Hujackthis LOG ----SysProtect Virus HELP!!!!!!!!!!!!!

Download SysProtect Remover to your Desktop.
Double-click on it, hit the " Remove Now button" to start and follow the on screen instructions.

When finished, please post back a new HijackThis log. Thanks!

Your Java application is out of date.
Click start-->control panel-->add/remove programs
Scroll down the list and locate each instance of Java (may be listed as J2SE Runtime Environment). Click Remove. When the uninstallation completes, reboot the computer.

You can download the latest version of Java here.

The program ViewPoint View Manager is Foistware.

You probably did not intend to download this program...more than likely it was forced upon you, bundled with some other download. To remove it, click start-->control panel-->add/remove programs.
Scroll down the list to locate the program name, click on it to highlight it, then click Remove. Reboot the computer when the uninstallation completes.

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Put a check next to "Run VundoFix as a task."
• You will receive a message saying vundofix will close and re-open in a minute or less. Click "OK".
• When VundoFix re-opens, click the "Scan for Vundo" button.
• Once it's done scanning, click the "Remove Vundo" button.
• If it says "No infected files were found", right-click the blank listbox (white box) in the main VundoFix window.
• Select "Add More Files?" from the menu that comes up. This will open a new VundoFix window that says "Paste files into the boxes below:"
• In the top/first field, copy and paste the path to the dll:
• lC:\WINDOWS\System32\sstqq.dll
  
• In the next/second field, copy and paste the path to the reversed file: C:\WINDOWS\system32\qqtss.dll
• Click the "Add Files" button.
• Click the "Close Window" button.
• Click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click "YES".
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will shutdown your computer, click "OK".
• Turn your computer back on.
• Please post the contents of C:\vundofix.txt when you reply next.

Next, please download Ewido anti-spyware to your desktop.
This is a 30 day free trial. At the end of the 30-day trial period the full version features (active guard, automatic updates...) will be deactivated and the program will become a feature-limited freeware version...You can still keep it and use it for "On Demand" scanning.

• Double click the icon on the desktop to launch the set up program.
• Select Change state to inactivate "Resident Shield" and "Automatic Updates". Right click on ewido in the system tray and uncheck "Start with Windows".
• Once the setup is complete you will need to update the definition files.
• On the main screen select the icon Update then select the Update now link.
• Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
• Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
• Once in the Settings screen click on Recommended actions and then select Quarantine.
• Under Reports
• Select Automatically generate report after every scan
• Un-Select Only if threats were found

Close ewido anti-spyware.

Please boot into Safe mode:

Restart the computer and immediately begin tapping the F8 key (or F5 on some Dell machines).
Use the arrow keys to highlight Safe Mode and press the Enter key. Once in safe mode, continue with the instructions below:

• Launch ewido anti-spyware by double-clicking the icon on your desktop.
• Select the Scanner icon at the top, then the Scan tab then click on Complete System Scan.
• ewido will now begin the scanning process, be patient this may take some time.
• When prompted of an infection, please select Apply all actions

Once the scan is complete do the following:

• Next select the Reports icon at the top.
• Select the Save report as button in the lower left hand of the screen and save it to your Desktop.

Now close ewido anti-spyware.

Next, please run HijackThis again and check the box next to the following entries that may still exist:
C:\Program Files\Internet Optimizer\actalert.exe
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: WTLHelper Object - {75DC57F8-D831-4AB8-86B7-4F826F4A0873} - C:\WINDOWS\System32\pmkjk.dll
O2 - BHO: (no name) - {ADCD30FF-0119-4906-8A8B-D52D1EED044B} - C:\WINDOWS\System32\jkklm.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: C:\Program Files\Gsjcljp\Qtgl.exe
O4 - HKLM\..\Run: C:\Program Files\Web_Rebates\WebRebates0.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v 6.cab
O20 - Winlogon Notify: jkklm - C:\WINDOWS\SYSTEM32\jkklm.dll
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\System32\pmkjk.dll
O20 - Winlogon Notify: sstqq - C:\WINDOWS\System32\sstqq.dll

Now, close all windows except for HijackThis then click Fix Checked.

