Vundo Is Found Each Time Firefox Is Opened!

G

GirLovesWaffles

New member
I had help from Shaba about 2 weeks ago. He helped me remove a number of rootkits and other viruses. Sadly, things are acting up again, it seems that something was left over and its multiplied since then. After i thought i was clean last time, i started getting popups each time i opened firefox about a day later. Now every time i start my computer i get a number of DLL's being blocked by Avira, and the same when each time i open firefox, plus the same popups as before. I ran HJT and found some things in there, hoping you could take a look also so that we can get this clean once and for all.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06:02 AM, on 5/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maple Story\npkcmsvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\TrueTransparency\TrueTransparency.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\GirLovesWaffles.exe.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {5595b6b9-ed14-4735-a42e-c4b84a714505} - C:\WINDOWS\system32\wazugige.dll (file missing)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [wipehuhubi] Rundll32.exe "C:\WINDOWS\system32\tesutefa.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [TrueTransparency] "C:\Program Files\TrueTransparency\TrueTransparency.exe"
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\garowori.dll,C:\WINDOWS\system32\sofokujo.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Program Files\Maple Story\npkcmsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8831 bytes
 
Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.
 
Sorry i didnt get back to you sooner, i was away for the weekend.

Here is DDS.txt:


DDS (Ver_09-03-16.01) - FAT32x86
Run by Spook at 19:12:26.73 on Sun 05/10/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.246 [GMT -3:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
SVCHOST.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\TrueTransparency\TrueTransparency.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maple Story\npkcmsvc.exe
C:\WINDOWS\ehome\RMSvc.exe
SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Spook\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uInternet Connection Wizard,ShellNext = iexplore
mWinlogon: UIHost=vistaui.exe
BHO: {5595b6b9-ed14-4735-a42e-c4b84a714505} - c:\windows\system32\wazugige.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ViStart] c:\program files\vistart\ViStart.exe
uRun: [TrueTransparency] "c:\program files\truetransparency\TrueTransparency.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: [Acer ePresentation HPD] c:\acer\empowering technology\epresentation\ePresentation.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Boot] c:\acer\empowering technology\epower\Boot.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [DrvIcon] c:\program files\vista drive icon\DrvIcon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [wipehuhubi] Rundll32.exe "c:\windows\system32\tesutefa.dll",s
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\garowori.dll,c:\windows\system32\sofokujo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\windows\system32\garowori.dll c:\windows\system32\sofokujo.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\spook\applic~1\mozilla\firefox\profiles\q0vhrz2h.default\
FF - component: c:\program files\mozilla firefox\components\dfff.dll
FF - component: c:\program files\mozilla firefox\components\WWShow.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-29 11608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-4-30 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-4-30 24336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-29 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-29 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-29 55640]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-4-30 700152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-26 24652]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\elock2burnerlockdriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\elock2fsctldriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]

=============== Created Last 30 ================

2009-05-09 14:35 12,072 a------- c:\windows\scunin.dat
2009-05-09 14:35 68,096 a------- c:\windows\ScUnin.exe
2009-05-09 14:35 967 a------- c:\windows\ScUnin.pif
2009-05-06 03:12 <DIR> --d----- c:\program files\Starcraft
2009-05-05 02:34 116,736 a------- c:\windows\system32\drivers\mcdbus.sys
2009-04-30 15:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo
2009-04-30 15:13 155,384 a------- c:\windows\system32\guard32.dll
2009-04-30 15:13 110,992 a------- c:\windows\system32\drivers\cmdguard.sys
2009-04-30 15:13 24,336 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-04-30 15:13 <DIR> --d----- c:\program files\COMODO
2009-04-29 15:13 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-29 15:13 <DIR> --d----- c:\program files\Avira
2009-04-29 15:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-04-28 03:25 <DIR> a-dshr-- C:\cmdcons
2009-04-27 00:47 <DIR> --d----- c:\program files\Trend Micro
2009-04-26 20:46 326 a------- c:\windows\wininit.ini
2009-04-18 02:28 <DIR> --d----- c:\docume~1\spook\applic~1\Armagetron
2009-04-15 13:51 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-15 13:51 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-15 13:51 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-15 13:51 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-15 13:51 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 13:51 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-15 13:51 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-15 13:51 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 13:51 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 13:50 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 13:50 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 13:50 215,552 -------- c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-04-29 15:00 81,984 a------- c:\windows\system32\bdod.bin
2009-04-04 23:53 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2009-03-31 17:14 3,858 a------- c:\windows\system32\ealregsnapshot1.reg
2009-03-21 11:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-20 23:02 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 11:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-24 16:35 129,784 -------- c:\windows\system32\pxafs.dll
2009-02-24 16:35 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-02-24 16:35 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-02-24 16:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-02-24 16:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-02-24 16:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-02-24 16:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-02-24 16:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-02-24 16:34 684,032 a------- c:\windows\system32\DivX.dll
2009-02-15 12:29 35,391 a------- c:\windows\DIIUnin.dat
2009-02-15 12:28 21,840 a------- c:\windows\system32\SIntfNT.dll
2009-02-15 12:28 17,212 a------- c:\windows\system32\SIntf32.dll
2009-02-15 12:28 12,067 a------- c:\windows\system32\SIntf16.dll
2009-02-11 13:51 94,208 a------- c:\windows\DIIUnin.exe
2009-02-11 13:51 2,829 a------- c:\windows\DIIUnin.pif
2008-10-22 15:32 30 a------- c:\documents and settings\spook\jagex_runescape_preferences.dat
2008-09-17 22:55 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091720080918\index.dat

============= FINISH: 19:14:10.31 ===============


And here is Attach.txt:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/4/2008 5:19:28 AM
System Uptime: 5/10/2009 7:05:32 PM (0 hours ago)

Motherboard: Acer | | Navarro
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket M2/S1G1 | 798/200mhz

==== Disk Partitions =========================

C: is FIXED (FAT32) - 53 GiB total, 18.938 GiB free.
D: is FIXED (NTFS) - 54 GiB total, 47.2 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR5005G Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_04181468&REV_01\4&FCF0450&0&10A4
Manufacturer: Atheros
Name: Atheros AR5005G Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_04181468&REV_01\4&FCF0450&0&10A4
Service: AR5211

