14:45 33,302 --a------ C:\WINDOWS\system32\byxwvvs.dll
2007-05-31 13:20 d-------- C:\DOCUME~1\FEEDS\APPLIC~1\GibbHill Properties Ltd
2007-05-24 21:47 d-------- C:\quarantine
2007-05-18 10:21 d-------- C:\dataXpress
2007-05-16 11:06 d-------- C:\Program Files\AWS
2007-05-16 11:06 d-------- C:\DOCUME~1\FEEDS\APPLIC~1\Aim
2007-05-16 11:05 d-------- C:\Program Files\AOD
2007-05-16 11:05 d-------- C:\Program Files\AIM
2007-05-11 11:55 d-------- C:\Program Files\DivX


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-11 16:44:37 -------- d-----w C:\Program Files\CUAgent
2007-06-08 17:43:54 -------- d--h--w C:\DOCUME~1\FEEDS\APPLIC~1\Move Networks
2007-06-08 17:42:49 -------- d-----w C:\Program Files\SmartFTP Client 2.0
2007-06-08 17:35:14 -------- d-----w C:\Program Files\SpywareBlaster
2007-05-22 18:49:52 -------- d-----w C:\Program Files\MSN Messenger
2007-05-10 17:30:13 -------- d-----w C:\Program Files\TVUPlayer
2007-05-10 17:30:03 -------- d-----w C:\DOCUME~1\FEEDS\APPLIC~1\TVU Networks
2007-05-03 19:10:35 -------- d-----w C:\Program Files\Viewpoint
2007-05-03 18:53:07 335 ----a-w C:\WINDOWS\nsreg.dat
2007-05-03 15:04:57 -------- d-----w C:\Program Files\Network Associates
2007-05-02 18:51:29 -------- d-----w C:\Program Files\McAfee
2007-04-26 14:53:02 -------- d-----w C:\Program Files\MSXML 6.0
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 17:56:03 -------- d-----w C:\DOCUME~1\FEEDS\APPLIC~1\U3
2007-03-23 10:07:56 1,683,280 ----a-w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 10:07:54 583,504 ----a-w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-23 00:25:02 124,928 ----a-w C:\WINDOWS\system32\prntvpt.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{54CBB12C-3481-4C5D-942D-4976C0F0A406}=C:\WINDOWS\system32\rqrqppm.dll [2007-06-04 14:45]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-05-18 09:31]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 11:37 C:\WINDOWS\system32\nwtray.exe]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" [2006-10-30 03:06]
"DeadAIM"="C:\PROGRA~1\AIM\\DeadAIM.ocm" [2004-02-28 12:12]
"ipqpwngj.exe"="C:\Documents and Settings\All Users\Application Data\ipqpwngj.exe" [2007-06-04 14:47]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-18 09:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]
"1"=mtsc32.exe
"2"=svpsvc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"="c:\Program Files\Novell\ZENworks\NalShell.dll" [2005-08-04 16:07]
"{54CBB12C-3481-4C5D-942D-4976C0F0A406}"="C:\WINDOWS\system32\rqrqppm.dll" [2007-06-04 14:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="ziswin.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
C:\WINDOWS\system32\Novell\XtNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrqppm]
rqrqppm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwv1_0

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-299502267-436374069-1801674531-1006\Scripts\Logoff\0\0]
"Script"=logoff.bat

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\FEEDS.EXE /AUTORUN

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{761ee91a-700b-11db-ac49-0008a11e4de1}]
AutoRun\command- E:\setupSNK.exe


Contents of the 'Scheduled Tasks' folder
2007-06-11 16:45:18 C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-11 12:44:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-11 12:47:26 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-11 12:47
C:\ComboFix2.txt ... 2007-06-09 11:18

--- E O F ---

"3. Post the contents of that log in your next reply with a new HijackThis log."

Did you forget your HijackThis log?

Sorry I illiterate...

