Solved Removing Irritating Windows

[Resolved] Removing Irritating Windows

I do not have a malware problem that I know of and do not wish to get you kind helpers all involved.

I ran SUPERantispyware and isolated two potential items, which I believe the irritating windows are residual. SUPER... caught these right after they were picked up...

[FONT= "Verdana"]In brief, the windows say something like "Cannot find some file..." in Russian with link that supposedly connects to Java. So the bad stuff is missing, good; but the windows that pop up when I boot on occasion are irritating.

I was advised that the registry line that initiates these bad windows should read:[/FONT]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = Explorer.exe

[FONT= "Verdana"]and that removing the other object for the shell which cannot locate the removed malware problem will fix this.

So, is that it, just change the line with some regedit and forget it?[/FONT]

 

That would concern me, why Russian is your system set up to use that language?

I think it's best to be safe than sorry, let one of the malware analysts check and make sure the malware has really been dealt with.

As indicated at the start of this forum, please *** READ THIS BEFORE POSTING IN THIS FORUM *** then post the requested logs in this thread.

NOTES:

When posting the logs ensure word wrap is switched off (in notepad Uncheck Format->Word Wrap) as this makes them difficult to read.

Be aware that only Malware analysts will advise and they are often busy. Your post will be taken on a first come first served basis but it may take a while before you receive a reply.

 

Unnecessary windows at Start-Up

[FONT= "Verdana"]Yes, I know the drill and researched it a bit before looking for reassurance.

I should have added the window is Load Error - "onyc.ffo not found" and I kind of know what is going on, but looking for confirmation, without all the work.
Was a sort of shortcut, but I figured all the work was really unnecessary as the bad files are gone and this orphan is coming out of the registry on loading is all.[/FONT]

 

If you require assistance with malware removal then post here and follow the rules

If you just want to clean up your system I still suggest posting here and following the rules

If you're happy your system is clean (I'm not) post in the relevant OS board, this section is for malware removal ONLY

 

Removing ooyc.ffo Orphan File

Hello. Thanks.

Was away. Will post the logs when I get settled.

 

DDS Log and ActIve Scan Logs

[FONT= "Verdana"]When I ran the Active version, it showed a file with a virus that I have had for some years but l did not open yet no other scan ever showed it as infected, but I deleted it. It is first file on that log.

I also ran a PC Doctor demo and it said the machine had some 103 infections, but that seemed very odd, so I removed that program.

I removed the logs, seemed to be required. Will zip them below, if I can.

 

Logs

Was all I had, so I did it again and now how do I put up zip files, or should I repost the logs?

Appreciate your patience.

 

I did re run DDS. Do I post or put up zip? If the latter, how do I upload the zips?

 

Irritating Windows

Thanks, I thought I had to zip and send and made mistake by pasting above.

Here they are:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 4:06:29.82 on Mon 04/19/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.285 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\COMMON~1\AOL\112336~1\EE\AOLHOS~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\MicroTekALL\apdproxy.exe
C:\Program Files\Microtek\ScanWizard Pro\LANServer.exe
C:\PROGRA~1\COMMON~1\AOL\112336~1\EE\AOLServiceHost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\BBNikon\NkvMon.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\MicroTekALL\PhotoshopElementsFileAgent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://safesearch.cyberdefender.com/smallsearch.html
uStart Page = hxxp://www.yahoo.com/
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\documents and settings\owner\local settings\application data\cyberdefender\cdmyidd.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\documents and settings\owner\local settings\application data\cyberdefender\cdmyidd.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\documents and settings\owner\local settings\application data\cyberdefender\cdmyidd.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe "
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [CHotkey] zHotkey.exe
mRun: [HostManager] c:\program files\common files\aol\1123365865\ee\AOLHostManager.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [Mixersel] c:\program files\realtek\installshield\mixersel.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\microtekall\apdproxy.exe "
mRun: [Microtek_Scanner_Server] c:\program files\microtek\scanwizard pro\LANServer.exe
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\emails~1.lnk - c:\program files\emailsagent\emailsagent\EmailsAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkvmon~1.lnk - c:\program files\bbnikon\NkvMon.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_02\bin\npjpi150_02.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\docume~1\alluse~1\applic~1\micros~1\windows\mspdb35.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\c39nhkkw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-18 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

