Well the popups aside, my old symptoms just returned. My computer periodically lets me know that I've failed downloading something that I'm not sure what it is. I'm unable to scan with or disable any part of Norton. My desktop also periodically opens in a window, usually after the failed download message. Whatever's on my system keeps coming back it seems. Advice is appreciated.
**Update**
I just ran all the programs again to fix it. Here are the logs:
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 12/29/2008 at 02:44 AM
Application Version : 4.23.1006
Core Rules Database Version : 3680
Trace Rules Database Version: 1659
Scan type : Complete Scan
Total Scan Time : 00:48:32
Memory items scanned : 464
Memory threats detected : 2
Registry items scanned : 5122
Registry threats detected : 18
File items scanned : 59108
File threats detected : 5
Trojan.Vundo-Variant/Packed-GEN
C:\WINDOWS\SYSTEM32\IIFEEDVW.DLL
C:\WINDOWS\SYSTEM32\IIFEEDVW.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51C5659B-88E6-4FEE-B44A-47CCF1B07B72}
HKCR\CLSID\{51C5659B-88E6-4FEE-B44A-47CCF1B07B72}
HKCR\CLSID\{51C5659B-88E6-4FEE-B44A-47CCF1B07B72}\InprocServer32
HKCR\CLSID\{51C5659B-88E6-4FEE-B44A-47CCF1B07B72}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\KHFCVUON.DLL
HKU\S-1-5-21-515967899-1454471165-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51C5659B-88E6-4FEE-B44A-47CCF1B07B72}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\iifeeDvw
Trojan.Unclassified-Packed/Suspicious
C:\PROGRA~1\ZOOMPL~1\ZPSHLEXT.DLL
C:\PROGRA~1\ZOOMPL~1\ZPSHLEXT.DLL
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}
HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\CLSID
HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32
Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
Rogue.Component/Trace
HKLM\Software\Microsoft\6CADFD1D
HKLM\Software\Microsoft\6CADFD1D#6cadfd1d
HKLM\Software\Microsoft\6CADFD1D#Version
HKU\S-1-5-21-515967899-1454471165-725345543-1003\Software\Microsoft\CS41275
Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@adtrafficstats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@wmvmedialease[1].txt
Malwarebytes' Anti-Malware 1.31
Database version: 1528
Windows 5.1.2600 Service Pack 2
12/29/2008 3:09:03 AM
mbam-log-2008-12-29 (03-09-03).txt
Scan type: Quick Scan
Objects scanned: 47316
Time elapsed: 2 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\nbsfceyp.dll (Trojan.Vundo.H) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6cadef93 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\nbsfceyp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pyecfsbn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
ComboFix 08-12-28.01 - Owner 2008-12-29 3:21:35.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3071.2659 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\NoUvCfhk.ini
c:\windows\system32\NoUvCfhk.ini2
c:\windows\system32\pthreadGC2.dll
c:\windows\system32\scgqqvsj.dll
c:\windows\system32\tcjozt.dll
.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-29 )))))))))))))))))))))))))))))))
.
2008-12-29 01:44 . 2008-12-29 01:44 <DIR> d-------- c:\windows\Sun
2008-12-25 20:10 . 2008-12-25 20:10 <DIR> d-------- c:\program files\VideoLAN
2008-12-22 16:36 . 2008-12-22 16:36 <DIR> d-------- c:\program files\RealMedia
2008-12-22 16:36 . 2008-12-22 16:36 <DIR> d-------- c:\program files\OpenSource Flash Video Splitter
2008-12-22 16:36 . 2008-12-22 16:36 <DIR> d-------- c:\program files\MONOGRAM AMR SplitterDecoder
2008-12-22 16:36 . 2008-12-22 16:36 <DIR> d-------- c:\program files\DScaler5
2008-12-22 16:36 . 2008-12-22 16:36 <DIR> d-------- c:\program files\CD Audio Reader Filter
2008-12-22 16:35 . 2008-12-22 16:35 <DIR> d-------- c:\program files\SHOUTcast Source
2008-12-22 16:35 . 2008-12-22 16:35 <DIR> d-------- c:\program files\Haali
2008-12-22 16:35 . 2008-12-22 16:35 <DIR> d-------- c:\program files\ffdshow
2008-12-22 16:35 . 2008-12-22 16:35 <DIR> d-------- c:\program files\DSP-worx
2008-12-22 16:35 . 2008-12-22 16:35 <DIR> d-------- c:\program files\DirectVobSub
2008-12-22 16:35 . 2007-11-29 12:52 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-12-22 16:35 . 2007-11-29 12:52 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-12-22 16:35 . 2007-12-03 16:34 7,680 --a------ c:\windows\system32\ff_vfw.dll
2008-12-22 16:35 . 2007-11-29 12:52 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2008-12-22 16:34 . 2008-12-29 03:04 <DIR> d-------- c:\program files\Zoom Player
2008-12-22 16:27 . 2008-12-22 16:28 <DIR> d-------- c:\documents and settings\Owner\Application Data\FLVPlayer4Free
2008-12-22 15:57 . 2008-12-22 15:57 0 --a------ c:\windows\PlayList.Fpl
2008-12-22 15:54 . 2008-12-22 15:54 <DIR> d-------- c:\windows\tmp
2008-12-22 15:54 . 2008-12-22 15:54 389,120 --a------ c:\windows\system32\ACTSKN43.OCX
2008-12-21 16:55 . 2008-12-21 16:55 <DIR> d-------- c:\program files\Trend Micro
2008-12-21 16:45 . 2008-12-21 16:45 <DIR> d-------- c:\program files\Java
