dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
6528
NewsChick
join:2009-03-07
Rome, GA

NewsChick

Member

[Trojan] HJT Log - Possible Trojan Fake Alert (From Other System

Joker, I am posting the HJT log and the malware log for your review. There were 2 entries in red on the malware log that I "removed". The kapersky scan was clean. I saved the document to my desktop (or so I thought) but it is not there. I've searche my computer from it and didn't locate it. However, it said no malware found at the top and the pop up log was blank to start with. I hope this will give you the info you need.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:24 AM, on 3/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\RPS.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AT&T\Internet Security Wizard\ISWComHandler.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: KTBho Class - {25EDC164-41A6-47C3-80BD-5E4FBE1BA7AB} - C:\PROGRA~1\kaboodle\KABOOD~1\KTBar.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Kaboodle Toolbar - {92857633-2441-4A14-8236-DFCB97AD3E87} - C:\PROGRA~1\kaboodle\KABOOD~1\KTBar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [AT&T Internet Security Suite] "C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)" -"http://www.iwon.com/home/modules/launchGame/games/includes/blockDotGameIFrame.jhtml?categoryId=3&gameId=551&browser=IE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Candy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Candy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://games.bellsouth.net/Gh/FeedingFrenzy/SproutLauncher.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v53/wwspades/wwspades.cab
O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - http://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

--
End of file - 11305 bytes

Malwarebytes' Anti-Malware 1.34
Database version: 1835
Windows 6.0.6001 Service Pack 1

3/11/2009 7:19:27 AM
mbam-log-2009-03-11 (07-19-27).txt

Scan type: Quick Scan
Objects scanned: 61324
Time elapsed: 10 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\END (Trojan.FakeAlert) -> Quarantined and deleted successfully.

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

1 recommendation

TheJoker

MVM

Re: [Trojan] HJT Log - Possible Trojan Fake Alert (From Other Sy

Hi again.

Clean your Cache and Cookies in IE:
-Close all instances of Outlook Express and Internet Explorer
-Go to Control Panel > Internet Options > General tab
-Click the "Delete Cookies" button
-Next to it, Click the "Delete Files" button
-When prompted, place a check in: "Delete all offline content", click OK
Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
Go to Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Private Data).
Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.
Clean other Temporary files + Recycle bin
-Go to start > run and type: cleanmgr and click ok.
-Let it scan your system for files to remove.
-Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
-Press OK to remove them.

Please disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

One of the items you have installed is the Kaboodle Toolbar
I recommend you take a look at their questionable privacy policy to see if you still want to use it, or if you would prefer to uninstall it from Control Panel's Add or Remove Programs.

If you chose to uninstall it, then using Windows Explorer, delete the follwoing folder if still there.:
C:\Program Files\kaboodle

Please let me know what you chose to do about the toolbar.

Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):

O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)" -"http://www.iwon.com/home/modules/launchGame/games/includes/blockDotGameIFrame.jhtml?categoryId=3&gameId=551&browser=IE"
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab


Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

Download ComboFix© by sUBs from one of these locations:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Familiarize yourself with ComboFix before running it:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

- Disable your AntiVirus and any AntiSpyware programs you may be running (usually via a right click on the System Tray icon) to prevent them from interfering.

- Double click on ComboFix.exe & follow the prompts.

- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware. When finished, it will save a log.
Please include the contents of the log at C:\ComboFix.txt in your next reply.

Please post a new HijackThis log, the log from ComboFix (combofix.txt), let me know what you chose to do with the Kaboodle Toolbar, and note any errors encountered.
NewsChick
join:2009-03-07
Rome, GA

NewsChick

Member

Hello Joker. I hope you had a good trip, and are well rested.

Below are the requested logs. I uninstalled the Kaboodle toolbar. I figured if it was "questionable" I could live without it.

I was unable to find the RUN command line when I click Start. Is this not available with Vista ? I deleted ALL items in the IE options and my recycle bin was already empty.

I had a hard time navigating it (Vista) - looking for add/remove on control panel and finding windows explorer - but finally found them.

ComboFix 09-03-14.01 - Candy 2009-03-15 12:34:21.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2813.1738 [GMT -4:00]
Running from: c:\users\Candy\Desktop\ComboFix.exe
AV: AT&T Internet Security Suite AT&T Anti-Virus *On-access scanning disabled* (Updated)
FW: AT&T Internet Security Suite AT&T Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-15 to 2009-03-15 )))))))))))))))))))))))))))))))
.