==== System Restore Points ===================

RP2: 4/29/2009 2:54:11 PM - System Checkpoint
RP3: 4/29/2009 3:00:04 PM - Removed BitDefender Free Edition v10
RP4: 4/29/2009 3:11:52 PM - Avira AntiVir Personal - 4/29/2009 15:11
RP5: 4/30/2009 4:16:00 PM - System Checkpoint
RP6: 5/1/2009 6:03:02 PM - System Checkpoint
RP7: 5/3/2009 8:53:49 PM - System Checkpoint
RP8: 5/5/2009 4:24:21 PM - System Checkpoint
RP9: 5/7/2009 4:01:08 PM - System Checkpoint

==== Installed Programs ======================

AAC Decoder
Acer Empowering Technology
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer OrbiCam
Acer Screensaver
Active GIF Creator 3.2
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 7.0
Adobe Shockwave Player 11
Advertisement Service
AIM 6
ALZip
Armagetron Advanced 0.2.8.3_rc1.gcc
ASIO4ALL
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
AutoUpdate
Avira AntiVir Personal - Free Antivirus
CDisplay 1.8
Choice Guard
Collab
COMODO Internet Security
Critical Update for Windows Media Player 11 (KB959772)
Diablo II
DigiFast
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
EA Download Manager
ERUNT 1.1j
FL Studio 8
G-Force
Gimp 2.6.1
H.264 Decoder
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB895961-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
IL Download Manager
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Junk Mail filter update
Launch Manager
LightScribe 1.4.74.1
MagicDisc 2.7.106
MapleStory GL
Media Center Extender
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MKV Splitter
Mozilla Firefox (3.0.10)
MSVCRT
Network Magic
Network Play System (Patching)
NTI Backup NOW! 4
NTI CD & DVD-Maker
Opera 9.63
Pando Media Booster
PoiZone
PowerDVD
PowerProducer
Pure Networks Platform
Realtek High Definition Audio Driver
RebirthRO SMALL CLIENT
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
SMSC IrCC V5.1.3600.7
Soft Data Fax Modem with SmartCP
Sonic Encoders
SPORE™ Creature Creator Trial Edition
Spybot - Search & Destroy
Starcraft
Synaptics Pointing Device Driver
TeamSpeak 2 RC2
The Sims Livin' Large
The Sims™ 2 Double Deluxe
Toxic Biohazard
Update for Windows Internet Explorer 8 (KB961813)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.762
VideoLAN VLC media player 0.8.6i
Viewpoint Media Player
Vista Transformation Pack 8.0
WebFldrs XP
WhiteCap
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8 Release Candidate 1
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

5/8/2009 12:27:46 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
5/8/2009 12:27:46 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/8/2009 12:27:04 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
5/8/2009 12:27:04 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/8/2009 1:18:06 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/4/2009 5:48:09 AM, error: PlugPlayManager [12] - The device 'PHILIPS DVD-RAM SDVD8821' (IDE\CdRomPHILIPS_DVD-RAM_SDVD8821________________EX04____\5&2b182631&0&0.1.0) disappeared from the system without first being prepared for removal.
5/3/2009 5:19:57 PM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
5/3/2009 5:19:57 PM, error: Service Control Manager [7000] - The eLock2FSCTLDriver service failed to start due to the following error: The system cannot find the file specified.
5/3/2009 5:19:57 PM, error: Service Control Manager [7000] - The eLock2BurnerLockDriver service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================
 
Hi again,


Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode
  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
     and OK any prompts.
  • Restart your computer

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
Hey there, blade. Here are the results of those scans:

GooredFix:

GooredFix v1.92 by jpshortstuff
Log created at 12:57 on 11/05/2009 running Option #1 (Spook)
Firefox version 3.0.10 (en-US)

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{96725117-7344-438E-86C6-70327FA1049C}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

ComboFix:

ComboFix 09-05-10.07 - Spook 05/11/2009 13:02.4 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.475 [GMT -3:00]
Running from: c:\documents and settings\Spook\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Spook\Local Settings\Temporary Internet Files\Cpvff.stt

.
((((((((((((((((((((((((( Files Created from 2009-04-11 to 2009-05-11 )))))))))))))))))))))))))))))))
.

