[Not curable - Virut] Family Computer Infected by persistent virus

I have a very bad infection on the family computer. I have had to clean up this PC before as the entire family uses it and it often picks up bugs that are easily caught by some of the common anti-virus programs. Not this time though. This virus eats up memory, blocks all antivirus sites ( I normally use housecall and Spybot to do the cleaning) killed Avast! and disables almost anything else I attack it with. Any help would be greatly appreciated. Against my better judgment I followed the advice posted in other threads both at this forum and at others like it for OTHER users and experimented with mentioned programs. Luckily, windows still boots and I haven't been forced to format, just yet. I have 3 other Malwarebytes and 2 HJT logs available. I've been at this for about 4 days now.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/6/2008 8:02:31 PM
System Uptime: 8/5/2009 1:41:16 AM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0F5949
Processor: Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2392/400mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 34 GiB total, 1.984 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
Service: bcm4sbxp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi

==== System Restore Points ===================

RP1: 8/2/2009 3:29:16 AM - System Checkpoint
RP2: 8/2/2009 3:29:18 AM - System Checkpoint
RP3: 8/2/2009 3:29:18 AM - System Checkpoint
RP4: 8/2/2009 3:29:18 AM - System Checkpoint
RP5: 8/2/2009 3:29:18 AM - System Checkpoint
RP6: 8/2/2009 3:29:19 AM - System Checkpoint
RP7: 8/2/2009 3:29:19 AM - System Checkpoint
RP8: 8/2/2009 3:29:19 AM - System Checkpoint
RP9: 8/2/2009 3:29:19 AM - System Checkpoint
RP10: 8/2/2009 3:29:20 AM - System Checkpoint
RP11: 8/2/2009 3:29:20 AM - System Checkpoint
RP12: 8/2/2009 3:29:20 AM - System Checkpoint
RP13: 8/2/2009 3:29:21 AM - System Checkpoint
RP14: 8/2/2009 3:29:21 AM - System Checkpoint
RP15: 8/2/2009 3:29:21 AM - System Checkpoint
RP16: 8/2/2009 3:29:21 AM - System Checkpoint
RP17: 8/2/2009 3:29:21 AM - System Checkpoint
RP18: 8/2/2009 3:29:22 AM - System Checkpoint
RP19: 8/2/2009 3:29:22 AM - System Checkpoint
RP20: 8/2/2009 3:29:22 AM - System Checkpoint
RP21: 8/2/2009 3:29:23 AM - System Checkpoint
RP22: 8/2/2009 3:29:23 AM - System Checkpoint
RP23: 8/2/2009 3:29:23 AM - System Checkpoint
RP24: 8/2/2009 3:29:23 AM - System Checkpoint
RP25: 8/2/2009 3:29:23 AM - System Checkpoint
RP26: 8/2/2009 3:29:24 AM - System Checkpoint
RP27: 8/2/2009 3:29:24 AM - System Checkpoint
RP28: 8/2/2009 3:29:24 AM - System Checkpoint
RP29: 8/2/2009 3:29:24 AM - System Checkpoint
RP30: 8/2/2009 3:29:25 AM - System Checkpoint
RP31: 8/2/2009 3:29:26 AM - System Checkpoint
RP32: 8/2/2009 3:29:27 AM - System Checkpoint
RP33: 8/2/2009 4:59:27 PM - Installed AVG 7.5
RP34: 8/2/2009 6:33:21 PM - Removed ijji Auto Installer
RP35: 8/3/2009 10:55:51 PM - System Checkpoint
RP36: 8/4/2009 8:30:09 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP37: 8/5/2009 1:51:26 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.

