Vundo Is Found Each Time Firefox Is Opened!

[GirLovesWaffles]

Status Report:

The popups are still coming. There are 2 that show up, one for a blackberry and one for some sort of love calculator. Only one pops up, but it is either one of the two. It pops up as soon as i open firefox. You mentioned messenger plus, and no, ive had messenger plus since it came out a year ago or more and its always been fine.

[Blade81]

Hi

Please do complete reinstallation for Firefox:
1. Backup bookmarks
2. Uninstall it first by following instructions here.
3. Get the latest version here.

[GirLovesWaffles]

Sorry about the slow reply. I reinstalled firefox and im no longer getting the popups. I havnt done the scan yet, but everything seems to be better so i dont think its going to find anything anyway. Thanks for all the help, youll be getting a donation from me someday :D

[Blade81]

You're welcome

Please do post a fresh dds.txt log once more even if scanners come back with 0 findings. If that looks good I'll give final instructions.

[GirLovesWaffles]

DDS.txt


DDS (Ver_09-03-16.01) - FAT32x86
Run by Spook at 16:56:26.15 on Fri 05/15/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.352 [GMT -3:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)
FW: COMODO Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
SVCHOST.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TrueTransparency\TrueTransparency.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maple Story\npkcmsvc.exe
C:\WINDOWS\ehome\RMSvc.exe
SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Spook\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uInternet Connection Wizard,ShellNext = iexplore
mWinlogon: UIHost=vistaui.exe
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [TrueTransparency] "c:\program files\truetransparency\TrueTransparency.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: [Acer ePresentation HPD] c:\acer\empowering technology\epresentation\ePresentation.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Boot] c:\acer\empowering technology\epower\Boot.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [DrvIcon] c:\program files\vista drive icon\DrvIcon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\spook\applic~1\mozilla\firefox\profiles\q0vhrz2h.default\
FF - component: c:\program files\mozilla firefox\components\dfff.dll
FF - component: c:\program files\mozilla firefox\components\WWShow.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-29 11608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-4-30 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-4-30 24336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-29 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-29 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-29 55640]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-4-30 700152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-26 24652]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\elock2burnerlockdriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\elock2fsctldriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]

=============== Created Last 30 ================

2009-05-12 09:05 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-12 09:02 <DIR> --d----- c:\docume~1\spook\applic~1\Foxit
2009-05-12 09:02 <DIR> --d----- c:\program files\Foxit Software
2009-05-11 13:00 161,792 a------- c:\windows\SWREG.exe
2009-05-11 13:00 98,816 a------- c:\windows\sed.exe
2009-05-09 14:35 34,410 a------- c:\windows\scunin.dat
2009-05-09 14:35 94,208 a------- c:\windows\ScUnin.exe
2009-05-09 14:35 967 a------- c:\windows\ScUnin.pif
2009-05-06 03:12 <DIR> --d----- c:\program files\Starcraft
2009-05-05 02:34 116,736 a------- c:\windows\system32\drivers\mcdbus.sys
2009-04-30 15:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo
2009-04-30 15:13 155,384 a------- c:\windows\system32\guard32.dll
2009-04-30 15:13 110,992 a------- c:\windows\system32\drivers\cmdguard.sys
2009-04-30 15:13 24,336 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-04-30 15:13 <DIR> --d----- c:\program files\COMODO
2009-04-29 15:13 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-29 15:13 <DIR> --d----- c:\program files\Avira
2009-04-29 15:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-04-28 03:25 <DIR> a-dshr-- C:\cmdcons
2009-04-27 00:47 <DIR> --d----- c:\program files\Trend Micro
2009-04-26 20:46 326 a------- c:\windows\wininit.ini
2009-04-18 02:28 <DIR> --d----- c:\docume~1\spook\applic~1\Armagetron

==================== Find3M ====================

2009-05-12 09:05 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-29 15:00 81,984 a------- c:\windows\system32\bdod.bin
2009-04-04 23:53 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2009-03-31 17:14 3,858 a------- c:\windows\system32\ealregsnapshot1.reg
2009-03-21 11:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-20 23:02 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-03-06 11:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 11:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-02-24 16:35 129,784 -------- c:\windows\system32\pxafs.dll
2009-02-24 16:35 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-02-24 16:35 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-02-24 16:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-02-24 16:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-02-24 16:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-02-24 16:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-02-24 16:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-02-24 16:34 684,032 a------- c:\windows\system32\DivX.dll
2009-02-15 12:29 35,391 a------- c:\windows\DIIUnin.dat
2009-02-15 12:28 21,840 a------- c:\windows\system32\SIntfNT.dll
2009-02-15 12:28 17,212 a------- c:\windows\system32\SIntf32.dll
2009-02-15 12:28 12,067 a------- c:\windows\system32\SIntf16.dll
2008-10-22 15:32 30 a------- c:\documents and settings\spook\jagex_runescape_preferences.dat
2008-09-17 22:55 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091720080918\index.dat

============= FINISH: 16:58:09.07 ===============


Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/4/2008 5:19:28 AM
System Uptime: 5/15/2009 3:00:39 PM (1 hours ago)

Motherboard: Acer | | Navarro
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket M2/S1G1 | 798/200mhz

==== Disk Partitions =========================

C: is FIXED (FAT32) - 53 GiB total, 18.533 GiB free.
D: is FIXED (NTFS) - 54 GiB total, 47.2 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR5005G Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_04181468&REV_01\4&FCF0450&0&10A4
Manufacturer: Atheros
Name: Atheros AR5005G Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_04181468&REV_01\4&FCF0450&0&10A4
Service: AR5211