2009-05-09 17:35 . 2009-05-09 17:35 12072 ----a-w c:\windows\scunin.dat
2009-05-09 17:35 . 2009-05-09 17:35 967 ----a-w c:\windows\ScUnin.pif
2009-05-09 17:35 . 2009-05-09 17:35 68096 ----a-w c:\windows\ScUnin.exe
2009-05-06 06:12 . 2009-05-06 06:12 -------- d-----w c:\program files\Starcraft
2009-05-05 05:34 . 2009-02-24 21:42 116736 ----a-w c:\windows\system32\drivers\mcdbus.sys
2009-04-30 18:13 . 2009-04-30 18:13 -------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2009-04-30 18:13 . 2009-04-30 18:13 155384 ----a-w c:\windows\system32\guard32.dll
2009-04-30 18:13 . 2009-04-30 18:13 24336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-04-30 18:13 . 2009-04-30 18:13 110992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-04-30 18:13 . 2009-04-30 18:13 -------- d-----w c:\program files\COMODO
2009-04-29 18:13 . 2009-03-24 19:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-29 18:13 . 2009-04-29 18:13 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-29 18:13 . 2009-04-29 18:13 -------- d-----w c:\program files\Avira
2009-04-27 08:39 . 2009-04-27 08:39 -------- d-----w c:\program files\ERUNT
2009-04-27 03:47 . 2009-04-27 03:47 -------- d-----w c:\program files\Trend Micro
2009-04-18 05:28 . 2009-04-18 05:28 -------- d-----w c:\documents and settings\Spook\Application Data\Armagetron
2009-04-15 16:51 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 16:51 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 16:51 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 16:51 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 16:51 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 16:51 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 16:51 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 16:51 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 16:51 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 16:50 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 16:50 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 04:54 . 2009-04-14 04:54 -------- d-----w c:\documents and settings\Spook\Local Settings\Application Data\Help
2009-04-12 02:27 . 2009-04-12 02:27 -------- d-----w c:\documents and settings\Spook\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 18:00 . 2008-08-04 05:43 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-06 06:09 . 2009-04-06 06:09 -------- d-----w c:\program files\DivX
2009-04-06 06:09 . 2009-04-06 06:09 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-05 02:54 . 2009-04-05 02:54 -------- d-----w c:\program files\Teamspeak2_RC2
2009-04-05 02:53 . 2009-04-05 02:53 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2009-03-31 20:14 . 2009-03-31 20:14 3858 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-03-26 05:02 . 2009-03-26 05:02 -------- d-----w c:\program files\Viewpoint
2009-03-26 05:02 . 2009-03-26 05:02 -------- d-----w c:\program files\Common Files\AOL
2009-03-26 05:01 . 2009-03-26 05:01 -------- d-----w c:\program files\AIM6
2009-03-21 02:02 . 2009-03-21 02:02 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-21 01:37 . 2009-03-21 01:37 -------- d-----w c:\program files\EA GAMES
2009-03-16 05:18 . 2006-06-01 20:59 84632 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-16 05:15 . 2009-03-16 05:15 -------- d-----w c:\program files\ViSplore
2009-03-16 05:15 . 2009-03-16 05:15 -------- d-----w c:\program files\WinFlip
2009-03-16 05:15 . 2009-03-16 05:15 -------- d-----w c:\program files\TrueTransparency
2009-03-16 05:15 . 2009-03-16 05:15 -------- d-----w c:\program files\VisualTooltip
2009-03-16 05:15 . 2009-03-16 05:15 -------- d-----w c:\program files\ViStart
2009-03-16 05:15 . 2009-03-16 05:15 -------- d-----w c:\program files\ViOrb
2009-03-16 05:15 . 2009-03-16 05:15 -------- d-----w c:\program files\Vista Rainbar
2009-03-16 05:15 . 2009-03-16 05:15 -------- d-----w c:\program files\Styler
2009-03-16 05:15 . 2009-03-16 05:15 -------- d-----w c:\program files\Vista Drive Icon
2009-03-16 04:31 . 2009-03-16 04:31 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-16 04:28 . 2009-03-16 04:28 -------- d-----w c:\program files\Microsoft
2009-03-16 04:28 . 2009-03-16 04:28 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-16 04:23 . 2009-03-16 04:23 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-11 21:17 . 2009-03-11 20:50 746 ----a-w c:\windows\eReg.dat
2009-03-09 08:19 . 2008-12-10 21:24 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-10 23:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-24 19:35 . 2009-04-06 06:09 9464 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-02-24 19:35 . 2009-04-06 06:09 9336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-02-24 19:35 . 2009-04-06 06:09 129784 ------w c:\windows\system32\pxafs.dll
2009-02-24 19:35 . 2009-04-06 06:09 120056 ------w c:\windows\system32\pxcpyi64.exe
2009-02-24 19:35 . 2009-04-06 06:09 118520 ------w c:\windows\system32\pxinsi64.exe
2009-02-24 19:35 . 2005-05-12 21:54 43528 ------w c:\windows\system32\drivers\pxhelp20.sys
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2009-02-15 15:29 . 2009-02-11 16:51 35391 ----a-w c:\windows\DIIUnin.dat
2009-02-15 15:28 . 2009-02-11 17:04 21840 ----a-w c:\windows\system32\SIntfNT.dll
2009-02-15 15:28 . 2009-02-11 17:04 17212 ----a-w c:\windows\system32\SIntf32.dll
2009-02-15 15:28 . 2009-02-11 17:04 12067 ----a-w c:\windows\system32\SIntf16.dll
2009-02-11 16:51 . 2009-02-11 16:51 94208 ----a-w c:\windows\DIIUnin.exe
2009-02-11 16:51 . 2009-02-11 16:51 2829 ----a-w c:\windows\DIIUnin.pif
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\opera\program\plugins\ssldivx.dll
2009-04-22 07:12 . 2009-04-22 07:12 90624 ----a-w c:\program files\mozilla firefox\components\WWShow.dll
2009-04-28 07:09 . 2009-04-28 07:09 211968 ----a-w c:\program files\mozilla firefox\components\dfff.dll
.

------- Sigcheck -------

[-] 2008-04-14 00:12 1423872 6A8B0B64F8D7EBEF70B16FF689C3C76D c:\windows\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\system32\VITrans\explorer.exe
[-] 2004-08-10 23:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ViStart"="c:\program files\ViStart\ViStart.exe" [2008-11-12 602112]
"TrueTransparency"="c:\program files\TrueTransparency\TrueTransparency.exe" [2008-06-25 372224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 53248]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 204800]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-16 579584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-06-23 602112]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-04-30 1851128]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-17 16207872]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-3-27 45056]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=c:\windows\pss\Extender Resource Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Spook^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Spook\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Spook^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Spook\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Armagetron Advanced\\armagetronad.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\WINDOWS\\System32\\vistaui.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [4/30/2009 3:13 PM 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [4/30/2009 3:13 PM 24336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/29/2009 3:13 PM 108289]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/26/2009 2:02 AM 24652]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6da84771-392d-11de-bce3-0016d414a3c0}]
\Shell\AutoRun\command - F:\autoplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-11 c:\windows\Tasks\User_Feed_Synchronization-{6A6751F0-5C2A-427A-B368-B6246AD69287}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 05:01]
.
- - - - ORPHANS REMOVED - - - -

BHO-{5595b6b9-ed14-4735-a42e-c4b84a714505} - c:\windows\system32\wazugige.dll
HKLM-Run-wipehuhubi - c:\windows\system32\tesutefa.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\Spook\Application Data\Mozilla\Firefox\Profiles\q0vhrz2h.default\
FF - component: c:\program files\Mozilla Firefox\components\dfff.dll
FF - component: c:\program files\Mozilla Firefox\components\WWShow.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 13:12
Windows 5.1.2600 Service Pack 3 FAT NTAPI

