Solved Avast cannot update and cannot run cmd.exe

[Resolved] Avast cannot update and cannot run cmd.exe

Also, IE6 and Firefox3 crash after 10-30 minutes of websurfing. Cannot update TaxCut 2008.
I cannot run DDS.exe
I am attaching Hijack This output.


free Kaspersky scan:
c:\windows\rjodscj.dvg contains Trojan.Win32.Small.aarn
=====> Avast from 4/24/2009 says I am not infected with anything.


windows xp sfc scannow finds no problems.
Windows XP SP3


cannot connect to download716.avast.com (67.228.112.203:80)
- you are not connected to the internet
- your firewall does not allow the program "avast.setup" to access the internet; you can find details in help or read the FAQ section on avast! website.
- your HTTP proxy settings are incorrect
- the server is inaccessible because of a network error or maintenance



from Windows xp event log for antivirus:
Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.


Product: TaxCut Premium + State + Efile 2008 - Update 'TaxCut Premium+State+Efile 2008 Update' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127


Avast with virus defns from 4-24-09 does not find any virus or trojan.
===============================
Thanks for any assistance,
Esther

 

I cannot run DDS. It opens a window, closes and window, and does not appear to do anything when I wait for 20 minutes.


*KASPERSKY ONLINE SCANNER 7.0 REPORT*
Wednesday, April 29, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3
(build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, April 29, 2009 15:42:01
Records in database: 2094071

*Scan settings*
Scan using the following database extended
Scan archives yes
Scan mail databases yes
*Scan area* Critical Areas
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Esther\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS
*Scan statistics*
Files scanned 78205
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 01:20:03


*File name* *Threat name* *Threats count*
C:\WINDOWS\rjodscj.dvg Infected: Trojan.Win32.Small.aarn 1
* The selected area was scanned.*

I have not found information about how to remove Trojan.Win32.Small.aarn.
Avast does not find this infection.
=======================================================

Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:10 PM, on 4/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\TiVo\Desktop\TranscodingService.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Inbox\CToolbar.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\Pidgin\pidgin.exe
C:\WINDOWS\system32\taskmgr.exe
c:\PROGRA~1\Inbox\CMail.exe
C:\tmp\freetools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.222.121/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.intrex.net/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Inbox\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe "
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe "
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [CrawlerMail] c:\progra~1\inbox\cmail.exe /startup
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe "
O4 - HKCU\..\Run: [TranscodingService] "C:\Program Files\TiVo\Desktop\TranscodingService.exe" /auto
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-21-2509714079-263053196-1095959128-1007\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe" (User 'Scott')
O4 - HKUS\S-1-5-21-2509714079-263053196-1095959128-1007\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe" (User 'Scott')
O4 - HKUS\S-1-5-21-2509714079-263053196-1095959128-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Scott')
O4 - HKUS\S-1-5-21-2509714079-263053196-1095959128-1007\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User 'Scott')
O4 - HKUS\S-1-5-21-2509714079-263053196-1095959128-500\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe" (User 'Administrator')
O4 - Startup: PodNova Desktop Client.lnk = C:\Program Files\PodNova Desktop Client2.x\PodNova.exe
O4 - Startup: Shortcut to pidgin.exe.lnk = C:\Program Files\Pidgin\pidgin.exe
O4 - Startup: Shortcut to taskmgr.exe.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: RAID Manager.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.intrex.net/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233714638734
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Inbox\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11843 bytes

============================================
avast cannot update messages:
cannot connect to download716.avast.com (67.228.112.203:80)
- you are not connected to the internet
- your firewall does not allow the program "avast.setup" to access the internet; you can find details in help or read the FAQ section on avast! website.
- your HTTP proxy settings are incorrect
- the server is inaccessible because of a network error or maintenance



from Windows xp event log for antivirus:
Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.


Product: TaxCut Premium + State + Efile 2008 - Update 'TaxCut Premium+State+Efile 2008 Update' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127


Kaspersky scan:
c:\windows\rjodscj.dvg contains Trojan.Win32.Small.aarn

Avast with virus defns from 4-24-09 does not find any virus or trojan.
==============================================

 

actions that I've tried:

renamed dds.com to cutegame.scr - ran it, and it froze.
renamed cmd.exe to cillyd.exe - can run that.
uninstalled Windows XP SP3.
Tried to install Malwarebytes software - install never finished.

Booted from cd-based and linux-based Avira AntiVir Rescue System.
Scanned both of my disks. Also detected c:\windows\rjodscj.dvg and removed it to a quarantine (Kaspersky free scan does not seem to have this ability).

