Computer Died

I have a 4 or 5 year old gateway with an Intel Pentium 4 AT. About a year ago I noticed that every once in a while my processor fan would not "Idle back" and the computer would not boot. While on a business trip in August, a friend was using the computer and noticed problems with pop-ups.  When I got home i assumed it was the PSU and replaced it.  It worked twice and stopped again.  While it was working I ran a virus scan and found the evil Vundo. Now it will not start. AVG would not delete certain files so I'm assuming it has attacked my computer to the point it quit. If you have any advice i would really appreciate it. I have stooped to using my wifes laptop (actually really nice compared to mine but degrading!!!)to write this.

[Malware Removal Specialist]

Hello jtin, and welcome to Computer Hope Forum.  The first thing you will need you to do is to go to this link and follow the directions precisely.

SD,
      You are amazing! When I read your reply I turned on my desktop and it started right up! Imagine that.  I started the checklist and ran into a wall when I came to the SAS. After downloading and trying to open it I got a SAS has encountered a problem send/dont send window. 
     when I downloaded mbam and tried to run the setup I got the hourglass for a second then nothing...no window just nothing.
     I downloaded the java stuff and was able to run it then the computer locked up and I had to reboot by holding the power button....the computer was totally unresponsive. Well I could open things but not close anything...ie select the start button and it wouldn't go away, couldn't close IE.
     On restart I get ViewMgr has encountered a problem and IE search provider default.  A program has corrupted your default search provider settings for IE.
     I stopped at this point because it said to run everything else before HJT.

Thanks for the amazing brainwave thing you did to get it to start!

[Malware Removal Specialist]

Hello, jtin. I'm assuming that your OS is Windows XP. Your computer is starting but won't download and run SAS and MBAM? Let's try a rescue disk.
Go to this link to create a Rescue CD or to this site to create a Rescue USB. Carefully follow all the instructions for whichever method you choose.

SD,
     Yes it is an XP system.  I made the rescue USB.  Also while I was waiting for the reply I tried all the same stuff in safe mode with the same outcome. 
     I left out some things in my last reply.  While surfing I get Registry cleaner pop-ups.  Don't worry I won't.  Also when I open my browser I get a "browser closed unexpectedly" warning.  I think it's all part of the same thing but that's why you are the expert!  I sure do appreciate this. 

[Malware Removal Specialist]

What happened when you tried the Rescue CD?

SD,
      Ok I made the start up USB and after figuring out the whole BIOS thing I finally got it to work.  It ran its scans and found 15 corrupted file which I deleted.
     I rebooted.  I still get the ViewMgr error window.  I still get the IE search provider default. SAS still gets a problem window.  mbam let me install it this time but it still will not run.  I tried to restart in safemode and got the same thing.

[Malware Removal Specialist]

Ok jtin. Could you try changing the exe. file in SAS and MBAM to something else and see if they will then run. Just go to Program Files, look for SAS and MBAM and re-name the executable file. Sometimes the infection blocks these executable files from running. You may have to do the same with HJT

SD,
     You are awesome! I renamed the files and BAM!Here are the logs.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/01/2009 at 04:33 PM

Application Version : 4.29.1004

Core Rules Database Version : 4219
Trace Rules Database Version: 2122

Scan type       : Complete Scan
Total Scan Time : 00:50:55

Memory items scanned      : 402
Memory threats detected   : 1
Registry items scanned    : 8067
Registry threats detected : 139
File items scanned        : 72646
File threats detected     : 11

Adware.Vundo/Variant-Slob
   C:\WINDOWS\SYSTEM32\MURABORO.DLL
   C:\WINDOWS\SYSTEM32\MURABORO.DLL
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{bd6e906a-a25d-43ad-ac46-cfc0d25797ef}
   HKCR\CLSID\{BD6E906A-A25D-43AD-AC46-CFC0D25797EF}
   HKCR\CLSID\{bd6e906a-a25d-43ad-ac46-cfc0d25797ef}\InprocServer32
   HKCR\CLSID\{bd6e906a-a25d-43ad-ac46-cfc0d25797ef}\InprocServer32#ThreadingModel
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#dafivawah
   C:\WINDOWS\SYSTEM32\LUTAZIPU.DLL