=============== Created Last 30 ================

2010-04-18 17:08:59 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-04-18 17:07:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-18 17:07:34 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 17:07:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-18 17:07:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-18 11:27:18 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-04-18 11:25:51 0 d-----w- c:\program files\Panda Security
2010-03-24 11:49:00 0 d-----w- c:\program files\common files\Wise Installation Wizard

==================== Find3M ====================

2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2009-04-02 16:46:49 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040220090403\index.dat

============= FINISH: 4:06:55.06 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/19/2006 7:11:01 AM
System Uptime: 4/19/2010 12:32:22 AM (4 hours ago)

Motherboard: Intel Corporation | | D915GAG
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | | 3000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 182 GiB total, 153.923 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 2.406 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP869: 1/19/2010 2:30:27 PM - System Checkpoint
RP870: 1/21/2010 6:48:28 AM - System Checkpoint
RP871: 1/22/2010 7:31:20 AM - System Checkpoint
RP872: 1/23/2010 7:00:15 AM - Software Distribution Service 3.0
RP873: 1/24/2010 7:23:20 AM - System Checkpoint
RP874: 1/25/2010 9:12:49 AM - System Checkpoint
RP875: 1/26/2010 10:17:50 AM - System Checkpoint
RP876: 1/27/2010 11:15:45 AM - System Checkpoint
RP877: 1/28/2010 11:16:58 AM - System Checkpoint
RP878: 1/30/2010 1:22:53 PM - System Checkpoint
RP879: 2/1/2010 8:21:51 AM - System Checkpoint
RP880: 2/2/2010 8:22:11 AM - System Checkpoint
RP881: 2/3/2010 9:02:57 AM - System Checkpoint
RP882: 2/5/2010 6:47:51 AM - System Checkpoint
RP883: 2/6/2010 10:43:02 AM - System Checkpoint
RP884: 2/8/2010 7:19:21 AM - System Checkpoint
RP885: 2/9/2010 9:54:18 AM - System Checkpoint
RP886: 2/10/2010 5:05:04 PM - System Checkpoint
RP887: 2/11/2010 5:36:03 PM - System Checkpoint
RP888: 2/12/2010 6:04:51 PM - System Checkpoint
RP889: 2/13/2010 7:00:19 AM - Software Distribution Service 3.0
RP890: 2/15/2010 7:49:26 AM - System Checkpoint
RP891: 2/16/2010 8:10:49 AM - System Checkpoint
RP892: 2/17/2010 8:57:59 AM - System Checkpoint
RP893: 2/18/2010 9:50:43 AM - Software Distribution Service 3.0
RP894: 2/22/2010 10:04:10 AM - System Checkpoint
RP895: 2/24/2010 7:57:54 AM - System Checkpoint
RP896: 2/25/2010 8:04:43 AM - System Checkpoint
RP897: 2/26/2010 9:56:56 AM - System Checkpoint
RP898: 2/27/2010 7:00:16 AM - Software Distribution Service 3.0
RP899: 2/28/2010 7:41:54 AM - System Checkpoint
RP900: 3/1/2010 8:03:23 AM - System Checkpoint
RP901: 3/2/2010 8:09:00 AM - System Checkpoint
RP902: 3/3/2010 8:09:17 AM - System Checkpoint
RP903: 3/4/2010 10:07:26 AM - System Checkpoint
RP904: 3/5/2010 2:13:49 PM - System Checkpoint
RP905: 3/8/2010 6:51:11 AM - System Checkpoint
RP906: 3/9/2010 7:29:35 AM - System Checkpoint
RP907: 3/10/2010 8:17:25 AM - System Checkpoint
RP908: 3/11/2010 12:07:46 PM - System Checkpoint
RP909: 3/12/2010 2:38:07 PM - System Checkpoint
RP910: 3/13/2010 7:00:16 AM - Software Distribution Service 3.0
RP911: 3/14/2010 8:39:31 AM - System Checkpoint
RP912: 3/15/2010 10:19:59 AM - System Checkpoint
RP913: 3/16/2010 11:33:34 AM - System Checkpoint
RP914: 3/17/2010 11:45:41 AM - System Checkpoint
RP915: 3/18/2010 2:33:52 PM - System Checkpoint
RP916: 3/19/2010 10:34:12 AM - Software Distribution Service 3.0
RP917: 3/23/2010 6:21:05 AM - Removed SUPERAntiSpyware Free Edition
RP918: 3/23/2010 10:45:16 AM - Software Distribution Service 3.0
RP919: 3/24/2010 6:49:55 AM - Installed SUPERAntiSpyware Free Edition
RP920: 3/24/2010 7:38:52 AM - Removed Microsoft Works
RP921: 3/24/2010 7:42:26 AM - Removed Napster
RP922: 3/25/2010 10:22:08 AM - System Checkpoint
RP923: 3/26/2010 10:30:11 AM - System Checkpoint
RP924: 3/27/2010 11:41:40 AM - System Checkpoint
RP925: 3/28/2010 12:18:17 PM - System Checkpoint
RP926: 3/29/2010 12:26:50 PM - System Checkpoint
RP927: 4/1/2010 11:49:05 AM - System Checkpoint
RP928: 4/2/2010 9:16:00 AM - Software Distribution Service 3.0
RP929: 4/6/2010 9:38:39 AM - System Checkpoint
RP930: 4/7/2010 11:51:55 AM - System Checkpoint
RP931: 4/8/2010 12:08:18 PM - System Checkpoint
RP932: 4/9/2010 1:38:55 PM - System Checkpoint
RP933: 4/11/2010 7:11:53 AM - System Checkpoint
RP934: 4/17/2010 2:13:12 PM - System Checkpoint
RP935: 4/17/2010 8:30:37 PM - Software Distribution Service 3.0