Logfile of HijackThis v1.99.1
Scan saved at 3:39:19 PM, on 6/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\lotus\notes\ntmulti.exe
c:\Program Files\Novell\ZENworks\nalntsrv.exe
c:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
c:\Program Files\Novell\ZENworks\wm.exe
c:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee\Common Framework\UpdaterUI.exe
C:\Documents and Settings\All Users\Application Data\ipqpwngj.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feeds.eng.fiu.edu/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54CBB12C-3481-4C5D-942D-4976C0F0A406} - C:\WINDOWS\system32\rqrqppm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ipqpwngj.exe] C:\Documents and Settings\All Users\Application Data\ipqpwngj.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - c:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = fiu.edu,eng.fiu.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = fiu.edu,eng.fiu.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = fiu.edu,eng.fiu.edu
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NetIdentity Notification - C:\WINDOWS\system32\Novell\XtNotify.dll
O20 - Winlogon Notify: rqrqppm - C:\WINDOWS\SYSTEM32\rqrqppm.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - c:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - c:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - c:\Program Files\Novell\ZENworks\wm.exe

Please download the latest version of VundoFix.exe to your desktop. (If you have an earlier version, delete it and its old log here: C:\ vundofix.txt. )
Do not run it yet.

Please go to Add/Remove Programs and remove these:
Outerinfo
J2SE Runtime Environment 5.0 Update 10

Reboot and download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

Tutorial for the uninstaller if needed

Reboot

Please disable Windows Defender so it does not interfere with our fix.
* Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
* Click on Tools, General Settings
* Under Real-time protection options, unselect the Turn on real-time protection check box
* Click Save

After all of the fixes are complete it is very important that you enable Real-time Protection again.

• Double-click VundoFix.exe to run it.
• 
  
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files,
• click YES
  
• Once you click yes, your desktop will go blank as it starts removing
• Vundo.
  
• When completed, it will prompt that it will shutdown your computer,
• click OK.
  
• Turn your computer back on.
• 
  

Note: It is possible that VundoFix encountered a file it could not
remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot. ** If you get a warning about updating Java, do not do so until I can give you further instructions.

Reboot into Safemode:
Turn on the computer.
Immediately begin tapping the F8 key.
Use the arrow keys to highlight Safe Mode and press the Enter key.

Configure to show all files/folders:
Go to Start>Search and at the top select Tools>Folder Options
Select the View tab
Display the contents of system folders
Show hidden files and folders
Uncheck: Hide protected operating system files
Click on Apply.
Next go to the side of the Search box and select All files and folders. Go down to More advanced options.
Be sure the first three boxes are selected:
Search System folders
Search Hidden Files and folders
Search SubFolders

Please launch Hijackthis and place a checkmark next to the following if they still exist:
O2 - BHO: (no name) - {54CBB12C-3481-4C5D-942D-4976C0F0A406} - C:\WINDOWS\system32\rqrqppm.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ipqpwngj.exe] C:\Documents and Settings\All Users\Application Data\ipqpwngj.exe
O20 - Winlogon Notify: rqrqppm - C:\WINDOWS\SYSTEM32\rqrqppm.dll

Close all windows except HijackThis and click "Fix Checked".
Close HijackThis.

Still in safemode, delete the specified files if they still exist:

C:\WINDOWS\system32\ rqrqppm.dll
C:\Documents and Settings\All Users\Application Data\ ipqpwngj.exe

Reboot normally.

Rehide files.
Start>Search and at the top select Tools>Folder Options
Select the View tab
Display the contents of system folders
Show hidden files and folders
CHECK: Hide protected operating system files
Click on Apply.

Please do an online virus scan with Panda ActiveScan Here. You need to use Internet Explorer for this scan.

• Once you get to the Panda site, scroll down a bit and click on Scan your PC
• A new window will appear; click on Check Now!
• A new window will appear; fill in the boxes (Country, State, email addy)
• Click on Scan Now! >
• If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files.
  
• From "Select a device to scan...", choose "My Computer"
• Allow the scan to run. It'll take a while.
• When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
• Please post that report in your next reply. Simply open the text file, then copy/paste the content here.