Adware.Gamevance
   HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3}
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3}
   HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3}
   C:\Program Files\Gamevance\ars.cfg
   C:\Program Files\Gamevance\gamevancelib32.dll
   C:\Program Files\Gamevance\icon.ico
   C:\Program Files\Gamevance

Adware.EliteBar
   HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED103D9F-3070-4580-AB1E-E5C179C1AE41}
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED103D9F-3070-4580-AB1E-E5C179C1AE41}
   HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED103D9F-3070-4580-AB1E-E5C179C1AE41}

Adware.Ezula
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\Software\Web Offer

Adware.Avenue Media/Internet Optimizer
   HKCR\DyFuCA_BH_Bucket.Bucket
   HKCR\DyFuCA_BH_Bucket.Bucket\CurVer
   HKCR\DyFuCA_BH_Bucket.Bucket.1

Adware.IEPlugin
   C:\WINDOWS\lu.dat

Browser Hijacker.Deskbar
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

Rogue.Component/Trace
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\Software\50675947464081046969470753255559\Options
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\Software\50675947464081046969470753255559\Options#Aff
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\Software\50675947464081046969470753255559

Rootkit.Agent/Gen
   HKLM\SOFTWARE\UAC
   HKLM\SOFTWARE\UAC#EPROCESS_LEOffset
   HKLM\SOFTWARE\UAC#EPROCESS_NameOffset
   HKLM\SOFTWARE\UAC#affid
   HKLM\SOFTWARE\UAC#type
   HKLM\SOFTWARE\UAC#build
   HKLM\SOFTWARE\UAC#subid
   HKLM\SOFTWARE\UAC#cmddelay
   HKLM\SOFTWARE\UAC#ecaab67d-7d92-4ec1-ac32-3087345120a3
   HKLM\SOFTWARE\UAC#val
   HKLM\SOFTWARE\UAC#sval
   HKLM\SOFTWARE\UAC#rem_ok
   HKLM\SOFTWARE\UAC\connections
   HKLM\SOFTWARE\UAC\connections#a2674c18
   HKLM\SOFTWARE\UAC\connections#20d04c0a
   HKLM\SOFTWARE\UAC\connections#fe8cd514
   HKLM\SOFTWARE\UAC\connections#7d72e91c
   HKLM\SOFTWARE\UAC\connections#905b3008
   HKLM\SOFTWARE\UAC\disallowed
   HKLM\SOFTWARE\UAC\disallowed#trsetup.exe
   HKLM\SOFTWARE\UAC\disallowed#ViewpointService.exe
   HKLM\SOFTWARE\UAC\disallowed#ViewMgr.exe
   HKLM\SOFTWARE\UAC\disallowed#SpySweeper.exe
   HKLM\SOFTWARE\UAC\disallowed#SUPERAntiSpyware.exe
   HKLM\SOFTWARE\UAC\disallowed#SpySub.exe
   HKLM\SOFTWARE\UAC\disallowed#SpywareTerminatorShield.exe
   HKLM\SOFTWARE\UAC\disallowed#SpyHunter3.exe
   HKLM\SOFTWARE\UAC\disallowed#XoftSpy.exe
   HKLM\SOFTWARE\UAC\disallowed#SpyEraser.exe
   HKLM\SOFTWARE\UAC\disallowed#combofix.exe
   HKLM\SOFTWARE\UAC\disallowed#otscanit.exe
   HKLM\SOFTWARE\UAC\disallowed#mbam.exe
   HKLM\SOFTWARE\UAC\disallowed#mbam-setup.exe
   HKLM\SOFTWARE\UAC\disallowed#flash_disinfector.exe
   HKLM\SOFTWARE\UAC\disallowed#otmoveit2.exe
   HKLM\SOFTWARE\UAC\disallowed#smitfraudfix.exe
   HKLM\SOFTWARE\UAC\disallowed#prevxcsifree.exe
   HKLM\SOFTWARE\UAC\disallowed#download_mbam-setup.exe
   HKLM\SOFTWARE\UAC\disallowed#cbo_setup.exe
   HKLM\SOFTWARE\UAC\disallowed#spywareblastersetup.exe
   HKLM\SOFTWARE\UAC\disallowed#rminstall.exe
   HKLM\SOFTWARE\UAC\disallowed#sdsetup.exe
   HKLM\SOFTWARE\UAC\disallowed#vundofixsvc.exe
   HKLM\SOFTWARE\UAC\disallowed#daft.exe
   HKLM\SOFTWARE\UAC\disallowed#gmer.exe
   HKLM\SOFTWARE\UAC\disallowed#catchme.exe
   HKLM\SOFTWARE\UAC\disallowed#mcpr.exe
   HKLM\SOFTWARE\UAC\disallowed#sdfix.exe
   HKLM\SOFTWARE\UAC\disallowed#hjtinstall.exe
   HKLM\SOFTWARE\UAC\disallowed#fixpolicies.exe