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(3336)
c:\windows\system32\guard32.dll
c:\program files\TrueTransparency\TrueTransparencyHook.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\program files\ViStart\StartHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\program files\COMODO\COMODO INTERNET SECURITY\CMDAGENT.EXE
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\acer\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
c:\program files\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE
c:\windows\EHOME\EHRECVR.EXE
c:\windows\EHOME\EHSCHED.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\program files\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
c:\program files\MAPLE STORY\NPKCMSVC.EXE
c:\windows\ehome\RMSvc.exe
c:\windows\ehome\McrdSvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\LAUNCH MANAGER\LMANAGER.EXE
c:\windows\EHOME\EHMSAS.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-05-11 13:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-11 16:18

Pre-Run: 19,794,788,352 bytes free
Post-Run: 20,410,662,912 bytes free

284 --- E O F --- 2009-04-29 06:00

DDS.txt:


DDS (Ver_09-03-16.01) - FAT32x86
Run by Spook at 13:22:53.01 on Mon 05/11/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.424 [GMT -3:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)
FW: COMODO Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
SVCHOST.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maple Story\npkcmsvc.exe
C:\WINDOWS\ehome\RMSvc.exe
SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\TrueTransparency\TrueTransparency.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Spook\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uInternet Connection Wizard,ShellNext = iexplore
mWinlogon: UIHost=vistaui.exe
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ViStart] c:\program files\vistart\ViStart.exe
uRun: [TrueTransparency] "c:\program files\truetransparency\TrueTransparency.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: [Acer ePresentation HPD] c:\acer\empowering technology\epresentation\ePresentation.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Boot] c:\acer\empowering technology\epower\Boot.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [DrvIcon] c:\program files\vista drive icon\DrvIcon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\spook\applic~1\mozilla\firefox\profiles\q0vhrz2h.default\
FF - component: c:\program files\mozilla firefox\components\dfff.dll
FF - component: c:\program files\mozilla firefox\components\WWShow.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-29 11608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-4-30 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-4-30 24336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-29 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-29 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-29 55640]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-4-30 700152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-26 24652]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\elock2burnerlockdriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\elock2fsctldriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]

=============== Created Last 30 ================

2009-05-11 13:00 161,792 a------- c:\windows\SWREG.exe
2009-05-11 13:00 98,816 a------- c:\windows\sed.exe
2009-05-09 14:35 12,072 a------- c:\windows\scunin.dat
2009-05-09 14:35 68,096 a------- c:\windows\ScUnin.exe
2009-05-09 14:35 967 a------- c:\windows\ScUnin.pif
2009-05-06 03:12 <DIR> --d----- c:\program files\Starcraft
2009-05-05 02:34 116,736 a------- c:\windows\system32\drivers\mcdbus.sys
2009-04-30 15:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo
2009-04-30 15:13 155,384 a------- c:\windows\system32\guard32.dll
2009-04-30 15:13 110,992 a------- c:\windows\system32\drivers\cmdguard.sys
2009-04-30 15:13 24,336 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-04-30 15:13 <DIR> --d----- c:\program files\COMODO
2009-04-29 15:13 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-29 15:13 <DIR> --d----- c:\program files\Avira
2009-04-29 15:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-04-28 03:25 <DIR> a-dshr-- C:\cmdcons
2009-04-27 00:47 <DIR> --d----- c:\program files\Trend Micro
2009-04-26 20:46 326 a------- c:\windows\wininit.ini
2009-04-18 02:28 <DIR> --d----- c:\docume~1\spook\applic~1\Armagetron
2009-04-15 13:51 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-15 13:51 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-15 13:51 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-15 13:51 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-15 13:51 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 13:51 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-15 13:51 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-15 13:51 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 13:51 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 13:50 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 13:50 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 13:50 215,552 -------- c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-04-29 15:00 81,984 a------- c:\windows\system32\bdod.bin
2009-04-04 23:53 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2009-03-31 17:14 3,858 a------- c:\windows\system32\ealregsnapshot1.reg
2009-03-21 11:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-20 23:02 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 11:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-24 16:35 129,784 -------- c:\windows\system32\pxafs.dll
2009-02-24 16:35 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-02-24 16:35 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-02-24 16:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-02-24 16:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-02-24 16:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-02-24 16:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-02-24 16:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-02-24 16:34 684,032 a------- c:\windows\system32\DivX.dll
2009-02-15 12:29 35,391 a------- c:\windows\DIIUnin.dat
2009-02-15 12:28 21,840 a------- c:\windows\system32\SIntfNT.dll
2009-02-15 12:28 17,212 a------- c:\windows\system32\SIntf32.dll
2009-02-15 12:28 12,067 a------- c:\windows\system32\SIntf16.dll
2009-02-11 13:51 94,208 a------- c:\windows\DIIUnin.exe
2009-02-11 13:51 2,829 a------- c:\windows\DIIUnin.pif
2008-10-22 15:32 30 a------- c:\documents and settings\spook\jagex_runescape_preferences.dat
2008-09-17 22:55 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091720080918\index.dat

============= FINISH: 13:24:06.20 ===============

Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/4/2008 5:19:28 AM
System Uptime: 5/11/2009 1:10:06 PM (0 hours ago)

Motherboard: Acer | | Navarro
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket M2/S1G1 | 798/200mhz

==== Disk Partitions =========================

C: is FIXED (FAT32) - 53 GiB total, 19.035 GiB free.
D: is FIXED (NTFS) - 54 GiB total, 47.2 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR5005G Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_04181468&REV_01\4&FCF0450&0&10A4
Manufacturer: Atheros
Name: Atheros AR5005G Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_04181468&REV_01\4&FCF0450&0&10A4
Service: AR5211

==== System Restore Points ===================

RP2: 4/29/2009 2:54:11 PM - System Checkpoint
RP3: 4/29/2009 3:00:04 PM - Removed BitDefender Free Edition v10
RP4: 4/29/2009 3:11:52 PM - Avira AntiVir Personal - 4/29/2009 15:11
RP5: 4/30/2009 4:16:00 PM - System Checkpoint
RP6: 5/1/2009 6:03:02 PM - System Checkpoint
RP7: 5/3/2009 8:53:49 PM - System Checkpoint
RP8: 5/5/2009 4:24:21 PM - System Checkpoint
RP9: 5/7/2009 4:01:08 PM - System Checkpoint
RP10: 5/10/2009 9:23:06 PM - System Checkpoint