2009-03-11 07:10 . 2009-03-11 07:10 d-------- c:\program files\Trend Micro
2009-03-11 07:06 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-11 07:06 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-11 05:33 . 2008-12-15 23:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 05:33 . 2008-11-27 00:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 05:33 . 2008-12-16 01:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 05:33 . 2008-12-16 01:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 05:33 . 2008-12-16 01:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-11 05:32 . 2009-02-08 23:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-01 19:55 . 2009-03-01 19:56 247,982,863 --a------ c:\windows\MEMORY.DMP
2009-02-24 11:51 . 2009-02-24 11:51 d-------- c:\users\All Users\Raxco
2009-02-24 11:51 . 2009-02-24 11:51 d-------- c:\programdata\Raxco
2009-02-24 11:51 . 2009-02-24 11:51 d-------- c:\program files\Raxco
2009-02-24 11:34 . 2009-02-24 11:50 53,192 --a------ c:\windows\System32\drivers\rp_skt32.sys
2009-02-24 11:33 . 2007-04-05 15:52 48,384 --a------ c:\windows\System32\drivers\rp_pkt32.sys
2009-02-24 11:32 . 2009-02-24 11:50 d----c--- c:\windows\System32\DRVSTORE
2009-02-24 11:32 . 2009-02-24 11:32 d-------- c:\program files\Common Files\Authentium
2009-02-24 11:32 . 2007-11-26 17:33 835,792 --a------ c:\windows\System32\drivers\css-dvp.sys
2009-02-24 11:31 . 2009-02-24 11:43 d-------- c:\program files\Common Files\Scanner
2009-02-24 11:31 . 2009-02-24 11:31 d-------- c:\program files\CA
2009-02-24 11:29 . 2009-02-24 11:48 d-------- c:\users\Candy\AppData\Roaming\AT&T
2009-02-24 11:29 . 2009-02-24 11:30 d-------- c:\program files\AT&T
2009-02-24 11:28 . 2009-02-24 11:28 d-------- c:\users\Candy\AppData\Roaming\InstallShield
2009-02-24 07:18 . 2009-02-24 07:18 d-------- c:\program files\Microsoft Visual Studio 8
2009-02-20 18:45 . 2009-02-20 18:45 d-------- c:\windows\Roaming
2009-02-20 18:44 . 2009-02-20 18:45 d-------- c:\program files\Common Files\Motive
2009-02-19 11:32 . 2009-02-19 11:32 d-------- c:\windows\ArtistScope Plugin IE 42
2009-02-19 11:32 . 2009-02-19 11:32 266,240 --a------ c:\windows\System32\CSHelper.exe
2009-02-19 11:32 . 2009-02-19 11:32 225,280 --a------ c:\windows\System32\CSInstru.DLL
2009-02-19 07:22 . 2009-02-19 07:22 0 --a------ c:\users\Candy\AppData\Roaming\wklnhst.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 07:10 --------- d-----w c:\program files\Windows Mail
2009-03-12 07:02 --------- d-----w c:\programdata\Microsoft Help
2009-03-11 11:19 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-04 11:50 --------- d-----w c:\program files\Coupons
2009-02-27 10:31 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-24 16:14 --------- d---a-w c:\programdata\TEMP
2009-02-24 16:11 --------- d-----w c:\programdata\Lavasoft
2009-02-24 15:30 --------- d-----w c:\programdata\AT&T
2009-02-24 15:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-24 11:25 --------- d-----w c:\program files\MSBuild
2009-02-19 18:17 --------- d-----w c:\program files\Bodog Poker
2009-02-19 11:36 --------- d-----w c:\program files\Microsoft Works
2009-02-17 14:57 --------- d-----w c:\users\Candy\AppData\Roaming\Move Networks
2009-02-11 17:02 --------- d-----w c:\program files\Bodog Casino
2009-02-11 15:54 --------- d-----w c:\programdata\SUPERAntiSpyware.com
2009-02-11 11:46 --------- d-----w c:\users\Candy\AppData\Roaming\Malwarebytes
2009-02-11 11:46 --------- d-----w c:\programdata\Malwarebytes
2009-02-05 15:04 --------- d-----w c:\users\Candy\AppData\Roaming\aAvgApi
2009-02-04 21:37 --------- d-----w c:\program files\Yahoo!
2009-02-03 21:53 --------- d-----w c:\users\Candy\AppData\Roaming\Yahoo!
2009-02-03 21:52 --------- d-----w c:\programdata\Yahoo!
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2008-08-02 02:17 13 --sh--r c:\windows\System32\drivers\fbd.sys
2008-08-02 02:17 4 --sh--r c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-20 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"AT&T Internet Security Suite"="c:\program files\AT&T\AT&T Internet Security Suite\Rps.exe" [2007-06-28 310000]
"-FreedomNeedsReboot"="c:\program files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe" [2007-06-28 13552]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 c:\windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" [BU]

