Deepfryer

May 16, 2008

It's running perfectly. :thumbsup: Thanks again!

May 16, 2008

Please disregard my last post, it is now working! You're the man!

May 16, 2008

I ran it successfully, but unfortunately I still can't connect to the internet.

May 16, 2008

Hi,

The computer still has some problems. When I try to use the ReG-Backup feature with winsockxpfix, it gives me this message: error saving file c:\erdnt\security. If I continue on to the next file, it keeps giving me the same error message for every file.

So what I did was, I saved a new system restore point and then proceeded to run the winsockxpfix. Unfortunately, I still can't connect to the internet, even after resetting the connection settings. Also, my computer is still taking a long time to boot up, and I've noticed that the taskbar at the bottom of the screen periodically "blinks". It disappears for a second, and then comes back. Any help would be greatly appreciated.

May 15, 2008

The Anti-Malware scan found 34 infections, and was able to fix them all. But I still can't seem to connect to the internets. Here's the log:

Malwarebytes' Anti-Malware 1.12

Database version: 750

Scan type: Full Scan (C:\|)

Objects scanned: 142215

Time elapsed: 1 hour(s), 7 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 30

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\Bat (Adware.Batco) -> Quarantined and deleted successfully.

Files Infected:

C:\QooBox\Quarantine\C\WINDOWS\system3200080.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP613\A0065386.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP613\A0065387.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP613\A0065388.exe (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP613\A0065395.exe (Adware.Batco) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP613\A0065405.exe (Adware.Batco) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP614\A0065414.exe (Adware.Batco) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP614\A0065478.exe (Adware.ISM) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP614\A0065482.dll (Adware.Batco) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP614\A0065483.exe (Adware.Batco) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP614\A0065485.exe (Adware.Rabio) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP614\A0065486.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP614\A0065487.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP614\A0065547.exe (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP660\A0069847.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP660\A0069848.exe (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP660\A0069849.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP662\A0069950.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP662\A0069951.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP663\A0070970.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP663\A0070971.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP663\A0070975.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP663\A0070976.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP663\A0071017.EXE (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP665\A0071527.exe (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP667\A0076779.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Program Files\Bat\Bat.info (Adware.Batco) -> Quarantined and deleted successfully.

C:\Program Files\Bat\Bat.original (Adware.Batco) -> Quarantined and deleted successfully.

C:\Program Files\Bat\un_BatSetup_15041.txt (Adware.Batco) -> Quarantined and deleted successfully.

C:\Program Files\Bat\X_Bat.log (Adware.Batco) -> Quarantined and deleted successfully.

May 15, 2008

Ok, done with step #1, and the logs are posted below. I'll be back ASAP with the Anti-Malware log...

ComboFix 08-05-11.1 - Joseph 2008-05-14 19:47:31.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.601 [GMT -4:00]

Running from: C:\Documents and Settings\Joseph\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Joseph\Desktop\CFScript.txt

* Created a new restore point

FILE ::

C:\WINDOWS\system32\aewchmtc.dll

C:\WINDOWS\system32\hxpqbkwj.dll

C:\WINDOWS\system32\ycyqvlcu.dll

.

((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))

.

2008-05-08 17:19 . 2008-05-08 17:19 <DIR> d-------- C:\Program Files\Trend Micro

2008-05-07 21:11 . 2008-05-07 21:12 661 --a------ C:\Documents and Settings\All Users\Application Data\LUInstall.LiveUpdate

2008-05-07 21:06 . 2008-05-07 21:07 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-05-07 21:06 . 2008-05-07 21:07 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-05-07 20:29 . 2008-05-07 21:20 <DIR> d-------- C:\Program Files\Norton Internet Security

2008-05-07 20:28 . 2008-05-07 21:07 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-05-07 20:28 . 2008-05-07 21:07 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-05-07 20:14 . 2008-05-07 20:16 10,284 --a------ C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate

2008-05-05 22:15 . 2008-05-05 22:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-05-05 07:51 . 2008-05-05 07:51 <DIR> d-------- C:\Program Files\Lavasoft

2008-05-05 07:50 . 2008-05-05 07:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-05-04 21:45 . 2008-05-06 22:31 109,736 --a------ C:\WINDOWS\BMa3cd1bf0.xml

2008-05-04 09:24 . 2004-08-10 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys

2008-05-04 09:23 . 2008-05-04 09:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-05-04 09:23 . 2008-05-04 09:23 1,409 --a------ C:\WINDOWS\QTFont.for

2008-04-19 11:24 . 2008-04-19 11:24 8 --a------ C:\WINDOWS\system32\nvModes.dat

2008-04-19 11:21 . 2008-04-20 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles

2008-04-19 10:54 . 2008-04-19 10:54 <DIR> d-------- C:\WINDOWS\nview

2008-04-19 10:54 . 2007-12-05 03:11 356,352 -ra------ C:\WINDOWS\system32\nvuninst.exe

2008-04-19 10:54 . 2007-12-10 15:54 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb

2008-04-16 22:08 . 2008-04-16 22:08 64 --a------ C:\WINDOWS\MEDB.ldb

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-08 01:19 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-05-08 01:07 --------- d-----w C:\Program Files\Symantec

2008-05-08 00:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-05-06 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint

2008-05-06 01:53 --------- d-----w C:\Documents and Settings\Joseph\Application Data\uTorrent

2008-05-04 13:17 6,686 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2008-05-04 11:57 --------- d-----w C:\Program Files\PokerStars

2008-04-14 01:59 --------- d-----w C:\Program Files\Krynn

2008-04-13 13:53 --------- d-----w C:\Program Files\Free RAR Extract Frog

2008-03-19 23:02 --------- d-----w C:\Program Files\AIM6

2008-03-19 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL

2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-16 01:57 --------- d-----w C:\Program Files\Bat

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-15 09:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe

2007-09-27 11:21 152 -csh--r C:\WINDOWS\system32\97BC902AE6.sys

.

((((((((((((((((((((((((((((( snapshot@2008-05-12_18.27.42.35 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-12 22:22:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-14 23:43:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="" []

"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 23:20 339968 C:\WINDOWS\stsystra.exe]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-11 09:44 98304]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 03:11 8523776]

"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 14:46 8192]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]

"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [ ]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]

"NSWosCheck"="C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe" [2007-12-03 02:41 25472]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"nwiz"="nwiz.exe" [2007-12-05 03:11 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 03:11 81920]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-11 09:42:15 24576]

hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-09 17:41:38 323646]

hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"C:\\Program Files\\Common Files\\AOL\\1145234364\\ee\\aolsoftware.exe"=

"C:\\Program Files\\Common Files\\AOL\\1145234364\\ee\\aim6.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Valve\\Steam\\SteamApps\\deepfryer\\counter-strike source\\hl2.exe"=

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-01-21 01:43:51 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1192751561.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I

"2008-05-08 00:59:19 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Joseph.job"

- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-14 19:50:30

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-05-14 19:51:15

ComboFix-quarantined-files.txt 2008-05-14 23:51:10

ComboFix2.txt 2008-05-14 21:59:43

ComboFix3.txt 2008-05-12 23:02:13

ComboFix4.txt 2008-05-12 22:28:01

Pre-Run: 75,079,450,624 bytes free

Post-Run: 75,065,384,960 bytes free

146 --- E O F --- 2008-04-11 03:09:29

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:52:16 PM, on 5/14/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk

O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--

End of file - 9965 bytes

May 12, 2008

Thanks for the help. Here are the resulting logs from Combofix and Hijack this:

ComboFix 08-05-11.1 - Joseph 2008-05-12 18:58:37.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.611 [GMT -4:00]

Running from: C:\Documents and Settings\Joseph\Desktop\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))