   HKLM\SOFTWARE\UAC\disallowed#emergencyutil.exe
   HKLM\SOFTWARE\UAC\disallowed#techweb.exe
   HKLM\SOFTWARE\UAC\disallowed#GoogleUpdate.exe
   HKLM\SOFTWARE\UAC\disallowed#windowsdefender.exe
   HKLM\SOFTWARE\UAC\disallowed#spybotsd.exe
   HKLM\SOFTWARE\UAC\disallowed#winlognn.exe
   HKLM\SOFTWARE\UAC\disallowed#csrssc.exe
   HKLM\SOFTWARE\UAC\disallowed#klif.sys
   HKLM\SOFTWARE\UAC\disallowed#pctssvc.sys
   HKLM\SOFTWARE\UAC\disallowed#pctcore.sys
   HKLM\SOFTWARE\UAC\disallowed#mchinjdrv.sys
   HKLM\SOFTWARE\UAC\disallowed#szkg.sys
   HKLM\SOFTWARE\UAC\disallowed#sasdifsv.sys
   HKLM\SOFTWARE\UAC\disallowed#saskutil.sys
   HKLM\SOFTWARE\UAC\disallowed#sasenum.sys
   HKLM\SOFTWARE\UAC\disallowed#ccHPx86.sys
   HKLM\SOFTWARE\UAC\injector
   HKLM\SOFTWARE\UAC\injector#*
   HKLM\SOFTWARE\UAC\mask
   HKLM\SOFTWARE\UAC\mask#21aecb5f
   HKLM\SOFTWARE\UAC\mask#f5d692d5
   HKLM\SOFTWARE\UAC\mask#a3d50932
   HKLM\SOFTWARE\UAC\mask#1ed943f0
   HKLM\SOFTWARE\UAC\mask#d3036adf
   HKLM\SOFTWARE\UAC\mask#30910b28
   HKLM\SOFTWARE\UAC\mask#e0ae8144
   HKLM\SOFTWARE\UAC\mask#49772768
   HKLM\SOFTWARE\UAC\versions
   HKLM\SOFTWARE\UAC\versions#/banner/crcmds/init

Rogue.Agent/Gen
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#aazalirt
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#skaaanret
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#jungertab
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#zibaglertz
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#iddqdops
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#ronitfst
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#tobmygers
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#jikglond
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#tobykke
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#klopnidret
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#jiklagka
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#salrtybek
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#seeukluba
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#jrjakdsd
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#krkdkdkee
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#dkewiizkjdks
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#dkekkrkska
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#rkaskssd
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#kuruhccdsdd
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#krujmmwlrra
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#kkwknrbsggeg
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#ktknamwerr
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#iqmcnoeqz
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#ienotas
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#krkmahejdk
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#otpeppggq
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#krtawefg
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#oranerkka
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#kitiiwhaas
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#otowjdseww
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#otnnbektre
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#oropbbsee
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#irprokwks
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#ooorjaas
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#id
   HKU\S-1-5-21-792570448-495975139-1349912240-1003\SOFTWARE\AVSCAN#ready