To review, I will need to see the contents of:
1. The ActiveScan report.
2. C:\ vundofix.txt
3. A new HiJackThis log.

Thanks! :)

I had to post all the logs/reports on several posts, and Dell said I was spamming and I would have to wait several minutes to post again. Unfortunately I'm not at the computer anymore but will post the ActiveScan report and updated HiJackThis log tomorrow. Thanks again!



VundoFix V6.5.0

Checking Java version...

Scan started at 5:41:36 PM 6/11/2007

Listing files found while scanning....

C:\windows\system32\byxwvvs.dll
C:\windows\system32\cbxwxxw.dll
C:\windows\system32\ddcaawx.dll
C:\windows\system32\ekgvqujk.exe
C:\windows\system32\hbdstsdt.dll
C:\windows\system32\hjnmhusj.dll
C:\windows\system32\idheutoq.ini
C:\windows\system32\j5281030.dll
C:\windows\system32\mlljk.dll
C:\windows\system32\qotuehdi.dll
C:\windows\system32\qpjvmutb.dll
C:\windows\system32\rossqajk.dll
C:\WINDOWS\system32\rqrqppm.dll
C:\windows\system32\ykuixpfc.dll
C:\windows\system32\ylnewucm.dll

Beginning removal...

Attempting to delete C:\windows\system32\byxwvvs.dll
C:\windows\system32\byxwvvs.dll Has been deleted!

Attempting to delete C:\windows\system32\cbxwxxw.dll
C:\windows\system32\cbxwxxw.dll Has been deleted!

Attempting to delete C:\windows\system32\ddcaawx.dll
C:\windows\system32\ddcaawx.dll Has been deleted!

Attempting to delete C:\windows\system32\ekgvqujk.exe
C:\windows\system32\ekgvqujk.exe Has been deleted!

Attempting to delete C:\windows\system32\hbdstsdt.dll
C:\windows\system32\hbdstsdt.dll Has been deleted!

Attempting to delete C:\windows\system32\hjnmhusj.dll
C:\windows\system32\hjnmhusj.dll Has been deleted!

Attempting to delete C:\windows\system32\idheutoq.ini
C:\windows\system32\idheutoq.ini Has been deleted!

Attempting to delete C:\windows\system32\j5281030.dll
C:\windows\system32\j5281030.dll Has been deleted!

Attempting to delete C:\windows\system32\mlljk.dll
C:\windows\system32\mlljk.dll Has been deleted!

Attempting to delete C:\windows\system32\qotuehdi.dll
C:\windows\system32\qotuehdi.dll Has been deleted!

Attempting to delete C:\windows\system32\qpjvmutb.dll
C:\windows\system32\qpjvmutb.dll Has been deleted!

Attempting to delete C:\windows\system32\rossqajk.dll
C:\windows\system32\rossqajk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrqppm.dll
C:\WINDOWS\system32\rqrqppm.dll Has been deleted!

Attempting to delete C:\windows\system32\ykuixpfc.dll
C:\windows\system32\ykuixpfc.dll Has been deleted!

Attempting to delete C:\windows\system32\ylnewucm.dll
C:\windows\system32\ylnewucm.dll Has been deleted!

Performing Repairs to the registry.
Done!

Message Edited by John_Doe on 06-12-2007 07:17 PM

Message Edited by John_Doe on 06-12-2007 07:18 PM

continued...