==== Installed Programs ======================

AAC Decoder
Acer Empowering Technology
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer OrbiCam
Acer Screensaver
Active GIF Creator 3.2
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 7.0
Adobe Shockwave Player 11
Advertisement Service
AIM 6
ALZip
Armagetron Advanced 0.2.8.3_rc1.gcc
ASIO4ALL
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
AutoUpdate
Avira AntiVir Personal - Free Antivirus
CDisplay 1.8
Choice Guard
Collab
COMODO Internet Security
Critical Update for Windows Media Player 11 (KB959772)
Diablo II
DigiFast
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
EA Download Manager
ERUNT 1.1j
FL Studio 8
G-Force
Gimp 2.6.1
H.264 Decoder
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB895961-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
IL Download Manager
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Junk Mail filter update
Launch Manager
LightScribe 1.4.74.1
MagicDisc 2.7.106
MapleStory GL
Media Center Extender
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MKV Splitter
Mozilla Firefox (3.0.10)
MSVCRT
Network Magic
Network Play System (Patching)
NTI Backup NOW! 4
NTI CD & DVD-Maker
Opera 9.63
Pando Media Booster
PoiZone
PowerDVD
PowerProducer
Pure Networks Platform
Realtek High Definition Audio Driver
RebirthRO SMALL CLIENT
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
SMSC IrCC V5.1.3600.7
Soft Data Fax Modem with SmartCP
Sonic Encoders
SPORE™ Creature Creator Trial Edition
Spybot - Search & Destroy
Starcraft
Synaptics Pointing Device Driver
TeamSpeak 2 RC2
The Sims Livin' Large
The Sims™ 2 Double Deluxe
Toxic Biohazard
Update for Windows Internet Explorer 8 (KB961813)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.762
VideoLAN VLC media player 0.8.6i
Viewpoint Media Player
Vista Transformation Pack 8.0
WebFldrs XP
WhiteCap
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8 Release Candidate 1
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

5/8/2009 12:27:46 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
5/8/2009 12:27:46 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/8/2009 12:27:04 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
5/8/2009 12:27:04 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/8/2009 1:18:06 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/5/2009 12:33:41 AM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
5/5/2009 12:33:41 AM, error: Service Control Manager [7000] - The eLock2FSCTLDriver service failed to start due to the following error: The system cannot find the file specified.
5/5/2009 12:33:41 AM, error: Service Control Manager [7000] - The eLock2BurnerLockDriver service failed to start due to the following error: The system cannot find the file specified.
5/4/2009 5:48:09 AM, error: PlugPlayManager [12] - The device 'PHILIPS DVD-RAM SDVD8821' (IDE\CdRomPHILIPS_DVD-RAM_SDVD8821________________EX04____\5&2b182631&0&0.1.0) disappeared from the system without first being prepared for removal.

==== End Of File ===========================
 
Hi :)

Uninstall Java(TM) 6 Update 7

Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Please double-click GooredFix.exe on your Desktop to run it. Select 2. Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Post also contents of fresh dds.txt file. How's the system running?
 
Its getting better, but still not completely good. Im still getting those annoying popups. The dll error is gone and im my firefox searches arent being rerouted to other sites anymore, so thats definitely a plus :laugh:
When i look in add/remove programs i see something called advertisement service, is that a legitimate program or could that be causing the popups? I tried to google it but could find nothing about it.
Also, what should be done with the backup folder gooredfix created on my desktop? Should i put it somewhere safe or delete it?

GooredFix:

GooredFix v1.92 by jpshortstuff
Log created at 09:06 on 12/05/2009 running Option #2 (Spook)
Firefox version 3.0.10 (en-US)

=====Goored Deletions=====
C:\Program Files\Mozilla Firefox\extensions\{96725117-7344-438E-86C6-70327FA1049C}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"


DDS.txt:


DDS (Ver_09-03-16.01) - FAT32x86
Run by Spook at 9:22:29.91 on Tue 05/12/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.439 [GMT -3:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)
FW: COMODO Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
SVCHOST.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\TrueTransparency\TrueTransparency.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maple Story\npkcmsvc.exe
C:\WINDOWS\ehome\RMSvc.exe
SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Spook\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uInternet Connection Wizard,ShellNext = iexplore
mWinlogon: UIHost=vistaui.exe
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ViStart] c:\program files\vistart\ViStart.exe
uRun: [TrueTransparency] "c:\program files\truetransparency\TrueTransparency.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: [Acer ePresentation HPD] c:\acer\empowering technology\epresentation\ePresentation.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Boot] c:\acer\empowering technology\epower\Boot.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [DrvIcon] c:\program files\vista drive icon\DrvIcon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\spook\applic~1\mozilla\firefox\profiles\q0vhrz2h.default\
FF - component: c:\program files\mozilla firefox\components\dfff.dll
FF - component: c:\program files\mozilla firefox\components\WWShow.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-29 11608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-4-30 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-4-30 24336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-29 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-29 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-29 55640]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-4-30 700152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-26 24652]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\elock2burnerlockdriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\elock2fsctldriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]