2008-12-21 16:45 . 2008-12-21 16:45 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-21 16:45 . 2008-12-21 16:45 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-21 16:21 . 2008-12-21 16:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-21 16:21 . 2008-12-21 16:21 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-12-21 16:21 . 2008-12-21 16:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-21 16:21 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-21 16:21 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-21 15:25 . 2008-12-21 15:25 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-21 15:25 . 2008-12-21 15:25 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2008-12-21 15:25 . 2008-12-21 15:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-21 15:24 . 2008-12-21 15:24 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-21 15:18 . 2008-12-21 15:18 <DIR> d-------- c:\program files\CCleaner
2008-12-14 23:50 . 2008-12-14 23:50 96 --ah----- c:\windows\system32\HsInfo.dat
2008-12-14 23:16 . 2008-12-21 13:40 <DIR> d-------- c:\program files\Gravity
2008-12-12 19:09 . 2008-12-12 19:09 <DIR> d-------- c:\program files\uTorrent
2008-12-12 19:08 . 2008-12-29 00:42 <DIR> d-------- c:\documents and settings\Owner\Application Data\uTorrent
2008-12-10 16:15 . 2008-12-10 16:15 <DIR> d-------- c:\documents and settings\Owner\Application Data\Red Kawa
2008-12-09 23:58 . 2008-12-09 23:59 <DIR> d-------- c:\program files\QuickTime
2008-12-07 20:23 . 2008-12-07 20:23 249,856 --------- c:\windows\Setup1.exe
2008-12-07 20:23 . 2008-12-07 20:23 73,216 --a------ c:\windows\ST6UNST.EXE
2008-12-03 19:14 . 2008-12-03 19:14 <DIR> d-------- c:\program files\Red Kawa
2008-12-03 19:14 . 2008-12-03 19:14 <DIR> d-------- c:\program files\AviSynth 2.5
2008-12-03 19:13 . 2008-12-03 19:13 <DIR> d-------- C:\OpenCandy
2008-12-03 16:00 . 2008-12-03 16:00 <DIR> d-------- c:\program files\iTunes
2008-12-03 16:00 . 2008-12-03 16:00 <DIR> d-------- c:\program files\iPod
2008-12-03 16:00 . 2008-12-03 16:16 <DIR> d-------- c:\documents and settings\Owner\Application Data\Apple Computer
2008-12-03 16:00 . 2008-12-03 16:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-03 16:00 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-03 16:00 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-03 15:59 . 2008-12-07 20:28 <DIR> d-------- c:\program files\Bonjour
2008-12-03 15:59 . 2008-12-07 03:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-03 15:58 . 2008-12-03 16:00 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-03 15:58 . 2008-12-03 15:58 <DIR> d-------- c:\program files\Apple Software Update
2008-12-03 15:58 . 2008-12-03 15:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-12-03 15:58 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 09:25 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-29 00:45 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-26 02:11 --------- d-----w c:\documents and settings\Owner\Application Data\dvdcss
2008-12-25 23:32 --------- d-----w c:\program files\Steam
2008-12-21 19:40 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-25 00:21 --------- d-----w c:\documents and settings\All Users\Application Data\VMware
2008-11-25 00:19 --------- d-----w c:\documents and settings\Owner\Application Data\VMware
2008-11-24 19:45 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware
2008-11-13 22:07 3,532 ----a-w C:\drmHeader.bin
2008-10-31 04:57 --------- d-----w c:\program files\SystemRequirementsLab
2008-07-14 15:55 308,600 ----a-w c:\documents and settings\All Users\Application Data\NortonProtectionMemo.exe
.
((((((((((((((((((((((((((((( snapshot@2008-12-24_18.13.24.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 02:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2008-12-29 09:24:40 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2d4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-26 786521]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-21 13508608]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-21 86016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-24 714608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-06 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-02-21 c:\windows\system32\nwiz.exe]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=tcjozt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-03-05 15:57 1103480 c:\program files\Download Manager\DLM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2007-08-24 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-02 99376]
R3 itecir;ITE EC CIR Driver (RTC);c:\windows\system32\DRIVERS\itecir.sys [2008-05-02 9728]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-05-29 23888]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53d3199c-75e9-11dd-aea0-005056c00008}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b45d9212-763f-11dd-aea2-005056c00008}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-12-23 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Owner.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 19:19]
.
- - - - ORPHANS REMOVED - - - -
BHO-{7e9a7673-62b8-4e42-9ba8-b306f924e9c1} - c:\windows\system32\tcjozt.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
c:\windows\Downloaded Program Files\sysreqlab3.dll - c:\windows\Downloaded Program Files\sysreqlab_srl.dll
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
c:\windows\Downloaded Program Files\sysreqlab.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-29 03:25:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(984)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-12-29 3:27:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-29 09:26:57
ComboFix2.txt 2008-12-25 00:17:15
ComboFix3.txt 2008-12-25 00:13:37
Pre-Run: 14,147,338,240 bytes free
Post-Run: 14,027,763,712 bytes free
203 --- E O F --- 2008-12-18 09:00:56