Adware.Vundo/Variant-EC
   C:\WINDOWS\SYSTEM32\DONELUVO.DLL
   C:\WINDOWS\SYSTEM32\JIJUWAJO.DLL

Adware.Vundo/Variant-[Fixed]
   C:\WINDOWS\SYSTEM32\JEBODOMA.DLL
   C:\WINDOWS\SYSTEM32\MEKIJORU.DLL
***************************************************************************************
Malwarebytes' Anti-Malware 1.41
Database version: 3081
Windows 5.1.2600 Service Pack 3

11/1/2009 8:29:39 PM
mbam-log-2009-11-01 (20-29-39).txt

Scan type: Quick Scan
Objects scanned: 115967
Time elapsed: 3 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 9
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f02fabcb-92dd-475a-98af-14217bd50746} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\gvtl (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\xjado (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Pass (Adware.Winad) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> Delete on reboot.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tidisupun (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\11875784 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar (Adware.EliteBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml (Adware.EliteBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\categories (Adware.EliteBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\images (Adware.EliteBar) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\wuyamoba.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\adult.tbr (Adware.EliteBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\default.tbr (Adware.EliteBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\search.mnu (Adware.EliteBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\categories\drugs.mnu (Adware.EliteBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\categories\fav.mnu (Adware.EliteBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\categories\porn.mnu (Adware.EliteBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\images\casino-ico.bmp (Adware.EliteBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\images\casino.bmp (Adware.EliteBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\images\dating-ico.bmp (Adware.EliteBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\images\dating.bmp (Adware.EliteBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\images\drugs-ico.bmp (Adware.EliteBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\images\drugs.bmp (Adware.EliteBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\images\fav-ico.bmp (Adware.EliteBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\images\fav.bmp (Adware.EliteBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\images\porn-ico.bmp (Adware.EliteBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\images\porn.bmp (Adware.EliteBar) -> Quarantined and deleted successfully.
C:\WINDOWS\EliteToolBar\xml\images\virus.bmp (Adware.EliteBar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
***************************************************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:06 PM, on 11/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.57 inetavirus.com
O1 - Hosts: 209.44.111.57 www.inetavirus.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\dan2.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182552982812
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topconverting.com/activex/website.ocx
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {dc7f31b5-c38f-4a5c-8a54-35c694154566} - (no file)
O20 - AppInit_DLLs: c:\windows\system32\tusavila.dll yesigoju.dll c:\windows\system32\muraboro.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: nujahavik - {86d41a49-6682-4d9e-97bf-6695949f1f25} - (no file)
O21 - SSODL: dafivawah - {bd6e906a-a25d-43ad-ac46-cfc0d25797ef} - c:\windows\system32\muraboro.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {86d41a49-6682-4d9e-97bf-6695949f1f25} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {bd6e906a-a25d-43ad-ac46-cfc0d25797ef} - c:\windows\system32\muraboro.dll (file missing)
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - Unknown owner - C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://www.christianlinks.com/forums/images/avatars/8.jpg

--
End of file - 10869 bytes
***************************************************************************************
Again Thank you sooo much!

[Malware Removal Specialist]

Hello jtin. It's good to see that you were able to get the logs but we're not out of the woods yet.Could you please do this:

Download DDS from HERE or HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into your next post.
   

Next!