=============== Created Last 30 ================

2009-05-12 09:05 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-12 09:02 <DIR> --d----- c:\program files\AskBarDis
2009-05-12 09:02 <DIR> --d----- c:\docume~1\spook\applic~1\Foxit
2009-05-12 09:02 <DIR> --d----- c:\program files\Foxit Software
2009-05-11 13:00 161,792 a------- c:\windows\SWREG.exe
2009-05-11 13:00 98,816 a------- c:\windows\sed.exe
2009-05-09 14:35 12,072 a------- c:\windows\scunin.dat
2009-05-09 14:35 68,096 a------- c:\windows\ScUnin.exe
2009-05-09 14:35 967 a------- c:\windows\ScUnin.pif
2009-05-06 03:12 <DIR> --d----- c:\program files\Starcraft
2009-05-05 02:34 116,736 a------- c:\windows\system32\drivers\mcdbus.sys
2009-04-30 15:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo
2009-04-30 15:13 155,384 a------- c:\windows\system32\guard32.dll
2009-04-30 15:13 110,992 a------- c:\windows\system32\drivers\cmdguard.sys
2009-04-30 15:13 24,336 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-04-30 15:13 <DIR> --d----- c:\program files\COMODO
2009-04-29 15:13 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-29 15:13 <DIR> --d----- c:\program files\Avira
2009-04-29 15:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-04-28 03:25 <DIR> a-dshr-- C:\cmdcons
2009-04-27 00:47 <DIR> --d----- c:\program files\Trend Micro
2009-04-26 20:46 326 a------- c:\windows\wininit.ini
2009-04-18 02:28 <DIR> --d----- c:\docume~1\spook\applic~1\Armagetron
2009-04-15 13:51 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-15 13:51 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-15 13:51 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-15 13:51 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-15 13:51 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 13:51 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-15 13:51 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-15 13:51 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 13:51 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 13:50 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 13:50 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 13:50 215,552 -------- c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-05-12 09:05 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-29 15:00 81,984 a------- c:\windows\system32\bdod.bin
2009-04-04 23:53 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2009-03-31 17:14 3,858 a------- c:\windows\system32\ealregsnapshot1.reg
2009-03-21 11:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-20 23:02 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-03-06 11:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-24 16:35 129,784 -------- c:\windows\system32\pxafs.dll
2009-02-24 16:35 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-02-24 16:35 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-02-24 16:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-02-24 16:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-02-24 16:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-02-24 16:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-02-24 16:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-02-24 16:34 684,032 a------- c:\windows\system32\DivX.dll
2009-02-15 12:29 35,391 a------- c:\windows\DIIUnin.dat
2009-02-15 12:28 21,840 a------- c:\windows\system32\SIntfNT.dll
2009-02-15 12:28 17,212 a------- c:\windows\system32\SIntf32.dll
2009-02-15 12:28 12,067 a------- c:\windows\system32\SIntf16.dll
2009-02-11 13:51 94,208 a------- c:\windows\DIIUnin.exe
2009-02-11 13:51 2,829 a------- c:\windows\DIIUnin.pif
2008-10-22 15:32 30 a------- c:\documents and settings\spook\jagex_runescape_preferences.dat
2008-09-17 22:55 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091720080918\index.dat

============= FINISH: 9:24:00.95 ===============


Attach.txt:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/4/2008 5:19:28 AM
System Uptime: 5/12/2009 9:09:31 AM (0 hours ago)

Motherboard: Acer | | Navarro
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket M2/S1G1 | 798/200mhz

==== Disk Partitions =========================

C: is FIXED (FAT32) - 53 GiB total, 18.82 GiB free.
D: is FIXED (NTFS) - 54 GiB total, 47.2 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR5005G Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_04181468&REV_01\4&FCF0450&0&10A4
Manufacturer: Atheros
Name: Atheros AR5005G Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_04181468&REV_01\4&FCF0450&0&10A4
Service: AR5211

==== System Restore Points ===================

RP2: 4/29/2009 2:54:11 PM - System Checkpoint
RP3: 4/29/2009 3:00:04 PM - Removed BitDefender Free Edition v10
RP4: 4/29/2009 3:11:52 PM - Avira AntiVir Personal - 4/29/2009 15:11
RP5: 4/30/2009 4:16:00 PM - System Checkpoint
RP6: 5/1/2009 6:03:02 PM - System Checkpoint
RP7: 5/3/2009 8:53:49 PM - System Checkpoint
RP8: 5/5/2009 4:24:21 PM - System Checkpoint
RP9: 5/7/2009 4:01:08 PM - System Checkpoint
RP10: 5/10/2009 9:23:06 PM - System Checkpoint
RP11: 5/12/2009 8:54:13 AM - Removed Java(TM) 6 Update 12
RP12: 5/12/2009 8:56:21 AM - Removed Java(TM) 6 Update 7
RP13: 5/12/2009 8:58:20 AM - Removed Adobe Reader 7.0
RP14: 5/12/2009 8:59:47 AM - Removed Adobe Media Player
RP15: 5/12/2009 9:05:13 AM - Installed Java(TM) 6 Update 13

==== Installed Programs ======================

AAC Decoder
Acer Empowering Technology
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer OrbiCam
Acer Screensaver
Active GIF Creator 3.2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11
Advertisement Service
AIM 6
ALZip
Armagetron Advanced 0.2.8.3_rc1.gcc
ASIO4ALL
Ask Toolbar
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
AutoUpdate
Avira AntiVir Personal - Free Antivirus
CDisplay 1.8
Choice Guard
Collab
COMODO Internet Security
Critical Update for Windows Media Player 11 (KB959772)
Diablo II
DigiFast
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
EA Download Manager
ERUNT 1.1j
FL Studio 8
Foxit Reader
G-Force
Gimp 2.6.1
H.264 Decoder
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB895961-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
IL Download Manager
Java(TM) 6 Update 13
Junk Mail filter update
Launch Manager
LightScribe 1.4.74.1
MagicDisc 2.7.106
MapleStory GL
Media Center Extender
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MKV Splitter
Mozilla Firefox (3.0.10)
MSVCRT
Network Magic
Network Play System (Patching)
NTI Backup NOW! 4
NTI CD & DVD-Maker
Opera 9.63
Pando Media Booster
PoiZone
PowerDVD
PowerProducer
Pure Networks Platform
Realtek High Definition Audio Driver
RebirthRO SMALL CLIENT
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
SMSC IrCC V5.1.3600.7
Soft Data Fax Modem with SmartCP
Sonic Encoders
SPORE™ Creature Creator Trial Edition
Spybot - Search & Destroy
Starcraft
Synaptics Pointing Device Driver
TeamSpeak 2 RC2
The Sims Livin' Large
The Sims™ 2 Double Deluxe
Toxic Biohazard
Update for Windows Internet Explorer 8 (KB961813)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.762
VideoLAN VLC media player 0.8.6i
Viewpoint Media Player
Vista Transformation Pack 8.0
WebFldrs XP
WhiteCap
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8 Release Candidate 1
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

5/9/2009 2:46:25 PM, error: PlugPlayManager [12] - The device 'PHILIPS DVD-RAM SDVD8821' (IDE\CdRomPHILIPS_DVD-RAM_SDVD8821________________EX04____\5&2b182631&0&0.1.0) disappeared from the system without first being prepared for removal.
5/8/2009 12:27:46 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
5/8/2009 12:27:46 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/8/2009 12:27:04 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
5/8/2009 12:27:04 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/8/2009 1:18:06 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/5/2009 3:52:03 AM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
5/5/2009 3:52:03 AM, error: Service Control Manager [7000] - The eLock2FSCTLDriver service failed to start due to the following error: The system cannot find the file specified.
5/5/2009 3:52:03 AM, error: Service Control Manager [7000] - The eLock2BurnerLockDriver service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================
 
Hi

If you didn't install Foxit toolbar (Ask Toolbar) on purpose then please uninstall it (warned about it in my previous post).