Locate and delete the following files/folders indicated in Bold text if still present:
C:\Program Files\ Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ Internet Optimizer\optimize.exe
C:\Program Files\ Gsjcljp\Qtgl.exe
C:\Program Files\ Web_Rebates\WebRebates0.exe
C:\WINDOWS\SYSTEM32\ jkklm.dll
C:\WINDOWS\System32\ pmkjk.dll
C:\WINDOWS\System32\ sstqq.dll

Reboot the computer and post back a new HijackThis log along with the log from the Ewido scan. Please advise how the computer is running now and if you are having any other issues. Thanks!

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

 + Created at: 9:38:53 PM 7/24/2006

+ Scan result: 

C:\Program Files\180searchassistant -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056321.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Paige\Local Settings\Temporary Internet Files\Content.IE5\ZMH0XBCO\inicfg32[1].dll -> Adware.E2give : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056323.dll -> Adware.E2Give : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056330.dll -> Adware.E2give : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP349\A0054273.dll -> Adware.Ezula : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer\actalert.exe -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer\optimize.exe -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer\sim -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer\sim\GoldenTiger.exe -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer\update -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Software Installer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Software Installer\cf1 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-1851681497-3405034345-368192897-1008\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-1851681497-3405034345-368192897-1008\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-1851681497-3405034345-368192897-1008\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Documents and Settings\Paige\Local Settings\Temporary Internet Files\Content.IE5\K3Y278FU\pop06ap2[1].exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\Documents and Settings\Paige\Local Settings\Temporary Internet Files\Content.IE5\K3Y278FU\unstall[1].exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP349\A0053281.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056334.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056338.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056401.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056396.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056359.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056373.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056384.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056387.exe -> Adware.Mirar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Cleaned with backup (quarantined).
C:\Documents and Settings\Paige\Local Settings\Temporary Internet Files\Content.IE5\SFSQBF2Q\mirar[1].exe -> Adware.NetNucleus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056339.exe -> Adware.NetNucleus : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Active Alert -> Adware.SafeSurfing : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Software Installer -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\Documents and Settings\Paige\Local Settings\Temp\i3F.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Program Files\SurfSideKick 3 -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\VundoFix Backups\jkklm.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\jkklm.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mljgd.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Paige\Local Settings\Temporary Internet Files\Content.IE5\6VU78B0P\whCC-GIANT[1].exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP349\A0054274.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP349\A0054275.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056311.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056312.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056318.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056331.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056332.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056333.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056346.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056350.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0057581.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
HKU\S-1-5-21-1851681497-3405034345-368192897-1008\Software\Microsoft\Internet Explorer\MenuExt\Web Rebates -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP313\A0032273.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP335\A0042109.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0057592.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP335\A0041538.exe -> Adware.Winfixer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP349\A0053273.exe -> Backdoor.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP349\A0053274.exe -> Backdoor.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056395.dll -> Downloader.Agent.agw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP299\A0026058.exe -> Downloader.Dyfuca.dp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP335\A0041872.exe -> Downloader.Dyfuca.dp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056898.exe -> Downloader.Dyfuca.dp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0057358.exe -> Downloader.Dyfuca.dp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP299\A0026059.exe -> Downloader.Dyfuca.ei : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP335\A0041873.exe -> Downloader.Dyfuca.ei : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056899.exe -> Downloader.Dyfuca.ei : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0057359.exe -> Downloader.Dyfuca.ei : Cleaned with backup (quarantined).
C:\Documents and Settings\Paige\Local Settings\Temporary Internet Files\Content.IE5\6VU78B0P\optimize[1].exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).

Everything seems to be working better! Thanks Alot!