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Adobe Acrobat 4.0
Adobe Flash Player 10 Plugin
Adobe Help Center 2.1
Adobe Photoshop 6.0
Adobe Photoshop Elements 2.0
Adobe Photoshop Elements 5.0
Adobe Reader 7.1.0
Adobe SVG Viewer 3.0
ArcSoft Software Suite
Auto Dust Brush Plug-in
BigFix
CCleaner (remove only)
Color Matching System
Defraggler (remove only)
Digital Media Reader
DiMAGE Scan Dual4 ver.1.0
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Adapters and Drivers
InterVideo MediaOne Gallery
iTunes
J2SE Runtime Environment 5.0 Update 2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Digital Image Library 9 - Blocker
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office Standard Edition 2003
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft XML Parser
Microtek Scanner ICC Profiler
Move Media Player
Mozilla Firefox (3.5.9)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Multimedia Keyboard Driver
MyIdentityDefender Toolbar (CyberDefender Corporation)
Napster Burn Engine
Nero BurnRights
Nero OEM
NetObjects Fusion 7.5
Nikon View 5
OLYMPUS Master 2
Panda ActiveScan 2.0
PowerDVD
Rand McNally TripMaker 2000
RealPlayer Basic
Realtek High Definition Audio Driver
Recovery Software Suite Gateway
ScanWizard Pro
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
SilverFast MicrotekSDK-SE 6.5.5r1
SoftV92 Data Fax Modem with SmartCP
Sonic Encoders
SpywareBlaster 4.2
SUPERAntiSpyware Free Edition
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Media Center Edition 2005 KB890629
Windows XP Media Center Edition 2005 KB890760
Windows XP Media Center Edition 2005 KB895198
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! Install Manager
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

4/18/2010 12:46:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
4/18/2010 12:46:52 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================

 

Removing Irritating Windows

Will do.

I might add that the 1st download site was dead, so downloading Avira.

I have Malwarebytes and have used it three/four times.

I also ran Activescan.

Both said yesterday the system is clean.

