DLL error message

[Lady Hatter]

Hello,

I was directed here from this forum:http://forums.malwarebytes.org/index.php?showtopic=58625&st=0&p=291404entry291404

It said:Hello,

Everytime I turn on my computer, I get this error message

"Error loading C:\WINDOWS\dfishc.dll The specified module could not be found."

I just recently was able to clean my computer of a nasty infection (one so bad that Bright House quarentined my modum >_<), and after I got the virus, that's when this started showing up.

Is this a sort of after-effect of the infection, or could there still be some on my computer?

Thank you for your time,

Erica

Here's my MBAM log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4359

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

7/27/2010 9:26:31 PM

mbam-log-2010-07-27 (21-26-31).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)

Objects scanned: 237729

Time elapsed: 2 hour(s), 8 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

And this is the Avira AntiVir Personal scan log

Avira AntiVir Personal

Report file date: Tuesday, July 27, 2010 22:14

Scanning for 2578598 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : Owner

Computer name : ERICA

Version information:

BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00

AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04

LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03

VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 02:11:15

VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 02:11:23

VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 02:11:40

VBASE008.VDF : 7.10.9.166 2048 Bytes 7/23/2010 02:11:40

VBASE009.VDF : 7.10.9.167 2048 Bytes 7/23/2010 02:11:40

VBASE010.VDF : 7.10.9.168 2048 Bytes 7/23/2010 02:11:40

VBASE011.VDF : 7.10.9.169 2048 Bytes 7/23/2010 02:11:40

VBASE012.VDF : 7.10.9.170 2048 Bytes 7/23/2010 02:11:41

VBASE013.VDF : 7.10.9.198 157696 Bytes 7/26/2010 02:11:41

VBASE014.VDF : 7.10.9.199 2048 Bytes 7/26/2010 02:11:42

VBASE015.VDF : 7.10.9.200 2048 Bytes 7/26/2010 02:11:42

VBASE016.VDF : 7.10.9.201 2048 Bytes 7/26/2010 02:11:42

VBASE017.VDF : 7.10.9.202 2048 Bytes 7/26/2010 02:11:42

VBASE018.VDF : 7.10.9.203 2048 Bytes 7/26/2010 02:11:42

VBASE019.VDF : 7.10.9.204 2048 Bytes 7/26/2010 02:11:43

VBASE020.VDF : 7.10.9.205 2048 Bytes 7/26/2010 02:11:43

VBASE021.VDF : 7.10.9.206 2048 Bytes 7/26/2010 02:11:43

VBASE022.VDF : 7.10.9.207 2048 Bytes 7/26/2010 02:11:43

VBASE023.VDF : 7.10.9.208 2048 Bytes 7/26/2010 02:11:43

VBASE024.VDF : 7.10.9.209 2048 Bytes 7/26/2010 02:11:44

VBASE025.VDF : 7.10.9.210 2048 Bytes 7/26/2010 02:11:44

VBASE026.VDF : 7.10.9.211 2048 Bytes 7/26/2010 02:11:44

VBASE027.VDF : 7.10.9.212 2048 Bytes 7/26/2010 02:11:44

VBASE028.VDF : 7.10.9.213 2048 Bytes 7/26/2010 02:11:44

VBASE029.VDF : 7.10.9.214 2048 Bytes 7/26/2010 02:11:44

VBASE030.VDF : 7.10.9.215 2048 Bytes 7/26/2010 02:11:45

VBASE031.VDF : 7.10.9.225 100864 Bytes 7/27/2010 02:11:45

Engineversion : 8.2.4.26

AEVDF.DLL : 8.1.2.0 106868 Bytes 7/28/2010 02:11:58

AESCRIPT.DLL : 8.1.3.41 1364346 Bytes 7/28/2010 02:11:58

AESCN.DLL : 8.1.6.1 127347 Bytes 7/28/2010 02:11:56

AESBX.DLL : 8.1.3.1 254324 Bytes 7/28/2010 02:11:58

AERDL.DLL : 8.1.8.2 614772 Bytes 7/28/2010 02:11:56

AEPACK.DLL : 8.2.3.2 471414 Bytes 7/28/2010 02:11:54

AEOFFICE.DLL : 8.1.1.8 201081 Bytes 7/28/2010 02:11:54

AEHEUR.DLL : 8.1.2.6 2793846 Bytes 7/28/2010 02:11:53

AEHELP.DLL : 8.1.13.2 242039 Bytes 7/28/2010 02:11:49

AEGEN.DLL : 8.1.3.17 385396 Bytes 7/28/2010 02:11:48

AEEMU.DLL : 8.1.2.0 393588 Bytes 7/28/2010 02:11:47

AECORE.DLL : 8.1.16.2 192887 Bytes 7/28/2010 02:11:47

AEBB.DLL : 8.1.1.0 53618 Bytes 7/28/2010 02:11:46

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35

AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40

AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46

AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51

AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30

SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20

RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:

Jobname.............................: Short system scan after installation

Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: off

Integrity checking of system files..: off

Scan all files......................: Intelligent file selection

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Tuesday, July 27, 2010 22:14