==== Installed Programs ======================

ABC (remove only)
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
America Online (Choose which version to remove)
Anvil Studio
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Instant Messenger
Audacity 1.2.3
AVG 7.5
Banctec Service Agreement
Beat It
Broadcom Management Programs
CameraDrivers
CameraUserGuides
ClueFinders 3rd Grade Adventures
DAEMON Tools
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support 5.0.0 (630)
Dell System Restore
DeviceManagementQFolder
DivX Web Player
DOOM Collector's Edition
Driver Detective
DriverGuide Toolkit
Dual Mode Camera
DVD to VCD AVI DivX Converter v3.2 (build 069)
EMS Free Surfer Companion 1.3.0.0
eSupportQFolder
FullDPAppQFolder
Furcadia
Garmin Communicator Plugin
Garmin USB Drivers
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
H&R Block Tax Offer
Hamachi 1.0.2.5
HammerHead Rhythm Station
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
HouseCall 6.6
HP Deskjet 6800
HP Imaging Device Functions 7.0
HP Photosmart Cameras 7.0
HP Software Update
HP Solution Center 7.0
hpicamDrvQFolder
HPPhotoSmartExpress
HPProductAssistant
IMVU Avatar Chat Software
InstantShareDevicesMFC
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 11
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
LimeWire 4.8.1
Linksys Wireless-G USB Network Adapter
Macromedia Flash Player
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (3.5.2)
Mp3 File Editor 5.11 (standard)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
Music MasterWorks v3.84
Musicmatch® Jukebox
Native Instruments Traktor DJ Studio 2.5.0
Overland
Pando
Photo Click
PopCap ActiveX Control
Postal 2 Share The Pain
Project64 1.6
QuickBooks Simple Start Special Edition
QuickTime
Radio@Netscape
Reader Rabbit(R) Reading Ages 6-9
RealPlayer Basic
RegAlyzer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Serious Sam: The First Encounter
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Status
Ulead COOL 360 1.0
Ulead Photo Explorer 8.0 SE Basic
Uninstall Dual Mode Camera
Update for Windows XP (KB925720)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.1
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
VisionGS PE
ViviCam 3345
WaveToMidi 2.2
WebFldrs XP
Winamp (remove only)
Windows Communication Foundation
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
Windows Workflow Foundation
WinRAR archiver
WinSCP 4.1.7
WordPerfect Office 12
XLink Kai Evolution 7
XML Paper Specification Shared Components Pack 1.0
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

8/5/2009 1:50:21 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
8/5/2009 1:49:53 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the szserver service.
8/4/2009 8:51:19 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service SENS with arguments " " in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
8/4/2009 8:51:10 PM, error: Service Control Manager [7023] - The Server Monitor service terminated with the following error: The specified module could not be found.
8/4/2009 12:47:22 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WindowsShell.manifest. Reference error message: Error Message is unavailable .
8/3/2009 9:58:50 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avg7Core Avg7RsW Avg7RsXP Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
8/3/2009 9:58:50 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/3/2009 9:58:50 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/3/2009 9:58:50 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/3/2009 9:58:50 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/3/2009 9:57:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/3/2009 9:21:23 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows CardSpace service to connect.
8/3/2009 9:21:23 AM, error: Service Control Manager [7000] - The Windows CardSpace service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/3/2009 8:20:52 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avg7Core Avg7RsXP
8/3/2009 8:20:52 PM, error: Service Control Manager [7000] - The AVG7 Update Service service failed to start due to the following error: The system cannot find the path specified.
8/3/2009 8:20:52 PM, error: Service Control Manager [7000] - The AVG7 Alert Manager Server service failed to start due to the following error: The system cannot find the path specified.
8/3/2009 8:20:52 PM, error: Service Control Manager [7000] - The AVG E-mail Scanner service failed to start due to the following error: The system cannot find the path specified.
8/3/2009 7:46:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/3/2009 7:18:28 PM, error: Service Control Manager [7034] - The AVG7 Alert Manager Server service terminated unexpectedly. It has done this 1 time(s).
8/3/2009 7:18:28 PM, error: Service Control Manager [7034] - The AVG E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).
8/3/2009 5:49:15 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
8/3/2009 10:17:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 Avg7Core Avg7RsXP cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
8/2/2009 6:21:10 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/2/2009 6:12:56 PM, error: Service Control Manager [7034] - The AVG7 Update Service service terminated unexpectedly. It has done this 1 time(s).
8/2/2009 5:34:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/2/2009 5:16:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avg7Core Avg7RsW Avg7RsXP Fips intelppm
8/2/2009 3:26:37 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer2.
8/2/2009 3:17:59 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WUSB54GSSVC service.
8/2/2009 12:39:17 PM, error: Service Control Manager [7034] - The WUSB54GSSVC service terminated unexpectedly. It has done this 1 time(s).
8/2/2009 12:39:17 PM, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).
8/2/2009 12:39:17 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
8/2/2009 12:39:17 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
8/2/2009 12:39:17 PM, error: Service Control Manager [7034] - The Fax service terminated unexpectedly. It has done this 1 time(s).
8/2/2009 12:39:14 PM, error: Service Control Manager [7022] - The Fax service hung on starting.
8/2/2009 12:37:33 PM, error: Service Control Manager [7023] - The Server Monitor service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
8/2/2009 12:37:33 PM, error: Service Control Manager [7000] - The V3345 Video Device service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/2/2009 12:03:03 PM, error: Print [19] - Sharing printer failed + 1722, Printer Intuit Internal Printer share name Printer.
7/31/2009 12:55:53 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001217A12EFE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================