The odd window at boot still surfaces and from what I gather is attached to a HYKEY line.

The second one that says it was looking for missing whatever is no longer appearing.

Will not likely get to all of this until next Monday, but will give it a shot. Am leaving town Friday.

Ffor what it is worth, this the the result of the Avira scan.



Avira AntiVir Personal
Report file date: Wednesday, April 21, 2010 10:45

Scanning for 2025725 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Owner
Computer name : 1014GLENECHO2

Version information:
BUILD.DAT : 10.0.0.565 32097 Bytes 4/12/2010 16:29:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 18:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 15:44:12
VBASE006.VDF : 7.10.6.83 2048 Bytes 4/15/2010 15:44:13
VBASE007.VDF : 7.10.6.84 2048 Bytes 4/15/2010 15:44:13
VBASE008.VDF : 7.10.6.85 2048 Bytes 4/15/2010 15:44:13
VBASE009.VDF : 7.10.6.86 2048 Bytes 4/15/2010 15:44:13
VBASE010.VDF : 7.10.6.87 2048 Bytes 4/15/2010 15:44:14
VBASE011.VDF : 7.10.6.88 2048 Bytes 4/15/2010 15:44:14
VBASE012.VDF : 7.10.6.89 2048 Bytes 4/15/2010 15:44:14
VBASE013.VDF : 7.10.6.90 2048 Bytes 4/15/2010 15:44:14
VBASE014.VDF : 7.10.6.123 126464 Bytes 4/19/2010 15:44:16
VBASE015.VDF : 7.10.6.152 123392 Bytes 4/21/2010 15:44:18
VBASE016.VDF : 7.10.6.153 2048 Bytes 4/21/2010 15:44:18
VBASE017.VDF : 7.10.6.154 2048 Bytes 4/21/2010 15:44:18
VBASE018.VDF : 7.10.6.155 2048 Bytes 4/21/2010 15:44:18
VBASE019.VDF : 7.10.6.156 2048 Bytes 4/21/2010 15:44:18
VBASE020.VDF : 7.10.6.157 2048 Bytes 4/21/2010 15:44:18
VBASE021.VDF : 7.10.6.158 2048 Bytes 4/21/2010 15:44:19
VBASE022.VDF : 7.10.6.159 2048 Bytes 4/21/2010 15:44:19
VBASE023.VDF : 7.10.6.160 2048 Bytes 4/21/2010 15:44:19
VBASE024.VDF : 7.10.6.161 2048 Bytes 4/21/2010 15:44:19
VBASE025.VDF : 7.10.6.162 2048 Bytes 4/21/2010 15:44:19
VBASE026.VDF : 7.10.6.163 2048 Bytes 4/21/2010 15:44:19
VBASE027.VDF : 7.10.6.164 2048 Bytes 4/21/2010 15:44:20
VBASE028.VDF : 7.10.6.165 2048 Bytes 4/21/2010 15:44:20
VBASE029.VDF : 7.10.6.166 2048 Bytes 4/21/2010 15:44:20
VBASE030.VDF : 7.10.6.167 2048 Bytes 4/21/2010 15:44:20
VBASE031.VDF : 7.10.6.168 37376 Bytes 4/21/2010 15:44:21
Engineversion : 8.2.1.220
AEVDF.DLL : 8.1.1.3 106868 Bytes 2/13/2010 18:16:21
AESCRIPT.DLL : 8.1.3.26 1286521 Bytes 4/21/2010 15:44:53
AESCN.DLL : 8.1.5.0 127347 Bytes 2/26/2010 00:38:41
AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 17:09:47
AERDL.DLL : 8.1.4.6 541043 Bytes 4/21/2010 15:44:47
AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 18:34:51
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 17:09:46
AEHEUR.DLL : 8.1.1.24 2613623 Bytes 4/21/2010 15:44:43
AEHELP.DLL : 8.1.11.3 242039 Bytes 4/1/2010 22:05:25
AEGEN.DLL : 8.1.3.7 373106 Bytes 4/21/2010 15:44:27
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/10/2009 15:04:22
AECORE.DLL : 8.1.13.1 188790 Bytes 4/1/2010 22:05:25
AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2009 18:15:06
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 18:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 18:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 18:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 20:14:29