 

here are the 2 logs

Logfile of HijackThis v1.99.1
Scan saved at 10:03:42 PM, on 7/24/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gregory DiBell\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common

Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton

Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program

Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update

Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Ptojull] C:\Program Files\Gsjcljp\Qtgl.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -

http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -

http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) -

http://community.webshots.com/html/WSPhotoUploader.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program

Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation -

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet

Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

 

 

C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056336.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\Documents and Settings\Paige\Local Settings\Temporary Internet Files\Content.IE5\ZMH0XBCO\installer_252[1].exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP349\A0053272.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP349\A0054272.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\Documents and Settings\Paige\Local Settings\Temp\f707593.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056388.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056389.dll -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056390.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056391.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056392.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\kwahw.dat -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\Documents and Settings\Paige\Local Settings\Temp\nein.exe -> Downloader.Small.bgl : Cleaned with backup (quarantined).
C:\Documents and Settings\Paige\Local Settings\Temporary Internet Files\Content.IE5\K3Y278FU\nein[1].exe -> Downloader.Small.bgl : Cleaned with backup (quarantined).
C:\Documents and Settings\Paige\Local Settings\Temporary Internet Files\Content.IE5\SFSQBF2Q\pi1_36[1].exe -> Downloader.Small.cqy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056337.exe -> Downloader.Small.cqy : Cleaned with backup (quarantined).
C:\Documents and Settings\Paige\Local Settings\Temp\xload.exe -> Downloader.VB.wz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056405.exe -> Downloader.VB.wz : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx -> Dropper.PurityScan.ae : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056370.exe -> Dropper.Small.qn : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\STEJGH2Z\pre[1].emf -> Exploit.MS05-053-WMF : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP349\A0053297.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056369.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Paige\Local Settings\Temp\E2B35.tmp/mptft.exe -> Hijacker.StartPage.ajj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP349\A0056286.exe -> Hijacker.StartPage.ajj : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Ignored.
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\Documents and Settings\Paige\Local Settings\Temporary Internet Files\Content.IE5\6VU78B0P\klite.ath[1] -> Not-A-Virus.Exploit.Win32.MS05013 : Ignored.
C:\Documents and Settings\Paige\Cookies\paige@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Gregory DiBell\Local Settings\Temp\Cookies\gregory dibell@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Gregory DiBell\Cookies\gregory dibell@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Gregory DiBell\Local Settings\Temp\Cookies\gregory dibell@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Paige\Cookies\paige@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Gregory DiBell\Cookies\gregory dibell@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Gregory DiBell\Local Settings\Temp\Cookies\gregory dibell@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Paige\Cookies\paige@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Paige\Cookies\paige@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Paige\Cookies\paige@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Paige\Cookies\paige@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Paige\Cookies\paige@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Gregory DiBell\Cookies\gregory dibell@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Gregory DiBell\Local Settings\Temp\Cookies\gregory dibell@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Paige\Cookies\paige@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Gregory DiBell\Cookies\gregory dibell@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Paige\Cookies\paige@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Gregory DiBell\Local Settings\Temp\Cookies\gregory dibell@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Gregory DiBell\Local Settings\Temp\Cookies\gregory dibell@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Gregory DiBell\Cookies\gregory dibell@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Gregory DiBell\Local Settings\Temp\Cookies\gregory dibell@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Paige\Cookies\paige@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Gregory DiBell\Cookies\gregory dibell@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Gregory DiBell\Local Settings\Temp\Cookies\gregory dibell@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Paige\Cookies\paige@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Paige\Cookies\paige@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned.
C:\Documents and Settings\Gregory DiBell\Cookies\gregory dibell@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\Paige\Cookies\paige@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Gregory DiBell\Local Settings\Temp\Cookies\gregory dibell@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Paige\Cookies\paige@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Paige\Cookies\paige@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Gregory DiBell\Cookies\gregory dibell@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Paige\Cookies\paige@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Gregory DiBell\Cookies\gregory dibell@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Paige\Cookies\paige@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Paige\Cookies\paige@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Paige\Cookies\paige@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Paige\Cookies\paige@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Paige\Cookies\paige@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Gregory DiBell\Cookies\gregory dibell@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Gregory DiBell\Local Settings\Temp\Cookies\gregory dibell@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Paige\Cookies\paige@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Gregory DiBell\Cookies\gregory dibell@a.tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Gregory DiBell\Cookies\gregory dibell@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Gregory DiBell\Local Settings\Temp\Cookies\gregory dibell@a.tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Gregory DiBell\Local Settings\Temp\Cookies\gregory dibell@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Paige\Cookies\paige@a.tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Paige\Cookies\paige@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Gregory DiBell\Cookies\gregory dibell@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Gregory DiBell\Local Settings\Temp\Cookies\gregory dibell@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Paige\Cookies\paige@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Gregory DiBell\Local Settings\Temp\Cookies\gregory dibell@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Paige\Local Settings\Temp\ICD1.tmp\UWFX6_0001_N69M1503NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\Documents and Settings\Paige\Local Settings\Temp\ICD2.tmp\USYP_0001_N69M1703NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USYP_0001_N69M1703NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWFX6_0001_N69M1503NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP349\A0053288.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056343.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP349\A0056287.exe -> Trojan.Runner.h : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056377.exe -> Trojan.Runner.h : Cleaned with backup (quarantined).
C:\Program Files\Gsjcljp\Qtgl.exe -> Trojan.Small.cy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP299\A0026061.exe -> Trojan.Small.cy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP335\A0041875.exe -> Trojan.Small.cy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056901.exe -> Trojan.Small.cy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0057361.exe -> Trojan.Small.cy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0056376.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).