Im still getting those annoying popups.
Click to expand...
Tell a bit more about those, please. When do they occur? Did you have Messenger Live Plus installed before those popups began to appear?

When i look in add/remove programs i see something called advertisement service, is that a legitimate program or could that be causing the popups?
Click to expand...
I'm not sure what program it comes with. Anyway, I see no objections for removing it.

Also, what should be done with the backup folder gooredfix created on my desktop? Should i put it somewhere safe or delete it?
Click to expand...
That will be dealt later.
 
About the ask bar, i DID choose not to have it installed, but for whatever reason it installed it anyway. I just removed it from add/remove programs now.

The popups seem to have stopped actually, but thats what happened last time we thought the system was clean too. For some reason they just stopped for a day and i thought they were gone, then all of a sudden the next day they were back. Ill give it a day or two to see if they return.

When i went to remove advertisement service, it said it was already uninstalled and just needed to be removed from the list, its now gone.

As far as I can see, everything is looking good. Ill run a kaspersky scan tomorrow just to make sure.

Also, a quick question. I read in another threat about a program that can be used to tell you anything on your computer that is out of date. I cant remember what the program was called through, do you know of it?
 
As far as I can see, everything is looking good. Ill run a kaspersky scan tomorrow just to make sure.
Click to expand...
Ok. Shall wait for your status report :)

Also, a quick question. I read in another threat about a program that can be used to tell you anything on your computer that is out of date. I cant remember what the program was called through, do you know of it?
Click to expand...
Do you mean F-Secure Health Check?
 
Status Report:

The popups are still coming. There are 2 that show up, one for a blackberry and one for some sort of love calculator. Only one pops up, but it is either one of the two. It pops up as soon as i open firefox. You mentioned messenger plus, and no, ive had messenger plus since it came out a year ago or more and its always been fine.
 
Sorry about the slow reply. I reinstalled firefox and im no longer getting the popups. I havnt done the scan yet, but everything seems to be better so i dont think its going to find anything anyway. Thanks for all the help, youll be getting a donation from me someday :D
 
You're welcome :)

Please do post a fresh dds.txt log once more even if scanners come back with 0 findings. If that looks good I'll give final instructions.
 
DDS.txt


DDS (Ver_09-03-16.01) - FAT32x86
Run by Spook at 16:56:26.15 on Fri 05/15/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.352 [GMT -3:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)
FW: COMODO Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
SVCHOST.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TrueTransparency\TrueTransparency.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maple Story\npkcmsvc.exe
C:\WINDOWS\ehome\RMSvc.exe
SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Spook\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uInternet Connection Wizard,ShellNext = iexplore
mWinlogon: UIHost=vistaui.exe
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [TrueTransparency] "c:\program files\truetransparency\TrueTransparency.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: [Acer ePresentation HPD] c:\acer\empowering technology\epresentation\ePresentation.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Boot] c:\acer\empowering technology\epower\Boot.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [DrvIcon] c:\program files\vista drive icon\DrvIcon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\spook\applic~1\mozilla\firefox\profiles\q0vhrz2h.default\
FF - component: c:\program files\mozilla firefox\components\dfff.dll
FF - component: c:\program files\mozilla firefox\components\WWShow.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-29 11608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-4-30 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-4-30 24336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-29 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-29 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-29 55640]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-4-30 700152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-26 24652]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\elock2burnerlockdriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\elock2fsctldriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]

=============== Created Last 30 ================

2009-05-12 09:05 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-12 09:02 <DIR> --d----- c:\docume~1\spook\applic~1\Foxit
2009-05-12 09:02 <DIR> --d----- c:\program files\Foxit Software
2009-05-11 13:00 161,792 a------- c:\windows\SWREG.exe
2009-05-11 13:00 98,816 a------- c:\windows\sed.exe
2009-05-09 14:35 34,410 a------- c:\windows\scunin.dat
2009-05-09 14:35 94,208 a------- c:\windows\ScUnin.exe
2009-05-09 14:35 967 a------- c:\windows\ScUnin.pif
2009-05-06 03:12 <DIR> --d----- c:\program files\Starcraft
2009-05-05 02:34 116,736 a------- c:\windows\system32\drivers\mcdbus.sys
2009-04-30 15:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo
2009-04-30 15:13 155,384 a------- c:\windows\system32\guard32.dll
2009-04-30 15:13 110,992 a------- c:\windows\system32\drivers\cmdguard.sys
2009-04-30 15:13 24,336 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-04-30 15:13 <DIR> --d----- c:\program files\COMODO
2009-04-29 15:13 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-29 15:13 <DIR> --d----- c:\program files\Avira
2009-04-29 15:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-04-28 03:25 <DIR> a-dshr-- C:\cmdcons
2009-04-27 00:47 <DIR> --d----- c:\program files\Trend Micro
2009-04-26 20:46 326 a------- c:\windows\wininit.ini
2009-04-18 02:28 <DIR> --d----- c:\docume~1\spook\applic~1\Armagetron

==================== Find3M ====================

2009-05-12 09:05 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-29 15:00 81,984 a------- c:\windows\system32\bdod.bin
2009-04-04 23:53 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2009-03-31 17:14 3,858 a------- c:\windows\system32\ealregsnapshot1.reg
2009-03-21 11:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-20 23:02 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-03-06 11:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 11:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-02-24 16:35 129,784 -------- c:\windows\system32\pxafs.dll
2009-02-24 16:35 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-02-24 16:35 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-02-24 16:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-02-24 16:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-02-24 16:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-02-24 16:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-02-24 16:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-02-24 16:34 684,032 a------- c:\windows\system32\DivX.dll
2009-02-15 12:29 35,391 a------- c:\windows\DIIUnin.dat
2009-02-15 12:28 21,840 a------- c:\windows\system32\SIntfNT.dll
2009-02-15 12:28 17,212 a------- c:\windows\system32\SIntf32.dll
2009-02-15 12:28 12,067 a------- c:\windows\system32\SIntf16.dll
2008-10-22 15:32 30 a------- c:\documents and settings\spook\jagex_runescape_preferences.dat
2008-09-17 22:55 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091720080918\index.dat