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Wednesday, April 21, 2010 10:45

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NkvMon.exe' - '1' Module(s) have been scanned
Scan process 'PRISMXL.SYS' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
Scan process 'BigFix.exe' - '1' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MMonitor.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'LANServer.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'AOLServiceHost.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'AOLHOS~1.EXE' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'zHotkey.exe' - '1' Module(s) have been scanned
Scan process 'shwiconem.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '499' files ).



End of the scan: Wednesday, April 21, 2010 10:46
Used time: 00:36 Minute(s)

The scan has been done completely.

0 Scanned directories
988 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
988 Files not concerned
3 Archives were scanned
0 Warnings
0 Notes



Thank-you broni for your patience and interest.

 

Irritating Windows

thanks. I ran Malwarebytes and will post log below.

I do have a ?

I ran the Avira program which gave a clean bill of health.

I was off line.

then, while running the Malwarebyte scan, the Avira came up with two virus, which were disposed of as suggested.

The question is this: How did the above happen, if I was off line and the Avira scan had run and the Malwarebvyte shows not harmful targets? Sure, I understand the Avira scan was not a full scan, but it seemed the objects were within its search scope. Just wondering!

Here is Malewarebyte log:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4005

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

4/21/2010 12:03:17 PM
mbam-log-2010-04-21 (12-03-17).txt

Scan type: Full scan (C:\|)
Objects scanned: 190995
Time elapsed: 40 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Will try to do the rest tomorrow.

Robert

 

Removing Irritating Windows

Here is HJT log. Nothing checked. The DDS logs are below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:11 AM, on 4/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\COMMON~1\AOL\112336~1\EE\AOLHOS~1.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\MicroTekALL\apdproxy.exe
C:\Program Files\Microtek\ScanWizard Pro\LANServer.exe
C:\PROGRA~1\COMMON~1\AOL\112336~1\EE\AOLServiceHost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\BBNikon\NkvMon.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\MicroTekALL\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1123365865\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\MicroTekALL\apdproxy.exe "
O4 - HKLM\..\Run: [Microtek_Scanner_Server] C:\Program Files\Microtek\ScanWizard Pro\LANServer.exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe "
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: EmailsAgentShortcut.lnk = C:\Program Files\EmailsAgent\EmailsAgent\EmailsAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\BBNikon\NkvMon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb35.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\MicroTekALL\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8631 bytes


DDS


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/19/2006 7:11:01 AM
System Uptime: 4/22/2010 4:47:43 AM (5 hours ago)

Motherboard: Intel Corporation | | D915GAG
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | | 3000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 182 GiB total, 153.493 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 2.406 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP871: 1/22/2010 7:31:20 AM - System Checkpoint
RP872: 1/23/2010 7:00:15 AM - Software Distribution Service 3.0
RP873: 1/24/2010 7:23:20 AM - System Checkpoint
RP874: 1/25/2010 9:12:49 AM - System Checkpoint
RP875: 1/26/2010 10:17:50 AM - System Checkpoint
RP876: 1/27/2010 11:15:45 AM - System Checkpoint
RP877: 1/28/2010 11:16:58 AM - System Checkpoint
RP878: 1/30/2010 1:22:53 PM - System Checkpoint
RP879: 2/1/2010 8:21:51 AM - System Checkpoint
RP880: 2/2/2010 8:22:11 AM - System Checkpoint
RP881: 2/3/2010 9:02:57 AM - System Checkpoint
RP882: 2/5/2010 6:47:51 AM - System Checkpoint
RP883: 2/6/2010 10:43:02 AM - System Checkpoint
RP884: 2/8/2010 7:19:21 AM - System Checkpoint
RP885: 2/9/2010 9:54:18 AM - System Checkpoint
RP886: 2/10/2010 5:05:04 PM - System Checkpoint
RP887: 2/11/2010 5:36:03 PM - System Checkpoint
RP888: 2/12/2010 6:04:51 PM - System Checkpoint
RP889: 2/13/2010 7:00:19 AM - Software Distribution Service 3.0
RP890: 2/15/2010 7:49:26 AM - System Checkpoint
RP891: 2/16/2010 8:10:49 AM - System Checkpoint
RP892: 2/17/2010 8:57:59 AM - System Checkpoint
RP893: 2/18/2010 9:50:43 AM - Software Distribution Service 3.0
RP894: 2/22/2010 10:04:10 AM - System Checkpoint
RP895: 2/24/2010 7:57:54 AM - System Checkpoint
RP896: 2/25/2010 8:04:43 AM - System Checkpoint
RP897: 2/26/2010 9:56:56 AM - System Checkpoint
RP898: 2/27/2010 7:00:16 AM - Software Distribution Service 3.0
RP899: 2/28/2010 7:41:54 AM - System Checkpoint
RP900: 3/1/2010 8:03:23 AM - System Checkpoint
RP901: 3/2/2010 8:09:00 AM - System Checkpoint
RP902: 3/3/2010 8:09:17 AM - System Checkpoint
RP903: 3/4/2010 10:07:26 AM - System Checkpoint
RP904: 3/5/2010 2:13:49 PM - System Checkpoint
RP905: 3/8/2010 6:51:11 AM - System Checkpoint
RP906: 3/9/2010 7:29:35 AM - System Checkpoint
RP907: 3/10/2010 8:17:25 AM - System Checkpoint
RP908: 3/11/2010 12:07:46 PM - System Checkpoint
RP909: 3/12/2010 2:38:07 PM - System Checkpoint
RP910: 3/13/2010 7:00:16 AM - Software Distribution Service 3.0
RP911: 3/14/2010 8:39:31 AM - System Checkpoint
RP912: 3/15/2010 10:19:59 AM - System Checkpoint
RP913: 3/16/2010 11:33:34 AM - System Checkpoint
RP914: 3/17/2010 11:45:41 AM - System Checkpoint
RP915: 3/18/2010 2:33:52 PM - System Checkpoint
RP916: 3/19/2010 10:34:12 AM - Software Distribution Service 3.0
RP917: 3/23/2010 6:21:05 AM - Removed SUPERAntiSpyware Free Edition
RP918: 3/23/2010 10:45:16 AM - Software Distribution Service 3.0
RP919: 3/24/2010 6:49:55 AM - Installed SUPERAntiSpyware Free Edition
RP920: 3/24/2010 7:38:52 AM - Removed Microsoft Works
RP921: 3/24/2010 7:42:26 AM - Removed Napster
RP922: 3/25/2010 10:22:08 AM - System Checkpoint
RP923: 3/26/2010 10:30:11 AM - System Checkpoint
RP924: 3/27/2010 11:41:40 AM - System Checkpoint
RP925: 3/28/2010 12:18:17 PM - System Checkpoint
RP926: 3/29/2010 12:26:50 PM - System Checkpoint
RP927: 4/1/2010 11:49:05 AM - System Checkpoint
RP928: 4/2/2010 9:16:00 AM - Software Distribution Service 3.0
RP929: 4/6/2010 9:38:39 AM - System Checkpoint
RP930: 4/7/2010 11:51:55 AM - System Checkpoint
RP931: 4/8/2010 12:08:18 PM - System Checkpoint
RP932: 4/9/2010 1:38:55 PM - System Checkpoint
RP933: 4/11/2010 7:11:53 AM - System Checkpoint
RP934: 4/17/2010 2:13:12 PM - System Checkpoint
RP935: 4/17/2010 8:30:37 PM - Software Distribution Service 3.0
RP936: 4/19/2010 8:33:21 AM - System Checkpoint
RP937: 4/19/2010 10:27:47 AM - Removed SUPERAntiSpyware Free Edition
RP938: 4/19/2010 1:55:12 PM - Removed ABBYY FineReader 6.0 Sprint
RP939: 4/20/2010 2:23:09 PM - System Checkpoint
RP940: 4/22/2010 8:15:52 AM - System Checkpoint

==== Installed Programs ======================

Adobe Acrobat 4.0
Adobe Flash Player 10 Plugin
Adobe Help Center 2.1
Adobe Photoshop 6.0
Adobe Photoshop Elements 2.0
Adobe Photoshop Elements 5.0
Adobe Reader 7.1.0
Adobe SVG Viewer 3.0
ArcSoft Software Suite
Auto Dust Brush Plug-in
Avira AntiVir Personal - Free Antivirus
BigFix
CCleaner (remove only)
Color Matching System
Defraggler (remove only)
Digital Media Reader
DiMAGE Scan Dual4 ver.1.0
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Adapters and Drivers
InterVideo MediaOne Gallery
iTunes
J2SE Runtime Environment 5.0 Update 2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Digital Image Library 9 - Blocker
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office Standard Edition 2003
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XML Parser
Microtek Scanner ICC Profiler
Move Media Player
Mozilla Firefox (3.5.9)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Multimedia Keyboard Driver
Napster Burn Engine
Nero BurnRights
Nero OEM
NetObjects Fusion 7.5
Nikon View 5
OLYMPUS Master 2
Panda ActiveScan 2.0
PowerDVD
Rand McNally TripMaker 2000
RealPlayer Basic
Realtek High Definition Audio Driver
Recovery Software Suite Gateway
ScanWizard Pro
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
SilverFast MicrotekSDK-SE 6.5.5r1
SoftV92 Data Fax Modem with SmartCP
Sonic Encoders
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Media Center Edition 2005 KB890629
Windows XP Media Center Edition 2005 KB890760
Windows XP Media Center Edition 2005 KB895198
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! Install Manager
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

4/21/2010 10:39:06 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
4/21/2010 10:39:06 AM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
4/21/2010 10:39:06 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
4/18/2010 12:46:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
4/18/2010 12:46:52 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 9:18:02.62 on Thu 04/22/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.169 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\COMMON~1\AOL\112336~1\EE\AOLHOS~1.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\MicroTekALL\apdproxy.exe
C:\Program Files\Microtek\ScanWizard Pro\LANServer.exe
C:\PROGRA~1\COMMON~1\AOL\112336~1\EE\AOLServiceHost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\BBNikon\NkvMon.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\MicroTekALL\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://safesearch.cyberdefender.com/smallsearch.html
uStart Page = hxxp://www.yahoo.com/
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe "
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [CHotkey] zHotkey.exe
mRun: [HostManager] c:\program files\common files\aol\1123365865\ee\AOLHostManager.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [Mixersel] c:\program files\realtek\installshield\mixersel.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\microtekall\apdproxy.exe "
mRun: [Microtek_Scanner_Server] c:\program files\microtek\scanwizard pro\LANServer.exe
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\emails~1.lnk - c:\program files\emailsagent\emailsagent\EmailsAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkvmon~1.lnk - c:\program files\bbnikon\NkvMon.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_02\bin\npjpi150_02.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\docume~1\alluse~1\applic~1\micros~1\windows\mspdb35.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\c39nhkkw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-18 28552]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-21 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-21 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-21 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-21 60936]

=============== Created Last 30 ================

2010-04-22 14:13:53 0 d-----w- c:\program files\Trend Micro
2010-04-21 16:49:42 0 d-----w- c:\docume~1\owner\applic~1\Avira
2010-04-21 15:42:19 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-21 15:42:18 0 d-----w- c:\program files\Avira
2010-04-21 15:42:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-04-21 14:42:24 8882 ----a-w- c:\documents and settings\owner\myemailaddys
2010-04-18 17:08:59 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-04-18 17:07:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-18 17:07:34 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 17:07:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-18 17:07:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-18 11:27:18 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-04-18 11:25:51 0 d-----w- c:\program files\Panda Security

==================== Find3M ====================

2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2009-04-02 16:46:49 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040220090403\index.dat

============= FINISH: 9:18:45.79 ===============