DDS (Ver_09-07-30.01) - NTFSx86
Run by Ronnie Blount at 1:42:40.62 on Wed 08/05/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.20 [GMT -4:00]

AV: AVG 7.5.516 *On-access scanning enabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Ronnie Blount\Desktop\dds.scr
C:\WINDOWS\System32\svchost.exe -k HTTPFilter

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [Wntrl] "c:\program files\common files\?ystem32\s?rvices.exe "
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Regedit32] c:\windows\system32\regedit.exe
dRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
dRun: [Ronnie Blount] c:\documents and settings\ronnie blount\Ronnie Blount.exe /i
dRun: [SfKg6wIPuSpdc] c:\documents and settings\ronnie blount\application data\microsoft\windows\heeje.exe
dRun: [pridl] "c:\documents and settings\ronnie blount\application data\pridl\pridl.exe" 61A847B5BBF72811329B385672FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\ronnie blount\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://activation.alltel.com/wizlet/ALLTEL/static/controls/WebflowActiveXInstaller_2-0-0.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206331715968
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} -
Notify: igfxcui - igfxsrvc.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\ddcyx

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ronnie~1\applic~1\mozilla\firefox\profiles\ule1s2oc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.enforce_same_site_origin ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.cache_size ", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.ogg.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.wave.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.autoplay.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.urlbar.autocomplete.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.mailnews.*.wholeText ", "noAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.storage.default_quota ", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref( "content.sink.event_probe_rate ", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.http.prompt-temp-redirect ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "layout.css.dpi ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "layout.css.devPixelsPerPx ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "gestures.enable_single_finger_input ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.max_chrome_script_run_time ", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.tcp.sendbuffer ", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref( "geo.enabled ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.remember_cert_checkbox_default_setting ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr ", "moz35 ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-cjkt ", "moz35 ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.blocklist.level ", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.urlbar.restrict.typed ", "~ ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.urlbar.default.behavior ", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.history ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.formdata ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.passwords ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.downloads ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cookies ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cache ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.sessions ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.offlineApps ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.siteSettings ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.history ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.formdata ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.passwords ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.downloads ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.cookies ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.cache ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.sessions ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.offlineApps ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.siteSettings ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.sanitize.migrateFx3Prefs ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.ssl_override_behavior ", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "security.alternate_certificate_error_page ", "certerror ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.privatebrowsing.autostart ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "geo.wifi.uri ", "https://www.google.com/loc/json ");

============= SERVICES / DRIVERS ===============

R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [2005-6-12 137216]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2009-8-2 4224]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2009-8-2 10760]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2009-8-2 4960]
S1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2009-8-2 821856]
S1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2009-8-2 27776]
S2 Ca533av;V3345 Video Device;c:\windows\system32\drivers\Ca533av.sys [2006-2-4 515803]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;\??\c:\windows\system32\drivers\awrtpd.sys --> c:\windows\system32\drivers\AWRTPD.sys [?]
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;\??\c:\windows\system32\drivers\awrtrd.sys --> c:\windows\system32\drivers\AWRTRD.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2006-6-23 16512]
S3 cjsmc;cjsmc;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 fcgjvn;fcgjvn;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gysizh;gysizh;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 hshumr;hshumr;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S4 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [2005-6-12 5248]