============= FINISH: 16:58:09.07 ===============


Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/4/2008 5:19:28 AM
System Uptime: 5/15/2009 3:00:39 PM (1 hours ago)

Motherboard: Acer | | Navarro
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket M2/S1G1 | 798/200mhz

==== Disk Partitions =========================

C: is FIXED (FAT32) - 53 GiB total, 18.533 GiB free.
D: is FIXED (NTFS) - 54 GiB total, 47.2 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR5005G Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_04181468&REV_01\4&FCF0450&0&10A4
Manufacturer: Atheros
Name: Atheros AR5005G Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_04181468&REV_01\4&FCF0450&0&10A4
Service: AR5211

==== System Restore Points ===================

RP2: 4/29/2009 2:54:11 PM - System Checkpoint
RP3: 4/29/2009 3:00:04 PM - Removed BitDefender Free Edition v10
RP4: 4/29/2009 3:11:52 PM - Avira AntiVir Personal - 4/29/2009 15:11
RP5: 4/30/2009 4:16:00 PM - System Checkpoint
RP6: 5/1/2009 6:03:02 PM - System Checkpoint
RP7: 5/3/2009 8:53:49 PM - System Checkpoint
RP8: 5/5/2009 4:24:21 PM - System Checkpoint
RP9: 5/7/2009 4:01:08 PM - System Checkpoint
RP10: 5/10/2009 9:23:06 PM - System Checkpoint
RP11: 5/12/2009 8:54:13 AM - Removed Java(TM) 6 Update 12
RP12: 5/12/2009 8:56:21 AM - Removed Java(TM) 6 Update 7
RP13: 5/12/2009 8:58:20 AM - Removed Adobe Reader 7.0
RP14: 5/12/2009 8:59:47 AM - Removed Adobe Media Player
RP15: 5/12/2009 9:05:13 AM - Installed Java(TM) 6 Update 13
RP16: 5/13/2009 11:09:25 AM - Software Distribution Service 3.0
RP17: 5/14/2009 12:57:55 PM - System Checkpoint
RP18: 5/15/2009 4:02:05 PM - System Checkpoint

==== Installed Programs ======================

AAC Decoder
Acer Empowering Technology
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer OrbiCam
Acer Screensaver
Active GIF Creator 3.2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11
AIM 6
ALZip
Armagetron Advanced 0.2.8.3_rc1.gcc
ASIO4ALL
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
AutoUpdate
Avira AntiVir Personal - Free Antivirus
CDisplay 1.8
Choice Guard
Collab
COMODO Internet Security
Critical Update for Windows Media Player 11 (KB959772)
Diablo II
DigiFast
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
EA Download Manager
ERUNT 1.1j
FL Studio 8
Foxit Reader
G-Force
Gimp 2.6.1
H.264 Decoder
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB895961-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
IL Download Manager
Java(TM) 6 Update 13
Junk Mail filter update
Launch Manager
LightScribe 1.4.74.1
MagicDisc 2.7.106
MapleStory GL
Media Center Extender
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MKV Splitter
Mozilla Firefox (3.0.10)
MSVCRT
Network Magic
Network Play System (Patching)
NTI Backup NOW! 4
NTI CD & DVD-Maker
Opera 9.63
Pando Media Booster
PoiZone
PowerDVD
PowerProducer
Pure Networks Platform
Realtek High Definition Audio Driver
RebirthRO SMALL CLIENT
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
SMSC IrCC V5.1.3600.7
Soft Data Fax Modem with SmartCP
Sonic Encoders
SPORE™ Creature Creator Trial Edition
Spybot - Search & Destroy
Starcraft
Synaptics Pointing Device Driver
TeamSpeak 2 RC2
The Sims Livin' Large
The Sims™ 2 Double Deluxe
Toxic Biohazard
Update for Windows Internet Explorer 8 (KB961813)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.762
VideoLAN VLC media player 0.8.6i
Viewpoint Media Player
Vista Transformation Pack 8.0
WebFldrs XP
WhiteCap
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8 Release Candidate 1
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

5/9/2009 3:04:36 AM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
5/9/2009 3:04:36 AM, error: Service Control Manager [7000] - The eLock2FSCTLDriver service failed to start due to the following error: The system cannot find the file specified.
5/9/2009 3:04:36 AM, error: Service Control Manager [7000] - The eLock2BurnerLockDriver service failed to start due to the following error: The system cannot find the file specified.
5/9/2009 2:46:25 PM, error: PlugPlayManager [12] - The device 'PHILIPS DVD-RAM SDVD8821' (IDE\CdRomPHILIPS_DVD-RAM_SDVD8821________________EX04____\5&2b182631&0&0.1.0) disappeared from the system without first being prepared for removal.
5/8/2009 12:27:46 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
5/8/2009 12:27:46 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/8/2009 12:27:04 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
5/8/2009 12:27:04 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/8/2009 1:18:06 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/13/2009 1:47:53 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

==== End Of File ===========================
 
Looks good :)

Now lets uninstall ComboFix:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK


Click Start >> Run and then copy/paste the following into the box and hit Enter:
"%userprofile%\Desktop\GooredFix.exe" /uninstall
If any of your security programs query a new Registry/AutoStart value being added please allow the changes.


You may delete dds.scr file and related dds.txt & attach.txt logs too.
 
I uninstalled the programs. I was waiting a few days to see if the popups would come back, and yesterday they did. Uninstalling and reinstalling firefox seems to fix them.. it must be a site i visit thats giving them to me, ill just have to be more careful i guess.
 
Yes, nowadays web is the place where one gets infected easily if isn't careful enough. This topic gives good hints.

Guess we can now archive this thread, can't we? :)
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top