Booted into windows xp sp2.
Ran DDS.com - succeeded.
Can run regedit now, and cmd.exe.
plugged in network cable - avast updated.

installed malwarebytes MBAM free trial - succeeded this time.
Am running scan with that.
=========================================
DDS.txt from after antivir rescue, before malwarebytes:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Esther at 9:40:42.75 on Sat 05/02/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.444 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090430-0] *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\TiVo\Desktop\TranscodingService.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Inbox\CToolbar.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Pidgin\pidgin.exe
C:\WINDOWS\system32\taskmgr.exe
c:\PROGRA~1\Inbox\CMail.exe
C:\tmp\freetools\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://192.168.222.121/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.intrex.net/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\inbox\ctbr.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\inbox\ctbr.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [TaskTray] "c:\program files\creative\sbaudigy\taskbar\CTLTray.exe "
uRun: [TaskBar] "c:\program files\creative\sbaudigy\taskbar\CTLTask.exe "
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [CrawlerMail] c:\progra~1\inbox\cmail.exe /startup
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe "
uRun: [TranscodingService] "c:\program files\tivo\desktop\TranscodingService.exe" /auto
uRun: [TivoNotify] "c:\program files\tivo\desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
uRun: [TivoServer] "c:\program files\tivo\desktop\TiVoServer.exe" /service /registry /auto:TivoServer
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Jet Detection] "c:\program files\creative\sbaudigy\program\ADGJDet.exe "
mRun: [CTStartup] c:\program files\creative\splash screen\CTEaxSpl.EXE /run
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ASUS Probe] c:\program files\asus\probe\AsusProb.exe
mRun: [FinePrint Dispatcher v5] c:\windows\system32\spool\drivers\w32x86\3\fpdisp5a.exe
mRun: [Omnipage] c:\program files\scansoft\omnipagese\opware32.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [CTCheck] c:\program files\creative\creative zen\zen media explorer\CTCheck.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\docume~1\esther\startm~1\programs\startup\podnov~1.lnk - c:\program files\podnova desktop client2.x\PodNova.exe
StartupFolder: c:\docume~1\esther\startm~1\programs\startup\shortc~1.lnk - c:\program files\pidgin\pidgin.exe
StartupFolder: c:\docume~1\esther\startm~1\programs\startup\shortc~2.lnk - c:\windows\system32\taskmgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\raidma~1.lnk - c:\program files\ite\ite it8212 ata raid controller\RaidMgr.exe
mPolicies-explorer: <NO NAME> =
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: aol.com\free
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233714638734
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\inbox\ctbr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\esther\applic~1\mozilla\firefox\profiles\o8emgbsd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://192.168.222.121/StaRouter.htm
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll

============= SERVICES / DRIVERS ===============

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2005-7-30 24971]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-24 114768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-9-10 353672]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-24 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-24 138680]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-4-24 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-24 352920]

=============== Created Last 30 ================

2009-04-30 21:56 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-30 21:56 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 21:56 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-30 21:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-30 21:49 388,608 a------- c:\windows\system32\cmd.execf
2009-04-29 22:22 2,113,536 a------- c:\windows\system32\SET121D.tmp
2009-04-29 22:22 354,304 a------- c:\windows\system32\SET11B2.tmp
2009-04-29 22:22 80,896 a------- c:\windows\system32\SET11AD.tmp
2009-04-29 22:22 13,824 a------- c:\windows\system32\SET11AE.tmp
2009-04-29 22:22 6,656 a------- c:\windows\system32\SET11AA.tmp
2009-04-29 22:18 471,552 a------- c:\windows\system32\SET5A7.tmp
2009-04-29 22:18 95,744 a------- c:\windows\system32\SET5AD.tmp
2009-04-29 22:18 1,033,728 a------- c:\windows\SET46E.tmp
2009-04-29 22:16 27,648 a------- c:\windows\system32\SET23D.tmp
2009-04-29 22:14 19,569 a------- c:\windows\002914_.tmp
2009-04-29 22:10 764,868 a------- c:\windows\system32\dllcache\apph_sp.sdb
2009-04-29 22:09 423,936 a------- c:\windows\system32\dllcache\licdll.dll
2009-04-29 22:03 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-04-29 21:42 389,120 a------- c:\windows\system32\cillyd.exe
2009-04-29 21:41 389,120 a------- c:\windows\cillyd.exe
2009-04-28 21:59 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-28 21:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-25 22:33 <DIR> --d----- c:\documents and settings\esther\SecurityScans
2009-04-25 22:33 <DIR> --d----- c:\program files\Microsoft Baseline Security Analyzer 2
2009-04-25 21:13 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-04-25 21:13 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-04-25 21:13 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-04-25 21:13 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-04-25 21:11 64,605 ac------ c:\windows\system32\dllcache\vvoice.sys
2009-04-25 21:10 285,760 ac------ c:\windows\system32\dllcache\stlnata.sys
2009-04-25 21:09 36,480 ac------ c:\windows\system32\dllcache\sfmanm.sys
2009-04-25 21:08 33,280 ac------ c:\windows\system32\dllcache\psisrndr.ax
2009-04-25 21:07 65,278 ac------ c:\windows\system32\dllcache\netflx3.sys
2009-04-25 21:06 22,848 ac------ c:\windows\system32\dllcache\lwusbhid.sys
2009-04-25 21:05 372,824 ac------ c:\windows\system32\dllcache\iconf32.dll
2009-04-25 21:04 71,680 ac------ c:\windows\system32\dllcache\fnfilter.dll
2009-04-25 21:03 256,512 ac------ c:\windows\system32\dllcache\devcon32.dll
2009-04-25 21:02 13,824 ac------ c:\windows\system32\dllcache\bulltlp3.sys
2009-04-25 21:01 96,128 ac------ c:\windows\system32\dllcache\ati.dll
2009-04-25 20:48 <DIR> --d----- c:\program files\eEye Digital Security
2009-04-25 20:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Applications
2009-04-16 14:29 81 a------- C:\CTX.DAT
2009-04-16 14:29 <DIR> --d----- c:\documents and settings\esther\Citrix
2009-04-16 14:27 <DIR> --d----- c:\program files\Citrix
2009-04-16 14:22 <DIR> --d----- c:\windows\system32\appmgmt
2009-04-11 22:47 <DIR> --d----- c:\program files\AskBarDis