=============== Created Last 30 ================

2009-08-04 22:50 244 a---h--- C:\sqmnoopt06.sqm
2009-08-04 22:50 232 a---h--- C:\sqmdata06.sqm
2009-08-04 22:49 244 a---h--- C:\sqmnoopt05.sqm
2009-08-04 22:49 232 a---h--- C:\sqmdata05.sqm
2009-08-04 22:48 244 a---h--- C:\sqmnoopt04.sqm
2009-08-04 22:48 232 a---h--- C:\sqmdata04.sqm
2009-08-04 22:47 244 a---h--- C:\sqmnoopt03.sqm
2009-08-04 22:47 232 a---h--- C:\sqmdata03.sqm
2009-08-04 20:50 170,193 a------- c:\windows\system32\836517d70dadeaee37703a9f54d433b2.szcpf
2009-08-04 20:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-08-04 20:30 <DIR> --d----- c:\program files\STOPzilla!
2009-08-04 20:30 <DIR> --d----- c:\program files\common files\iS3
2009-08-04 20:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-08-04 16:08 244 a---h--- C:\sqmnoopt02.sqm
2009-08-04 16:08 232 a---h--- C:\sqmdata02.sqm
2009-08-04 16:07 244 a---h--- C:\sqmnoopt01.sqm
2009-08-04 16:07 232 a---h--- C:\sqmdata01.sqm
2009-08-03 21:16 <DIR> --d----- c:\docume~1\ronnie~1\applic~1\Malwarebytes
2009-08-03 21:16 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 21:16 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-03 21:16 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 21:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-03 20:37 <DIR> --d----- c:\docume~1\ronnie~1\applic~1\Safer Networking
2009-08-03 20:35 <DIR> --d----- c:\program files\Safer Networking
2009-08-03 19:17 <DIR> --d----- C:\!KillBox
2009-08-03 18:37 41,456 ----h--- c:\documents and settings\ronnie blount\Ronnie Blount.exe
2009-08-03 08:23 244 a---h--- C:\sqmnoopt00.sqm
2009-08-03 08:23 232 a---h--- C:\sqmdata00.sqm
2009-08-02 03:29 64,512 a------- c:\windows\system32\drivers\vsfocemgfbxtqw.sys
2009-08-02 03:19 73 a------- C:\DIET WITHOUT HUNGER.url
2009-08-02 03:19 0 a------- c:\windows\SC.INS
2009-08-02 03:19 360,320 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-08-02 00:10 54,156 a---h--- c:\windows\QTFont.qfn
2009-08-02 00:10 1,409 a------- c:\windows\QTFont.for
2009-08-01 13:33 <DIR> --d----- c:\docume~1\ronnie~1\applic~1\GARMIN
2009-07-29 12:14 <DIR> --d----- c:\program files\Garmin GPS Plugin
2009-07-29 12:13 <DIR> --d----- c:\program files\Garmin
2009-07-20 14:57 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-07-20 14:56 311,296 a----r-- c:\windows\system32\SZBase5.dll
2009-07-20 14:56 540,672 a----r-- c:\windows\system32\SZComp5.dll
2009-07-09 15:52 126,976 a----r-- c:\windows\system32\IS3HTUI5.dll
2009-07-09 15:52 393,216 a----r-- c:\windows\system32\IS3DBA5.dll
2009-07-09 15:51 385,024 a----r-- c:\windows\system32\IS3UI5.dll
2009-07-09 15:51 61,440 a----r-- c:\windows\system32\IS3Hks5.dll
2009-07-09 15:51 23,040 a----r-- c:\windows\system32\IS3XDat5.dll
2009-07-09 15:50 225,280 a----r-- c:\windows\system32\IS3Win325.dll
2009-07-09 15:50 94,208 a----r-- c:\windows\system32\IS3Inet5.dll
2009-07-09 15:50 90,112 a----r-- c:\windows\system32\IS3Svc5.dll
2009-07-09 15:47 724,992 a----r-- c:\windows\system32\IS3Base5.dll

==================== Find3M ====================

2009-08-04 19:54 360,320 a------- c:\windows\system32\drivers\TCPIP.SYS
2009-08-03 08:19 182,912 a------- c:\windows\system32\drivers\ndis.sys
2006-07-03 05:24 1,414,755 ac------ c:\docume~1\ronnie~1\applic~1\Install.dat
2006-08-27 17:11 848 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2008-02-10 15:36 1,220,590 a--sh--- c:\windows\system32\trhdveuu.ini2
2008-02-10 18:57 369,664 a--sh--- c:\windows\system32\xycdd.ini2

============= FINISH: 1:51:28.82 ===============

 

I was barely able to get to the download. The computer now blue screens within 5 minutes of starting. Only in safe mode will it not do this. I downloaded the fix to removable media: ipod. Then moved to desktop where it promptly gave me the "combofix has been compromised, you may be infected by the file patching virus virut" and then the combofix disappeared. It blue screened 11 times in 1 hr. Sometimes it will give me information containing the words kernal stack other times just numbers. Should I be recording this somehow? Is this information pertinent?

 

It gets better, that url is blocked by the virus. It absolutely will load on the other computer but will not on this one. I'm currently in safe mode with networking which seems to stable. I could transfer those files to the other comp but I don't want to risk infection. After googling what virut was I tried to format immediately but got the message that something was using the C drive. It won't let me format!! Please advise!

 

virustotal blocked

virustotal is one of the blocked sites. I don't know why my earlier post didnt show up yet, but I googled what virut is and tried to format. It says even in safe mode that the C drive is in use and can't be formatted. What should I do?

 

Thanks anyway

I might try googling some methods for removing virut though it may be a lost cause. I've already backed up jpgs and few vids that are irreplaceable. Thank you for your time. It's unfortunate that my computer has robo-AIDs and must be taken behind the shed and shot. I lost my xp disk years ago. So it's time to start pricing a new computer. This one is pretty old.