SD here it is...You guys are doing a great service...It is very interesting also...thinking about applying to MRU
 when I get clean!  I never thought getting a trojan could be so satisfying. Thanks again.
***************************************************************************************
DDS (Ver_09-10-26.01) - NTFSx86 
Run by Owner at 15:01:58.10 on Mon 11/02/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1015.544 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)   

{17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uSearch Page =
uSearchMigratedDefaultURL =

hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://websearch.drsnsrch.com/sidesearch.cgi?id=
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
mCustomizeSearch = hxxp://websearch.drsnsrch.com/sidesearch.cgi?id=
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program

files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search

enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft

office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg8\toolbar\IEToolbar.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program

files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program

files\avg\avg8\toolbar\IEToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program

files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default

manager\DefMgr.exe" -resume
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\dan2.exe"

/runcleanupscript
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program

files\netgear\wg311v3\wlancfg5.exe
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -

c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} -

c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} -

c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} -

c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -

hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} -

hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182552982

812
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -

hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - hxxp://static.topconverting.com/activex/website.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -

hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -

hxxp://www.symantec.com/techsupp/asa/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft

office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\tusavila.dll yesigoju.dll c:\windows\system32\muraboro.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SSODL: nujahavik - {86d41a49-6682-4d9e-97bf-6695949f1f25} - No File
SSODL: dafivawah - {bd6e906a-a25d-43ad-ac46-cfc0d25797ef} - c:\windows\system32\muraboro.dll
STS: {86d41a49-6682-4d9e-97bf-6695949f1f25} - No File
STS: tokatiluy: {bd6e906a-a25d-43ad-ac46-cfc0d25797ef} - c:\windows\system32\muraboro.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program

files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli hisakite.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-25

335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-25 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-25 297752]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14

226656]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program

files\viewpoint\common\ViewpointService.exe [2007-1-20 24652]
S0 $sys$cor;$sys$cor;c:\windows\system32\drivers\$sys$cor.sys -->

c:\windows\system32\drivers\$sys$cor.sys [?]
S1 $sys$crater;$sys$crater;\??\c:\windows\system32\$sys$filesystem\crater.sys -->

c:\windows\system32\$sys$filesystem\crater.sys [?]
S2 $sys$DRMServer;Plug and Play Device

Manager;c:\windows\system32\$sys$filesystem\$sys$drmserver.exe -->

c:\windows\system32\$sys$filesystem\$sys$DRMServer.exe [?]
S2 CD_Proxy;XCP CD Proxy;c:\windows\cdproxyserv.exe --> c:\windows\CDProxyServ.exe [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]

=============== Created Last 30 ================

2009-11-02 02:36:58   0   d-----w-   c:\program files\Trend Micro
2009-11-02 02:22:04   0   d-----w-   c:\docume~1\owner\applic~1\Malwarebytes
2009-11-01 21:36:22   0   d-----w-   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-01 19:06:53   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-01 19:06:52   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-11-01 19:06:52   0   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-11-01 19:06:52   0   d-----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-01 18:59:09   26624   ----a-w-   c:\windows\system32\UACkwgswuufhvjwilkbd.dll
2009-11-01 03:58:10   0   d-----w-   c:\program files\SUPERAntiSpyware
2009-11-01 03:58:10   0   d-----w-   c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-11-01 03:57:13   0   d-----w-   c:\program files\common files\Wise Installation Wizard
2009-10-31 03:57:34   0   d-----w-   c:\documents and settings\owner\.SunDownloadManager
2009-10-31 03:52:20   0   d-----w-   c:\program files\Microsoft
2009-10-31 03:34:11   0   d-----w-   c:\program files\CCleaner
2009-10-31 02:24:09   2016   ----a-w-   c:\windows\system32\drivers\kgpfr2.cfg
2009-10-31 02:23:47   1864   ----a-w-   c:\windows\system32\drivers\kgpcpy.cfg
2009-10-31 02:17:23   0   d-----w-   c:\docume~1\alluse~1\applic~1\SITEguard
2009-10-31 02:16:20   0   d-----w-   c:\program files\common files\iS3
2009-10-31 02:16:20   0   d-----w-   c:\docume~1\alluse~1\applic~1\STOPzilla!