==================== Find3M ====================

2009-04-29 21:33 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-11 22:46 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-02-28 13:00 56,228 a---h--- c:\windows\system32\mlfcache.dat
2009-02-16 00:10 1,221,512 a------- c:\windows\system32\zpeng25.dll

============= FINISH: 9:41:22.62 ===============

attach.txt
==============================================

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume5
Install Date: 7/18/2005 11:23:40 PM
System Uptime: 5/2/2009 9:29:15 AM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5GD1
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 775 | 3010/200mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 775 | 3010/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 279 GiB total, 176.909 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 8 GiB total, 4.012 GiB free.
F: is FIXED (FAT32) - 14 GiB total, 7.972 GiB free.
G: is FIXED (NTFS) - 15 GiB total, 10.425 GiB free.
H: is FIXED (FAT32) - 21 GiB total, 9.901 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.5
ASUS Probe V2.23.01
AudibleManager
avast! Antivirus
Avery DesignPro
Barricade
Brother MFL-Pro Suite
Canon MP Drivers
Canon MP Toolbox 4.1
Canon Utilities Easy-PhotoPrint
Citrix Presentation Server Client - Web Only
ClearType Tuning Control Panel Applet
Compatibility Pack for the 2007 Office system
Crawler Toolbar with Web Security Guard
Creative System Information
Creative ZEN
DeductionPro 2005-06
DeductionPro 2006
Easy-WebPrint
eEye Digital Security Conficker Worm Scanner ClassC
FeedReader
FinePrint
FreeRIP v3.091
Garmin Communicator Plugin
Garmin WebUpdater
GIMP 2.6.4
GnuCash 2.2.4
GTK+ Runtime 2.12.1 rev b (remove only)
Hardware sensors monitor 4.4
High Definition Audio Driver Package - KB835221
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows XP (KB926239)
ImageMixer VCD/DVD2 for OLYMPUS
InterVideo WinDVD 4
InterVideo WinDVD Creator 2
ITE IT8212 ATA RAID Controller
iTunes
J2SE Runtime Environment 5.0 Update 6
Linksys EasyLink Advisor 1.5 (1010)
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Baseline Security Analyzer 2.1
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Windows Journal Viewer
Mozilla Firefox (3.0.9)
Mozilla Thunderbird (1.0.6)
NVIDIA Drivers
OLYMPUS Master
OmniPage SE
PaperPort
Pdf995
PdfEdit995
Pegasus Mail
Picasa 2
Pidgin
PodNova Desktop Client
Presto! PageManager 6
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Registry Mechanic 8.0
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB958644)
SiSoftware Sandra Lite XII.SP1
Sonic RecordNow! Deluxe
Sonic Update Manager
Sound Blaster Audigy
Spybot - Search & Destroy
TaxCut 2004
TaxCut Deluxe 2005
TaxCut North Carolina 2007
TaxCut Premium + State + Efile 2008
TaxCut Premium + State 2007
TaxCut Premium 2006
TiVo Desktop 2.7
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Update for Windows XP (KB933360)
VC 9.0 Runtime
VKC180 Photo Viewer
WebFldrs XP
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinZip
Yahoo! Toolbar
ZENcast Organizer
ZoneAlarm

==== Event Viewer Messages From Past Week ========

5/2/2009 9:30:12 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
5/2/2009 9:29:57 AM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
5/2/2009 9:29:55 AM, error: SRService [104] - The System Restore initialization process failed.
4/29/2009 9:46:49 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
4/29/2009 3:53:06 PM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is HPLUMSCOTE.
4/29/2009 3:32:23 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
4/29/2009 10:32:11 PM, error: NtServicePack [4374] - Windows XP Service Pack 3 installation failed, leaving Windows XP partially updated.
Service Pack 3 installation did not complete.
4/29/2009 10:23:15 PM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
Access is denied.
4/28/2009 8:52:38 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft Office Document Image Writer share name Printer.
4/28/2009 10:01:19 PM, error: NetBT [4321] - The name "CHESHIRE :1d" could not be registered on the Interface with IP address 192.168.222.102. The machine with the IP address 192.168.222.100 did not allow the name to be claimed by this machine.
4/25/2009 9:39:52 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer HPLUMSCOTE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{708EA30F-D846-4E3. The master browser is stopping or an election is being forced.
4/25/2009 9:37:15 PM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
4/25/2009 9:19:15 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
4/25/2009 8:39:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/25/2009 8:39:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/25/2009 7:45:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
4/25/2009 7:32:12 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aslm75 aswSP aswTdi Fips hmonitor intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vsdatant
4/25/2009 7:32:12 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
4/25/2009 7:32:12 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/25/2009 7:32:12 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/25/2009 7:32:12 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/25/2009 7:32:12 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/25/2009 7:32:12 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/25/2009 10:26:01 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\cmd.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.

==== End Of File ===========================

 

Hijackthis log from just before running DDS.com:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:53 AM, on 5/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\TiVo\Desktop\TranscodingService.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Inbox\CToolbar.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Pidgin\pidgin.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cmd.exe
c:\PROGRA~1\Inbox\CMail.exe
C:\tmp\freetools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.222.121/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.intrex.net/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Inbox\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Inbox\ctbr.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe "
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe "
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [CrawlerMail] c:\progra~1\inbox\cmail.exe /startup
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe "
O4 - HKCU\..\Run: [TranscodingService] "C:\Program Files\TiVo\Desktop\TranscodingService.exe" /auto
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-21-2509714079-263053196-1095959128-1007\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe" (User 'Scott')
O4 - HKUS\S-1-5-21-2509714079-263053196-1095959128-1007\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe" (User 'Scott')
O4 - HKUS\S-1-5-21-2509714079-263053196-1095959128-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Scott')
O4 - HKUS\S-1-5-21-2509714079-263053196-1095959128-1007\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User 'Scott')
O4 - HKUS\S-1-5-21-2509714079-263053196-1095959128-500\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe" (User 'Administrator')
O4 - Startup: PodNova Desktop Client.lnk = C:\Program Files\PodNova Desktop Client2.x\PodNova.exe
O4 - Startup: Shortcut to pidgin.exe.lnk = C:\Program Files\Pidgin\pidgin.exe
O4 - Startup: Shortcut to taskmgr.exe.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: RAID Manager.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.intrex.net/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233714638734
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Inbox\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11426 bytes

 

Hi and welcome, sorry for the delay.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

(Click on this link to see a list of programs that should be disabled.)
http://www.bleepingcomputer.com/forums/topic114351.html

Please leave the flash drive plugged in while completing the following.

Double click on Combo-Fix.exe & follow the prompts.

Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

No Validation is Required.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.



** Please Note:
At times ComboFix may appear to stall, please be patient.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Please only run the tool once, ty.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

You may need several replies to post the requested logs, otherwise they might get cut off.

 

I could not run ComboFix when I first discovered my infection, even though I downloaded it on another computer, renamed it to a few different filenames, and copied it to the infected machine with a USB memory stick.

What worked for me was the Avira AntiVir Rescue System, which runs from a Linux boot CD. After this program did its thing, I could then run ComboFix, MalwareBytes, and DDS.com. And I could execute cmd.exe and regedit, and Avast could update.

I was infected by c:\windows\rjodscj.dvg contains Trojan.Win32.Small.aarn
I haven't found much information about aarn variant of Trojan.Win32.Small. I don't know what the vector of infection was. I am considering buying a product from MalwareBytes or AVira, or both. It is distressing that this got thru antivirus, and Zonealarm.

I have resolved my problem, and disinfected my machine. I did scan other postings where you gave advice, and tried some of that. My husband found Avira AntiVir Rescue System by googling for symptoms like "install of malwarebytes fails ".

 

Thank you for returning this information and Glad to here things have greatly improved.

If you would like to continue to check for remnants let me know.

I would need to see the log results of
ComboFix, MalwareBytes, and DDS.txt