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'RealPlay.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avconfig.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avshadow.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'setup.exe' - '1' Module(s) have been scanned

Scan process 'presetup.exe' - '1' Module(s) have been scanned

Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned

Scan process 'notepad.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'iPodService.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'PRISMXL.SYS' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'bgsvcgen.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'soffice.bin' - '1' Module(s) have been scanned

Scan process 'soffice.exe' - '1' Module(s) have been scanned

Scan process 'EasyShare.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'HOMERunner.exe' - '1' Module(s) have been scanned

Scan process 'msmsgs.exe' - '1' Module(s) have been scanned

Scan process 'realsched.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned

Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned

Scan process 'OpwareSE4.exe' - '1' Module(s) have been scanned

Scan process 'BJMyPrt.exe' - '1' Module(s) have been scanned

Scan process 'readericon45G.exe' - '1' Module(s) have been scanned

Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned

Scan process 'Explorer.EXE' - '1' Module(s) have been scanned

Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Master boot sector HD2

[iNFO] No virus was found!

Master boot sector HD3

[iNFO] No virus was found!

Master boot sector HD4

[iNFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).

The registry was scanned ( '1783' files ).

End of the scan: Tuesday, July 27, 2010 22:17

Used time: 02:15 Minute(s)

The scan has been done completely.

0 Scanned directories

2267 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

2267 Files not concerned

5 Archives were scanned

0 Warnings

0 Notes

[MrCharlie]

Sounds like a left over registry entry.

Please post a HJT log of the system:

You can download the HJT installer HERE:

Doubleclick HJTInstall.exe to install it. By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Save the log to a convenient location.

Copy and paste it into your post.

MrC

[Lady Hatter]

Alrighty

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:28:10 PM, on 7/29/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17055)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Digital Media Reader\readericon45G.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Avira\AntiVir Desktop\update.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"

O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"

O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Mcuturo] rundll32.exe "C:\WINDOWS\dfishc.dll",Startup

O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')

O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe.vir

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--

End of file - 9548 bytes

[MrCharlie]

[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O4 - HKCU\..\Run: [Mcuturo] rundll32.exe "C:\WINDOWS\dfishc.dll",Startup

Click on Fix Checked when finished and exit HijackThis.

Reboot and let me know how it is, MrC

[Lady Hatter]

It doesn't pop up anymore :3

Thank you.

But I'm having another problem: it was suggested to me on here to download Avira AntiVir Personal and soon after, my computer started running awfully slow.

Could it be that it's taking up too much space?

[MrCharlie]

Any anti-virus is going to use up some resources when it runs.

What anti-virus did you use before?

MrC

[Lady Hatter]

Well, I never really had one that ran in real-time (I guess is how I would describe this one).

I used MBAM and SUPER Anti-Spyware.

[MrCharlie]

Double click on System in your control panel > under the General tab > under Computer, see what processor you have and how much ram is installed. MrC

[Lady Hatter]

I feel really silly, but when I click on my control panel, none of that shows up D:

[Lady Hatter]

Oh wait, I found it (had to switch to classic view o^_^o)

But it says:

eMachines T3508 Intel ® Celeron® D CPU 3.33GHz 3.33 GHZ, 368 MB of RAM

[MrCharlie]

CPU 3.33GHz 3.33 GHZ, 368 MB of RAM

CPU is OK

368 MB of RAM <-----very low, should be a least 512mb or even better 1gb

MrC

[Lady Hatter]

Hmmmmm....what are some ways I can get more, without a RAM stick (that's what they're called, right?).

Could getting rid of files open up more space?

My computer isn't really new, and lately I've been trying to clean it out (been gettin' rid of old pictures and whatnot).

I have lots of programs on here that I don't use, but I don't want to delete any because I'm worried that it might mess something up.

How would I know if something was okay to delete or not?

[MrCharlie]

Hmmmmm....what are some ways I can get more, without a RAM stick (that's what they're called, right?).

Could getting rid of files open up more space?

The only way is to add more RAM (memory)

Getting rid of files will free up hard drive space only.

It really has nothing to do with your RAM.

A good place to go is Crucial, they will scan your motherboard and recommend compatible memory for your system. You don't have to buy from them, but it will give you some idea of what kind of memory you need.

You'll also have to find someone to install it into your computer.

I have lots of programs on here that I don't use, but I don't want to delete any because I'm worried that it might mess something up.

How would I know if something was okay to delete or not?

Open up HJT and click on Main Menu > Open Misc Tools Section > scroll down the list and you'll see "Open Uninstall Manager" > click on it > on the right you'll see "Save List" > click it and click save > post or attach the list back here and I'll take a quick look at it.