==== System Restore Points ===================

RP2: 4/29/2009 2:54:11 PM - System Checkpoint
RP3: 4/29/2009 3:00:04 PM - Removed BitDefender Free Edition v10
RP4: 4/29/2009 3:11:52 PM - Avira AntiVir Personal - 4/29/2009 15:11
RP5: 4/30/2009 4:16:00 PM - System Checkpoint
RP6: 5/1/2009 6:03:02 PM - System Checkpoint
RP7: 5/3/2009 8:53:49 PM - System Checkpoint
RP8: 5/5/2009 4:24:21 PM - System Checkpoint
RP9: 5/7/2009 4:01:08 PM - System Checkpoint
RP10: 5/10/2009 9:23:06 PM - System Checkpoint
RP11: 5/12/2009 8:54:13 AM - Removed Java(TM) 6 Update 12
RP12: 5/12/2009 8:56:21 AM - Removed Java(TM) 6 Update 7
RP13: 5/12/2009 8:58:20 AM - Removed Adobe Reader 7.0
RP14: 5/12/2009 8:59:47 AM - Removed Adobe Media Player
RP15: 5/12/2009 9:05:13 AM - Installed Java(TM) 6 Update 13
RP16: 5/13/2009 11:09:25 AM - Software Distribution Service 3.0
RP17: 5/14/2009 12:57:55 PM - System Checkpoint
RP18: 5/15/2009 4:02:05 PM - System Checkpoint

==== Installed Programs ======================

AAC Decoder
Acer Empowering Technology
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer OrbiCam
Acer Screensaver
Active GIF Creator 3.2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11
AIM 6
ALZip
Armagetron Advanced 0.2.8.3_rc1.gcc
ASIO4ALL
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
AutoUpdate
Avira AntiVir Personal - Free Antivirus
CDisplay 1.8
Choice Guard
Collab
COMODO Internet Security
Critical Update for Windows Media Player 11 (KB959772)
Diablo II
DigiFast
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
EA Download Manager
ERUNT 1.1j
FL Studio 8
Foxit Reader
G-Force
Gimp 2.6.1
H.264 Decoder
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB895961-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
IL Download Manager
Java(TM) 6 Update 13
Junk Mail filter update
Launch Manager
LightScribe 1.4.74.1
MagicDisc 2.7.106
MapleStory GL
Media Center Extender
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MKV Splitter
Mozilla Firefox (3.0.10)
MSVCRT
Network Magic
Network Play System (Patching)
NTI Backup NOW! 4
NTI CD & DVD-Maker
Opera 9.63
Pando Media Booster
PoiZone
PowerDVD
PowerProducer
Pure Networks Platform
Realtek High Definition Audio Driver
RebirthRO SMALL CLIENT
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
SMSC IrCC V5.1.3600.7
Soft Data Fax Modem with SmartCP
Sonic Encoders
SPORE™ Creature Creator Trial Edition
Spybot - Search & Destroy
Starcraft
Synaptics Pointing Device Driver
TeamSpeak 2 RC2
The Sims Livin' Large
The Sims™ 2 Double Deluxe
Toxic Biohazard
Update for Windows Internet Explorer 8 (KB961813)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.762
VideoLAN VLC media player 0.8.6i
Viewpoint Media Player
Vista Transformation Pack 8.0
WebFldrs XP
WhiteCap
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8 Release Candidate 1
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

5/9/2009 3:04:36 AM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
5/9/2009 3:04:36 AM, error: Service Control Manager [7000] - The eLock2FSCTLDriver service failed to start due to the following error: The system cannot find the file specified.
5/9/2009 3:04:36 AM, error: Service Control Manager [7000] - The eLock2BurnerLockDriver service failed to start due to the following error: The system cannot find the file specified.
5/9/2009 2:46:25 PM, error: PlugPlayManager [12] - The device 'PHILIPS DVD-RAM SDVD8821' (IDE\CdRomPHILIPS_DVD-RAM_SDVD8821________________EX04____\5&2b182631&0&0.1.0) disappeared from the system without first being prepared for removal.
5/8/2009 12:27:46 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
5/8/2009 12:27:46 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/8/2009 12:27:04 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
5/8/2009 12:27:04 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/8/2009 1:18:06 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/13/2009 1:47:53 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

==== End Of File ===========================

[Blade81]

Looks good

Now lets uninstall ComboFix:

• Click START then RUN
• Now type Combofix /u in the runbox and click OK

Click Start >> Run and then copy/paste the following into the box and hit Enter:
"%userprofile%\Desktop\GooredFix.exe" /uninstall
If any of your security programs query a new Registry/AutoStart value being added please allow the changes.


You may delete dds.scr file and related dds.txt & attach.txt logs too.

[GirLovesWaffles]

I uninstalled the programs. I was waiting a few days to see if the popups would come back, and yesterday they did. Uninstalling and reinstalling firefox seems to fix them.. it must be a site i visit thats giving them to me, ill just have to be more careful i guess.

[Blade81]

Yes, nowadays web is the place where one gets infected easily if isn't careful enough. This topic gives good hints.

Guess we can now archive this thread, can't we?

[GirLovesWaffles]

Yup! Thanks for the help blade :D

[Blade81]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.