==================== Find3M  ====================

2009-10-29 21:41:18   335240   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2009-10-29 21:41:18   11952   ----a-w-   c:\windows\system32\avgrsstx.dll
2006-03-15 20:19:34   212992   ----a-w-   c:\windows\inf\wg311v3\CopyWHQLDriver.exe
2006-01-26 23:55:10   280576   ----a-w-   c:\windows\inf\wg311v3\WG311v3.sys
2005-10-06 21:17:34   280576   ----a-w-   c:\windows\inf\wg311v3\WG311v3XP.sys
2008-12-30 17:00:22   32768   --sha-w-   c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012008123020081231\index.dat

============= FINISH: 15:02:37.07 ===============
***************************************************************************************

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/14/2004 6:09:05 PM
System Uptime: 11/2/2009 10:13:21 AM (5 hours ago)

Motherboard: Intel Corporation               |  | D915GAG                       
Processor:               Intel(R) Pentium(R) 4 CPU 3.00GHz | J2E1 | 3000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 186 GiB total, 167.717 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\39DD8A111100
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\39DD8A111100
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID:

PCI\VEN_8086&DEV_1064&SUBSYS_4037107B&REV_03\4&23C0B1C&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID:

PCI\VEN_8086&DEV_1064&SUBSYS_4037107B&REV_03\4&23C0B1C&0&40F0
Service: E100B

Class GUID: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Description: Primary IDE Channel
Device ID: PCIIDE\IDECHANNEL\4&13D0732A&0&0
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Name: Primary IDE Channel
PNP Device ID: PCIIDE\IDECHANNEL\4&13D0732A&0&0
Service: atapi

==== System Restore Points ===================

RP1888: 10/30/2009 10:27:16 PM - Removed iS3 STOPzilla Toolbar
RP1889: 10/30/2009 10:29:18 PM - Removed STOPzilla. Available with Windows

Installer version 1.2 and later.
RP1890: 10/30/2009 10:50:08 PM - Installed Java(TM) 6 Update 16
RP1891: 10/30/2009 10:50:47 PM - Installed MSN Toolbar Setup
RP1892: 11/1/2009 11:05:43 PM - Unsigned printer driver hp deskjet 940c

installed.

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
5700_Help
Adobe Reader 7.0.8
Apple Mobile Device Support
Apple Software Update
AVG Free 8.5
BlackBerry Desktop Software 4.6
BPD_HPSU
BPD_Scan
BPDfax
BPDSoftware
BPDSoftware_Ini
BufferChm
CCleaner
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
eSupportQFolder
HijackThis 2.0.2
Hotfix for Windows XP (KB954550-v5)
HP Software Update
HPProductAssistant
InstallMgr
Intel(R) Graphics Media Accelerator Driver
Intel(R) Processor ID Utility
iPod for Windows 2005-09-23
iPod for Windows 2006-06-28
iTunes
J5700
Java(TM) 6 Update 16
LightScribe  1.4.136.1
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft ActiveSync 4.0
Microsoft Default Manager
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Photo Premium 9
Microsoft Search Enhancement Pack
Microsoft Software Update for Web Folders  (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MobileMe Control Panel
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Multimedia Keyboard Driver
Netflix Movie Viewer
NETGEAR WG311v3 PCI Adapter
ProductContext
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Roxio Media Manager
Scan
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
SolutionCenter
SoundTap
Status
Switch
System Monitor for Windows 98/NT/XP/2000/2003
Toolbox
TrayApp
Update for Windows Internet Explorer 8 (KB969497)
WavePad Uninstall
WebFldrs XP
WebReg
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
Yahoo! Address AutoComplete

SD,
     By the way, I am no longer getting ViewMgr message.  I do still get the IE search provider default message.  Actually except for this message the computer is running better than it has in a long time.  But I understand there are more rows to hoe.

Thanks so much.

[Malware Removal Specialist]

Jtin, it will take me a bit of time to work up a fix. Don't despair

SD,
   It isn't freaking out anymore so I feel alot better. I'm waiting for your reply but not worried if it takes a while. I really do appreciate this.

[Malware Removal Specialist]

jtin, Please open the DDS notepad file and in the top of Notepad go to Format then click on Word Wrap and then copy/paste the log again.