Below are two tutorials on slow computers that you may want to read:

Slow Computer - Check Here

and HERE

~~~~~~~~~~~~~~~~~~~~~~~~~

You also have a lot of programs running on your system:

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"

O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"

O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Mcuturo] rundll32.exe "C:\WINDOWS\dfishc.dll",Startup

O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')

O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe.vir

MrC

[Lady Hatter]

I went and did a scan

I'll have to wait a while on something like that though (at this time, I don't have the money to spend on somethin' like that, ya know? ).

But thank you for showing that to me! B)

At least I won't be confused when I'm able to buy some now

I went to the HJT part you directed me to, but there was nothing that said "Save List" there.

I looked at both of the links (and I'm checking out how to disable unnecessary start up programs B)) but I noticed both said to defrag the computer.

I was reading about that a while back (probably a year or two ago) and a few sites said that it's actually bad for the computer. Is that true?

And what does all of that mean?

That I have a lot of stuff running?

Like...are they still running (in the background, even when I'm not using them?

[MrCharlie]

I went to the HJT part you directed me to, but there was nothing that said "Save List" there.

It's there:

http://www.freeantivirushelp.com/blog/imag...all-manager.jpg

I looked at both of the links (and I'm checking out how to disable unnecessary start up programs ) but I noticed both said to defrag the computer.

I was reading about that a while back (probably a year or two ago) and a few sites said that it's actually bad for the computer. Is that true?

It's not bad but it's debatable if it really does any good.

-------------------------

You can use HJT to disable some of those programs you have running.

These should be disabled.

You can always restore them by running HJT > Main Menu > View a list of Backups > place a check in the box of any item you want to restore and click Restore.

[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\

Kodak Software Updater.exe.vir

Click on Fix Checked when finished and exit HijackThis.

----------------------------------

These are optional, you'll have to play around with them and see what you need or don't need.

You can always restore any of them as described above.

[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE"

O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')

O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

Click on Fix Checked when finished and exit HijackThis.

----------------------------------

Like...are they still running (in the background, even when I'm not using them?

Yes they are still running even though you are not using them.

MrC

[Lady Hatter]

Oh, I found it o^_^o

3DVIA Player 4.1

Adobe Flash Player 10 ActiveX

Adobe Reader 7.0

Adobe Shockwave Player

Amazon MP3 Downloader 1.0.10

AoA DVD Ripper

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Display Driver

Avira AntiVir Personal - Free Antivirus

AVS Update Manager 1.0

AVS YouTube Uploader version 2.1

AVS4YOU Software Navigator 1.3

Bonjour

Browser Address Error Redirector

Canon MP Navigator 3.0

Canon MP160

Canon MP160 User Registration

Canon My Printer

Canon Utilities Easy-PhotoPrint

CCleaner (remove only)

Digital Media Reader

DivX Web Player

Dr Watson for Microsoft Windows OneCare Live v1.0.0971.38

Easy-WebPrint

ESET Online Scanner v3

HijackThis 2.0.2

Hitman Pro 3.5

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

InterActual Player

iTunes

Java 6 Update 18

Java 6 Update 20

Malwarebytes' Anti-Malware

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1

Microsoft Digital Image Starter Edition 2006

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Malware Protection On Access Scanner

Microsoft National Language Support Downlevel APIs

Microsoft Office Excel MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Standard 2007

Microsoft Office Standard 2007 Trial

Microsoft Office Standard Edition 2003

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

OpenOffice.org 3.2

PCFriendly

PhotoFiltre

Power2Go 4.0

PowerDVD

QuickTime

RealPlayer

REALTEK GbE & FE Ethernet PCI NIC Driver

Realtek High Definition Audio Driver

RealUpgrade 1.0

Rhapsody Player Engine

ScanSoft OmniPage SE 4.0

Security Update for 2007 Microsoft Office System (KB951550)

Security Update for 2007 Microsoft Office System (KB951944)

Security Update for 2007 Microsoft Office System (KB960003)

Security Update for CAPICOM (KB931906)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office Excel 2007 (KB959997)

Security Update for Microsoft Office PowerPoint 2007 (KB951338)

Security Update for Microsoft Office system 2007 (KB954326)

Security Update for Microsoft Office system 2007 (KB956828)

Security Update for Microsoft Office Word 2007 (KB956358)

Security Update for Outlook 2007 (KB946983)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Media Player (KB973540)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953155)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981349)

Soft Data Fax Modem with SmartCP

SUPERAntiSpyware Free Edition

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Office 2007 (KB934391)

Update for Outlook 2007 Junk Email Filter (KB974810)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC80CRTRedist - 8.0.50727.762

Viewpoint Media Player

Windows Backup Utility

Windows Defender Signatures

Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image 05/02/2006 2.0.1.0

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 11

Windows XP Service Pack 3

How do I use HJT to disable the startup programs?

Do I do the same thing that we did with "C:\WINDOWS\dfishc.dll" (click "Fix checked")?

[MrCharlie]

Your Java is out of date:

Go to your control panels add/remove programs and uninstall these:

Java

[Lady Hatter]

I did everything

And I do notice my computer's a bit faster now.

Thank you so much!!!

So, all of the other things that I posted in the "Save List", I should just leave alone?

[MrCharlie]

So, all of the other things that I posted in the "Save List", I should just leave alone?

Yes, MrC

[Lady Hatter]

Alright

Well thank you so, so much for helping me and answering my questions !!!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!