Here's my hijack this log incase this helps. If I should post this else where, let me know.
Thanks!
Logfile of HijackThis v1.99.1
Scan saved at 6:27:04 PM, on 8/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Q2hyaVJ1c3MA\command.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\WINDOWS\System32\nod32cc.exe
C:\WINDOWS\System32\nod32m2.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\dpmw32.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\ZZABENC.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\sose\dwtd.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\clntrust.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\ChriRuss\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wmich.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.4:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;www.hpsvikings.org;10.162.1.1;10.162.1.2;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O2 - BHO: (no name) - {61907441-9FD5-E559-D0FA-C76940FED2ED} - C:\WINDOWS\System32\yqo.dll
O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:\WINDOWS\System32\njvlhtrl.dll (file missing)
O2 - BHO: SDWin32 Class - {89921EDA-BEC7-417D-8E77-B3A279B7C520} - C:\WINDOWS\System32\iiqge.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\System32\zentray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [ZZABENC] C:\WINDOWS\ZZABENC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [Sysnet] C:\DOCUME~1\ChriRuss\LOCALS~1\Temp\sysnet.exe
O4 - HKLM\..\Run: [53sW3nR] dxmfxperf.exe
O4 - HKLM\..\Run: [exp] C:\WINDOWS\System32\exp
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\s4gddk.exe reg_run
O4 - HKLM\..\Run: [apisvc.exe] C:\WINDOWS\System32\apisvc.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [K036Rhdph] dpciext.exe
O4 - HKCU\..\Run: [qikz] C:\PROGRA~1\COMMON~1\qikz\qikzm.exe
O4 - HKCU\..\Run: [Haop] C:\Program Files\sose\dwtd.exe
O4 - HKCU\..\Run: [Akcde] C:\WINDOWS\System32\d?xplore.exe
O4 - Global Startup: CLNTRUST.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://mail.igl.net:8000/java/cr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.chart...oad/tgctlcm.cab
O16 - DPF: {2F5B39C5-C6F5-447A-A946-48B382C53985} - http://www.pacimedia...ll/pcs_0006.exe
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupd...ll/aun_0018.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.ho...es/MsnPUpld.cab
O16 - DPF: {539DA0E0-74A7-11D9-9669-0800200C9A66} - http://www.ouchvideo...viewer_ic13.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124219545770
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara....301470OneCC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124282877768
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.si...cherControl.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.palt....x/regdload.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2hyaVJ1c3MA\command.exe
O23 - Service: hgahyai - Unknown owner - C:\WINDOWS\system32\hgahyai.exe (file missing)
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: NOD32 Control Center Service (NOD32ControlCenter) - Unknown owner - C:\WINDOWS\System32\nod32cc.exe" -service (file missing)
O23 - Service: NOD32 Service (NOD32Service) - Unknown owner - C:\WINDOWS\System32\nod32m2.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Novell ZFD Wake on LAN Status Agent (Prometheus Wake-On-LAN Status Agent) - Novell Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
O23 - Service: Novell ZFD Remote Management (Remote Management Agent) - Novell Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe