How can I get rid of a dialer?

What did SAS remove..... ONLY the cookie?

I googled your file and NOTHING came up !

I would suggest a LAST scan:

Please perform a scan with F-secure online scanner

1. Scroll to the bottom of the page and click on "Start Scanning"
You may receive an alert on the address bar at this point to install the ActiveX control, please do so.
2. After installed, click on Accept on the license agreement.
3. Click "Full System Scan" to download the scanning components and begin scan and cleaning.
4. When the scan completes, click the "I want to decide item by item" button.
5. For each item found, Select "Disinfect" and click "Next".

IF the above scan comes up clean......... then I would post at the Avast forum and ask them IF the file could be a "False Positive".

"Keep smiling", Julea

hubby thought early on that it might be a false positive and he's not a computer person -- but he does have good logic re: computers. He said as clean as you have kept that computer and as careful as I am about where I go, etc., he was surprised that we had a dialer. I told him "nothing" is foolproof! Another factor for him was that all other scans keep coming up clean.

Anyway, I'll run this new scan and see what happens. Only thing that bothered me about it was how the file name/location changed from its original presence.

Thanks so much Marianna for working through this with me -- you've saved me many times over the years and I truly appreciate you.

Will be back this evening after scan and finding results.

Julea -- I'm smiling!

1 malware was found with the full scan with F-Secure.

Guess what, it was the same tracking cookie that SAS found -- TrackingCookie.Revsci (spyware). I got rid of it again. Everything else in the scan was good. Evidently, CCleaner is not catching this one when I run it and I do have the latest and greatest for that utility. I've used it for several years and have had good luck with it.

Anyway, I just read Ray's post about running a full scan with MBAM. I'll do that, but may not report back on that until tomorrow. I'm about all scanned out for today -- yikes, never spent so much scanning in my life and it's been an education!

One utility I've not tried is Hijack This -- I always steered clear of that because I've heard one really has to know what they're doing when using that program and I wasn't sure if I qualified in that regard. Would it be worthwhile for me to "glance" at it and see what it shows?

I sure hope this is an FP, but would Avast believe me if I asked them in that vain? When I google Win32:Dialer-gen[Trj], there is a ton of stuff out there on it. What do I know!

Julea

Julea,

have a look in CCleaner IF you have SAVED the cookie in there !

Sure, you can run HJT to SEE IF there is anything in there what is NOT normal. ONLY scanning doesn't "hurt".

I would ask in the Avast forum - they SHOULD know and tell you either "what" to do or "for what to look" in your computer.

Right, take a break for today

You did a Great Job !

It's back, so guess it's coming from someplace I frequent -- maybe cnet?

Sometimes I do get a page come up while I'm at cnet that wants to download something bad, but I don't let it willingly. My firewall has been catching it. Don't remember now what it is, but seems like it's ad. something or other.

G'night for tonight - see you tomorrow, God willing. Thanks again.

Julea

Just for fun, I've been trying to track down where the tracking cookie comes from. I figured it out by using CCleaner.

C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@revsci[2].txt 1.07KB


Guess what ------- it's coming from cnet! I went to all my frequently visited sites and lo and behold, it's right here in our own backyard!

Julea

that particular cookie was from CNet........ well, you found it

Julea,

for tomorrow........

did you ever find this file:

c:Windows\Installer\f78b92msi\ISSetupFiles\SetupFile33 ??

It is also NOT in the Avast vault?

It is also NOT in the registry?

Good Night

but I'm on my way to bed too. I'm a nightowl, but a fairly early riser. You're right, it's NOT in the Avast chest -- it won't let me move it to the chest or delete it.

However, I did some more searches and have this info. When typing f78b92 in the Start menu Search box, it found this. This one has a dot before msi, so not sure if it's the same one.
It's C:\Windows\Installer\f78b92.msi
File size 41,175KB
Windows Installer Package
Date modified 9/7/06
I looked at the properties and it says Print Shop 20; author is Broderbund. Print Shop 20 is a greeting card program I've used for eons. I find nothing where it says ISSetupFiles or SetupFile33 in any of the searches I've done when using the Start button Search.
--------------------------------------------------
When doing a search in the Registry for f78b92 here's my find:
(Default) REG_SZ (value set)
000 REG_SZ f78b92
001 REG_SZ SetupFile33
It's under HKEY_Current_User>Software>Microsoft>Search Assistant>ACMru>5603

Hum -- I must have misread the registry, because in double checking it, here's what it says now (I would have sworn it said value set, but maybe my eyes are getting sleepy) --
(Default) REG_SZ (value not set)
0000 REG_SZ File33
001 REG_SZ FC9EFDC
002 REG_SZ f78b92
003 REG_SZ SetupFile33

Think I'm beginning to see the picture --------- whatever I search for shows up in the registry -- maybe??
I know little about the registry but know enough to respect it greatly, and to backup. It's an interesting place.

Interesting, you found Print Shop 20....... I found that yesterday too by googling, but of course, I can't find it back at the moment.

You should have a folder Print Shop 20 or Broderbund..... can you have a look in that folder?

Regarding HP Downloader = Legitimate ..... have a look here:

http://www.castlecops.com/atxlist-594.html

Maybe I should unload this program ? ? ?

I did a search for both Print Shop and Broderbund and found lots of stuff. Oddly enough -- I say that because I have not even used this program for at least a month or more -- there are changes shown in the details column on 9/7/06 -- that's the date this all started.

Here's the info:
The Print Shop 20 Program Files 9/7/06 @ 1:09 p.m.
The Print Shop 20 Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited 9/7/06 @ 1:09 p.m.
The Print Shop 20 Documents and Settings\All Users\Start Menu\Programs 9/7/06 @ 12:59 p.m.
The Print Shop 20 Documents and Settings\All Users\Start Menu\Programs\The Print Shop 9/7/06 @ 12:59 p.m.
The Print Shop Premium Fonts Documents and Settings\All Users\Start Menu\Programs\The Print Shop 9/7/06 @ 12:59 p.m.

The last 2 items are shown as shortcuts

There are a couple of other items that were found, but they have May and June dates which is probably when I last used the program.

I have yet to check out the broderbund search, but there are tons of files there.

What am I looking for? I looked in some of those files and didn't see anything about Setup33, but maybe need to spend more time looking ? ??

Julea

Can you ONLY scan the 2 folders (Print Shop 2.0 and Broderbund) with AVAST?

You are looking for the Installer.

If so, how do I get it to you?

Thanks,

Julea

Below is what I selectively scanned and it came up clean:
C:\Program Files\Broderbund
C:\Program Files\The Print Shop 20
C:\Documents and Settings\All Users\Start Menu\Programs\The Print Shop 20
C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited

I just went through and tried to find anything with the print shop or broderbund and the above is all I could find.

Here's the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:31 AM, on 10/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\agrsmsvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kansascity.com/mld/kansascity/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221145404500
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MediaMax XL Service (MediaMaxXLService) - Unknown owner - C:\Program Files\Streamload\MediaMax XL\MediaMaxXLService.exe (file missing)
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\Desktop Picture\kai and jade xmas 2006.jpg

--
End of file - 7816 bytes

with your log and I really think, it is a FALSE Positive from Avast !

I should be able to leave my Pring Shop program installed; I'm guessing Spybot is not corrupt; and I can go on from here -- right? I generally do a virus scan weekly -- would you recommend more often? Lavasoft Ad-ware and Spybot very rarely find anything on ye old pc -- sometimes Lavasoft finds 1 tracking cookie or an MRU, but again, not often. Spybot hasn't found anything for a very long time.

As mentioned in past, I use those 2 program, Avast, Spyware Blaster, and have the pay version Kerio Personal firewall. Used to use a router, but have not since getting our new modem this week from Cox -- mainly because with the router, the new modem would not work properly (it would not load webpages, but did get us on the internet showing white pages). Therefore Cox recommended not using.

I'll run the 2 new programs I became acquainted with during this exercise -- MBAM and SuperAntispyware; as well as continue keeping all my other stuff updated regularly.

Do you see where I'm lacking?

I do NOT see anything wrong with Print Shop and see NO reason to remove it - and for sure, as it is already on your computer for several years....... it CAN ONLY be a False Positive !

Keep MBAM and SAS updated (updates are most of the time ONCE a day) as the other ones you are using and you should be FINE

Great Job, Julea and have a GREAT weekend

You know, I've been coming to cnet for several years (I think about 10) and you and others have helped me tremendously. I've often told people cnet help forums are where I learned how to compute. I did word processing for many years before retiring; but after retiring, wanted to know what makes a pc tick! With your help and cnet's help, I've been able to do that. I feel you know your stuff and am always grateful to those here who do. Thanks so much for all your help.

I ran an Antivir Anti-rootkit scan and it did find several hidden keys. It gave me the option of quarantining them. I did not know whether to do that or not. I sure don't want to make PC inoperable. Any thoughts on this. I did the full scan!

Avira AntiRootkit Tool - Beta (1.0.1.17)

========================================================================================================
- Scan started Friday, October 10, 2008 - 18:49:06 PM
========================================================================================================

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [X] Fast scan
- Working disk total size : 180.30 GB
- Working disk free size : 164.88 GB (91 %)
--------------------------------------------------------------------------------------------------------

Scan task finished. No hidden objects detected!

--------------------------------------------------------------------------------------------------------
Files: 0/51780
Registry items: 0/8026
Processes: 0/37
Scan time: 00:07:10
--------------------------------------------------------------------------------------------------------
Active processes:
- hoiqztyq.exe (PID 182 (Avira AntiRootkit Tool - Beta)
- msimn.exe (PID 3572)
- System (PID 4)
- smss.exe (PID 644)
- csrss.exe (PID 72
- winlogon.exe (PID 752)
- services.exe (PID 800)
- lsass.exe (PID 812)
- svchost.exe (PID 96
- svchost.exe (PID 1040)
- svchost.exe (PID 1136)
- svchost.exe (PID 1192)
- svchost.exe (PID 1384)
- aawservice.exe (PID 1640)
- aswUpdSv.exe (PID 1696)
- ashServ.exe (PID 1756)
- spoolsv.exe (PID 176)
- issch.exe (PID 484)
- kbd.exe (PID 500)
- jusched.exe (PID 50
- hpwuSchd2.exe (PID 532)
- ashDisp.exe (PID 540)
- ctfmon.exe (PID 556)
- agrsmsvc.exe (PID 1436)
- LSSrvc.exe (PID 1484)
- MDM.EXE (PID 1556)
- kpf4ss.exe (PID 1816)
- svchost.exe (PID 40
- wdfmgr.exe (PID 440)
- ashMaiSv.exe (PID 124
- ashWebSv.exe (PID 1464)
- alg.exe (PID 2392)
- kpf4gui.exe (PID 2820)
- kpf4gui.exe (PID 310
- explorer.exe (PID 1500)
- iexplore.exe (PID 3564)
- avirarkd.exe (PID 2932)
========================================================================================================
- Scan finished Friday, October 10, 2008 - 18:56:17 PM
========================================================================================================
Avira AntiRootkit Tool - Beta (1.0.1.17)

========================================================================================================
- Scan started Friday, October 10, 2008 - 18:56:31 PM
========================================================================================================

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 180.30 GB
- Working disk free size : 164.87 GB (91 %)
--------------------------------------------------------------------------------------------------------

Results:
Hidden key : HKEY_USERS\S-1-5-21-2576752241-3551118516-687949913-1009\Software\Microsoft\Protected Storage System Provider\S-1-5-21-2576752241-3551118516-687949913-1009\data
Hidden value : HKEY_USERS\S-1-5-21-2576752241-3551118516-687949913-1009\Software\Microsoft\Protected Storage System Provider\S-1-5-21-2576752241-3551118516-687949913-1009 -> migrate
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A35BAB48-4D1F-6A0B-6BCC81421932BFFC}\{F9F16A92-BF70-12AC-7ED2CC2822129D24}\{512F8077-C30C-4607-36213242EA83EF67} -> 526ba65zpqs4u365ynaellj5xa1
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC36979A-271C-CB21-250CD586E00814A2}\{8EF4E408-9A98-28EF-CDFA1ACBF6ED5141}\{501B0FF8-8336-4915-6C99805756A8837E} -> 526ba65zpqs4u365ynaellj5xa1
Hidden process : msimn.exe (PID: 3572)

--------------------------------------------------------------------------------------------------------
Files: 0/224630
Registry items: 4/569539
Processes: 1/39
Scan time: 00:41:23
--------------------------------------------------------------------------------------------------------
Active processes:
- hoiqztyq.exe (PID 182 (Avira AntiRootkit Tool - Beta)
- msimn.exe (PID 3572)
- System (PID 4)
- smss.exe (PID 644)
- csrss.exe (PID 72
- winlogon.exe (PID 752)
- services.exe (PID 800)
- lsass.exe (PID 812)
- svchost.exe (PID 96
- svchost.exe (PID 1040)
- svchost.exe (PID 1136)
- svchost.exe (PID 1192)
- svchost.exe (PID 1384)
- aawservice.exe (PID 1640)
- aswUpdSv.exe (PID 1696)
- ashServ.exe (PID 1756)
- spoolsv.exe (PID 176)
- issch.exe (PID 484)
- kbd.exe (PID 500)
- jusched.exe (PID 50
- hpwuSchd2.exe (PID 532)
- ashDisp.exe (PID 540)
- ctfmon.exe (PID 556)
- agrsmsvc.exe (PID 1436)
- LSSrvc.exe (PID 1484)
- MDM.EXE (PID 1556)
- kpf4ss.exe (PID 1816)
- svchost.exe (PID 40
- wdfmgr.exe (PID 440)
- ashMaiSv.exe (PID 124
- ashWebSv.exe (PID 1464)
- alg.exe (PID 2392)
- kpf4gui.exe (PID 2820)
- kpf4gui.exe (PID 310
- explorer.exe (PID 1500)
- iexplore.exe (PID 3564)
- avirarkd.exe (PID 2932)
- Paint Shop Pro 9.exe (PID 3964)
- Anim.exe (PID 2560)
========================================================================================================
- Scan finished Friday, October 10, 2008 - 19:37:55 PM
========================================================================================================

will post the full scan after I run it again. It did have some hidden items listed.

so, I would suggest, to post your scan at the Avira forum:

http://forum.avira.com/wbb/index.php?page=Board&boardID=210&s=fec177d048b2bbc304ec82579bc256818ed3dd01

they will know best how to explain the log to you.