::Report end

There's a discrepancy in the log. Your Ewido scan log shows that this file was quarantined, yet the hjt log you posted shows it is still present:
O4 - HKLM\..\Run: C:\Program Files\Gsjcljp\Qtgl.exe

It may still be present in the log because of the Norton Script Blocking service which runs in safe mode as well.

Disable your Symantec Script Blocking from within your Norton so it does not interfere with anything during our fixes now or later. You can enable this whenever we have verified that your system is clean.
To disable Norton AntiVirus Script Blocking:
1. Start Norton AntiVirus.
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
2. Click Options.
If you see a menu, click Norton AntiVirus.
3. In the left pane, click Script Blocking.
4. In the right pane, uncheck Enable Script Blocking (recommended).
5. Click OK.

Next, please download the KILLBOX, extract it to your desktop.

Open killbox.exe.

First click on Tools>Delete Temp Files.
A box will open with a list of all user profiles.

Check the following boxes at a minimum for each profile by clicking on the drop down and checking the boxes that are enabled. Some will not apply and those boxes will not be available to check. Make sure you do this for all the profiles listed.

Temporary Internet Files
Temp Files
XP Prefetch

If you want to clean your cookies, history, and list of recent files run you may check those boxes as well.

Then, click on the Button titled "Delete Selected Temp Files".
Exit by clicking the Button titled "Exit(Save Settings)".

Once back into the main killbox program, check the box:

Delete on Reboot

Highlight the entry below in Bold text and then copy it.

C:\Program Files\Gsjcljp\Qtgl.exe

Then in killbox click File>>Paste from Clipboard

At this point the "All Files" button should be enabled so you can click it.
Click the "All Files" button.

Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes.

A second message will ask to Reboot now? you will need to click Yes to allow the system to reboot.
Note: Killbox will let you know if a file does not exist.

When the system comes back up, run HijackThis again and check the box next to this entry:
O4 - HKLM\..\Run: C:\Program Files\Gsjcljp\Qtgl.exe

Close all windows except for HijackThis then click Fix Checked.
Reboot again and post back a fresh HijackThis log. Please advise how the computer is running now and if you are having any other issues. Thanks!