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ddcyv.dll
Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\system32\khmdyedr.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\pmnlm.dll
Spyware:Cookie/2o7 Not disinfected D:\Old Files\FEEDS Computer\HDD1\Documents and Settings\FeedsMedia\Cookies\feedsb@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected D:\Old Files\FEEDS Computer\HDD1\Documents and Settings\FeedsMedia\Cookies\feedsb@ad.yieldmanager[2].txt
Spyware:Cookie/AdDynamix Not disinfected D:\Old Files\FEEDS Computer\HDD1\Documents and Settings\FeedsMedia\Cookies\feedsb@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected D:\Old Files\FEEDS Computer\HDD1\Documents and Settings\FeedsMedia\Cookies\feedsb@ads.pointroll[1].txt
Spyware:Cookie/Advertising Not disinfected D:\Old Files\FEEDS Computer\HDD1\Documents and Settings\FeedsMedia\Cookies\feedsb@advertising[2].txt
Spyware:Cookie/Atwola Not disinfected D:\Old Files\FEEDS Computer\HDD1\Documents and Settings\FeedsMedia\Cookies\feedsb@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected D:\Old Files\FEEDS Computer\HDD1\Documents and Settings\FeedsMedia\Cookies\feedsb@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected D:\Old Files\FEEDS Computer\HDD1\Documents and Settings\FeedsMedia\Cookies\feedsb@bluestreak[2].txt
Spyware:Cookie/Bridgetrack Not disinfected D:\Old Files\FEEDS Computer\HDD1\Documents and Settings\FeedsMedia\Cookies\feedsb@citi.bridgetrack[2].txt
Spyware:Cookie/Com.com Not disinfected D:\Old Files\FEEDS Computer\HDD1\Documents and Settings\FeedsMedia\Cookies\feedsb@com[1].txt
Spyware:Cookie/did-it Not disinfected D:\Old Files\FEEDS Computer\HDD1\Documents and Settings\FeedsMedia\Cookies\feedsb@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected D:\Old Files\FEEDS Computer\HDD1\Documents and Settings\FeedsMedia\Cookies\feedsb@dist.belnk[2].txt
Spyware:Cookie/Linksynergy Not disinfected D:\Old Files\FEEDS Computer\HDD1\Documents and Settings\FeedsMedia\Cookies\feedsb@linksynergy[1].txt
Spyware:Cookie/Mediaplex Not disinfected D:\Old Files\FEEDS Computer\HDD1\Documents and Settings\FeedsMedia\Cookies\feedsb@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected D:\Old Files\FEEDS Computer\HDD1\Documents and Settings\FeedsMedia\Cookies\feedsb@overture[2].txt
Spyware:Cookie/Overture Not disinfected D:\Old Files\FEEDS Computer\HDD1\Documents and Settings\FeedsMedia\Cookies\feedsb@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected D:\Old Files\FEEDS Computer\HDD1\Documents and Settings\FeedsMedia\Cookies\feedsb@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected D:\Old Files\FEEDS Computer\HDD1\Documents and Settings\FeedsMedia\Cookies\feedsb@realmedia[2].txt
Spyware:Cookie/Advertising Not disinfected D:\Old Files\FEEDS Computer\HDD1\Documents and Settings\FeedsMedia\Cookies\feedsb@servedby.advertising[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected D:\Old Files\FEEDS Computer\HDD1\Documents and Settings\FeedsMedia\Cookies\feedsb@server.iad.liveperson[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected D:\Old Files\FEEDS Computer\HDD1\Documents and Settings\FeedsMedia\Cookies\feedsb@statse.webtrendslive[2].txt
Spyware:Cookie/Tickle Not disinfected D:\Old Files\FEEDS Computer\HDD1\Documents and Settings\FeedsMedia\Cookies\feedsb@tickle[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected D:\Old Files\FEEDS Computer\HDD1\Documents and Settings\FeedsMedia\Cookies\feedsb@trafficmp[1].txt
Spyware:Cookie/Adserver Not disinfected D:\Old Files\FEEDS Computer\HDD1\Documents and Settings\FeedsMedia\Cookies\feedsb@z1.adserver[1].txt

Message Edited by John_Doe on 06-13-2007 11:33 AM

Incident Status Location

Adware:adware/outerinfo Not disinfected Windows Registry
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\administrator\Cookies\administrator@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\administrator\Cookies\administrator@dist.belnk[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\FEEDS\Application Data\Mozilla\Firefox\Profiles\9wt0b07l.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\FEEDS\Application Data\Mozilla\Firefox\Profiles\9wt0b07l.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\FEEDS\Application Data\Mozilla\Firefox\Profiles\9wt0b07l.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\FEEDS\Application Data\Mozilla\Firefox\Profiles\9wt0b07l.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\FEEDS\Application Data\Mozilla\Firefox\Profiles\9wt0b07l.default\cookies.txt[server.iad.liveperson.net/hc/65896788]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\FEEDS\Application Data\Mozilla\Firefox\Profiles\9wt0b07l.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\FEEDS\Application Data\Mozilla\Firefox\Profiles\9wt0b07l.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\FEEDS\Application Data\Mozilla\Firefox\Profiles\9wt0b07l.default\cookies.txt[.zedo.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\FEEDS\Application Data\Mozilla\Firefox\Profiles\9wt0b07l.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\FEEDS\Application Data\Mozilla\Firefox\Profiles\9wt0b07l.default\cookies.txt[server.iad.liveperson.net/hc/63516465]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\FEEDS\Application Data\Mozilla\Firefox\Profiles\9wt0b07l.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\FEEDS\Application Data\Mozilla\Firefox\Profiles\9wt0b07l.default\cookies.txt[.gostats.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\FEEDS\Application Data\Mozilla\Firefox\Profiles\9wt0b07l.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\FEEDS\Application Data\Mozilla\Firefox\Profiles\9wt0b07l.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\FEEDS\Application Data\Mozilla\Firefox\Profiles\9wt0b07l.default\cookies.txt[.com.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\FEEDS\Application Data\Mozilla\Firefox\Profiles\9wt0b07l.default\cookies.txt[server.iad.liveperson.net/hc/36022152]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\FEEDS\Cookies\feeds@2o7[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\FEEDS\Cookies\feeds@azjmp[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\FEEDS\Cookies\feeds@ehg-dig.hitbox[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\FEEDS\Cookies\feeds@go[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\FEEDS\Cookies\feeds@hitbox[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\FEEDS\Cookies\feeds@i.screensavers[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\FEEDS\Cookies\feeds@overture[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\FEEDS\Cookies\feeds@statcounter[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\FEEDS\Cookies\feeds@terra.com[1].txt
Spyware:Spyware/Vundo Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\klgkiplm.dll.vir
Spyware:Spyware/Vundo Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ndpogiww.dll.vir
Spyware:Spyware/Vundo Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\pleolbwg.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\pmkjg.dll.vir
Spyware:Spyware/Vundo Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\resfdthi.dll.vir
Spyware:Spyware/Vundo Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\uvbvaggp.dll.vir
Dialer:Dialer.KHJ Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\winhld32.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\byxwvvs.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\cbxwxxw.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ddcaawx.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\hbdstsdt.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\hjnmhusj.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\qotuehdi.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\qpjvmutb.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\rossqajk.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ykuixpfc.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ylnewucm.dll.bad
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe


continued on next post....

Logfile of HijackThis v1.99.1
Scan saved at 11:27:41 AM, on 6/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\lotus\notes\ntmulti.exe
c:\Program Files\Novell\ZENworks\nalntsrv.exe
c:\Program Files\Novell\ZENworks\wm.exe
c:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\WINDOWS\Explorer.EXE
c:\Program Files\Novell\ZENworks\NalAgent.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\McAfee\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\iprntctl.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feeds.eng.fiu.edu/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - c:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = fiu.edu,eng.fiu.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = fiu.edu,eng.fiu.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = fiu.edu,eng.fiu.edu
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NetIdentity Notification - C:\WINDOWS\system32\Novell\XtNotify.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - c:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - c:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - c:\Program Files\Novell\ZENworks\wm.exe

Your reports look good except for the cookies. If you want to clean those up, download and scan each user profile with CCleaner:
http://www.ccleaner.com/downloadbuilds.asp
** Select to download the BASIC version.
1. Before first use, select Options > Advanced and UNCHECK
" Only delete files in Windows Temp folder older than 48 hours"
2. Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer"
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.
In the Applications Tab:
• Clean all in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.
3. Click the " Run Cleaner" button.
4. A pop up box will appear advising this process will permanently delete files from your system.
5. Click " OK" and it will scan and clean your system.
6. Click " exit" when done.
REBOOT

Let me know how things are running after that.