c:\users\Candy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\[u]0[/u]autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5D83ED46-BF92-4ADE-90D9-14A611BC20AF}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{ECE27444-0192-4753-98BB-4EAC6FC2AEE5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{D16438EC-3996-410A-B96B-A523029AC05A}c:\\users\\candy\\appdata\\local\\abacast\\abaclient.exe"= UDP:c:\users\candy\appdata\local\abacast\abaclient.exe:abaclient.exe
"UDP Query User{D85FD4A4-D623-4FBF-B18A-66D29A00D769}c:\\users\\candy\\appdata\\local\\abacast\\abaclient.exe"= TCP:c:\users\candy\appdata\local\abacast\abaclient.exe:abaclient.exe
"{36F1BAA9-24D6-46C4-A404-3F55F44300DA}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4D9AA069-6470-4D0A-BC8A-76787682EF18}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{09D098AD-AE81-410C-AF68-4414D475F575}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{07A3DF63-DA9E-46F6-9295-8DD65A2D9913}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{070CB150-CE11-480A-8735-73C122E3B0BF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E6136608-F270-48B3-8EE2-D6D4AA337BE4}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{86D2480D-047C-4F2F-BFF4-AEC31D6D0938}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"TCP Query User{C706A19A-4AFD-4669-9999-BDEF544ADFCC}c:\\users\\candy\\appdata\\local\\abacastdistributedondemand\\node\\11\\abacastdistributedondemand.exe"= UDP:c:\users\candy\appdata\local\abacastdistributedondemand\node\11\abacastdistributedondemand.exe:abacastdistributedondemand.exe
"UDP Query User{E63A663B-7854-4388-8D5F-414B4A32B176}c:\\users\\candy\\appdata\\local\\abacastdistributedondemand\\node\\11\\abacastdistributedondemand.exe"= TCP:c:\users\candy\appdata\local\abacastdistributedondemand\node\11\abacastdistributedondemand.exe:abacastdistributedondemand.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [2008-06-30 20384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R2 CSHelper;CopySafe Helper Service;c:\windows\System32\CSHelper.exe [2009-02-19 266240]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [2008-05-05 7168]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 73728]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-06-30 954368]
S3 Radialpoint Security Services;AT&T Internet Security Suite;c:\windows\System32\dllhost.exe [2006-11-02 7168]
S3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDRV.SYS [2008-05-16 9216]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{259aa992-7235-11dd-96c1-001e3348fb97}]
\shell\AutoRun\command - G:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-15 c:\windows\Tasks\User_Feed_Synchronization-{24D0EE55-8F0C-4EDA-B2FC-05391B9D44FE}.job
- c:\windows\system32\msfeedssync.exe [2008-01-20 22:24]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 12:37:06
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-15 12:40:27
ComboFix-quarantined-files.txt 2009-03-15 16:40:22

Pre-Run: 143,316,262,912 bytes free
Post-Run: 143,366,553,600 bytes free

155 --- E O F --- 2009-03-15 16:20:30

---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:10 PM, on 3/15/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\RPS.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\AT&T\Internet Security Wizard\ISWComHandler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [AT&T Internet Security Suite] "C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Candy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Candy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://games.bellsouth.net/Gh/FeedingFrenzy/SproutLauncher.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v53/wwspades/wwspades.cab
O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - http://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

--
End of file - 9455 bytes

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

1 recommendation

TheJoker

MVM

said by NewsChick:

I was unable to find the RUN command line when I click Start. Is this not available with Vista ?
This page will explain how to find it via the Viata default configuration, and also how to enable the Run command to show as it did in XP:
»computerperformance.co.u ··· mand.htm
I think that cleanmgr is the one you had difficulty with, and there will be instructions to run that at the end of this post.

Please disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
After the below instructions are complete it is very important that you enable Real-time Protection again.

Please disable PestPatrol, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable PestPatrol:

Go to the PestPatrol icon on your System tray, and double-click on PPControl and select the component you wish to stop, and choose "Stop", to re-activate, choose "Start".

Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - »www.worldwinner.com/games/shared···unch.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - »www.worldwinner.com/games/v53/ww···ades.cab


Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

Your Adobe Reader software is outdated. I would uninstall it, go to adobe.com and download the latest version (which includes security fixes), and install the new version.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
- Download the latest version of Java Runtime Environment (JRE) 6.
- Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 12".
- Click the "Download" button to the right.
- In the Window that opens, select Windows, and check the "agree" box and click "Continue".
- Click on the link to download Windows Offline Installation and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Examples of older versions in Add or Remove Programs:
-- Java 2 Runtime Environment, SE v1.4.2
-- J2SE Runtime Environment 5.0
-- J2SE Runtime Environment 5.0 Update 2
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-6u12-windows-i586-p.exe that you downloaded to install the newest version.

You are running CA Pest Patrol, which somewhat duplicates the protection in Windows Defender. IF you stop running Pest Patrol, you might find that your system is a bit more responsive.

Go to start > run and copy and paste next command in the field:
ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Create a Restore Point
•Go to Start > Programs > Accessories > System Tools > System Restore
•Click on "open System Protection".
•On the System Protection tab in System Properties click on Create.
•Give the restore point an appropriate name and click Create.
•When the "The restore point was created successfully" window appears, click OK.

Run Disk Cleanup
•Go to Start > Run and type the below line:
cleanmgr
•Click OK
•If you have more than one drive, select the drive Windows is installed on
•Click OK
•When Disk Cleanup opens, select the More Options tab
•In the System Restore section (bottom of window), click Cleanup
•In the confirmation window that opens, click Yes[

Now click on the Disk Cleanup tab and select the following items:
•Downloaded Program Files
•Temporary Internet Files
•Recycle Bin
•Temporary Files
Click OK
in the confirmation window, select Yes (Disk Cleanup will close).

Does your problem continue?
NewsChick
join:2009-03-07
Rome, GA

1 edit

NewsChick

Member

I am currently printing the latest instructions ... but I have a couple of questions.

(1) What is PestControl ? Is that part of my AT&T stuff ? Sorry I have just never heard of it. I don't see it on my system tray, nor do I see it listed in programs.

(2) I actually have Adobe CS3, so do I even need that Adobe Reader ? Can I just uninstall it ?

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

TheJoker

MVM

PestPatrol could have been installed with your AT&T supplied software, but it likely has it's own entry in Add or Remove Programs.

You do need Adobe Acrobat Reader, it's what you read Adobe Acrobat format (pdf) files with, and there are vulnerabilities in the older versions that can lead to an infection. It will also have an entry in Add or Remove Programs.

This will show what your system recognizes as being installed. Please run HijackThis, click on "Open the Misc Tools section", and then on "Open Uninstall Manager". Click the "Save list" button, save the file uninstall_list.txt to your Desktop, and post the contents here for review.
NewsChick
join:2009-03-07
Rome, GA

NewsChick

Member

said by TheJoker:

PestPatrol could have been installed with your AT&T supplied software, but it likely has it's own entry in Add or Remove Programs.

You do need Adobe Acrobat Reader, it's what you read Adobe Acrobat format (pdf) files with, and there are vulnerabilities in the older versions that can lead to an infection. It will also have an entry in Add or Remove Programs.

This will show what your system recognizes as being installed. Please run HijackThis, click on "Open the Misc Tools section", and then on "Open Uninstall Manager". Click the "Save list" button, save the file uninstall_list.txt to your Desktop, and post the contents here for review.
I am hoping my posting of this log has something to do with how to disable PestPatrol ?

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
3DVIA player 4.1
Abacast Distributed On-Demand
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Adobe Shockwave Player
ArtistScope Plugin IE 42
AT&T Internet Security Suite
AT&T Internet Security Wizard 1.5.11
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
Authentium AntiVirus SDK - 2
Bodog Casino
Bodog Poker Version 2.16.3.49
Camera Assistant Software for Toshiba
Catalyst Control Center - Branding
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
HijackThis 2.0.2
Java(TM) 6 Update 6
Malwarebytes' Anti-Malware
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
PerfectDisk
Picasa 2
PictureMover
PPSDKRedistributables
Radialpoint Security Services
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RPS Ad Blocker
RPS AntiFraud
RPS AntiSpyware
RPS AntiVirus
RPS App Detector
RPS AsRealtime
RPS Backup
RPS Burn
RPS Diagnostic Utility
RPS Firewall
RPS ParentalControl
RPS Performance Tool
RPS PopupBlocker
RPS Privacy Manager
RPS RpsCore
RPS Security Cleanup
RPS Zip
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Microsoft Office Word 2007 (KB956358)
Synaptics Pointing Device Driver
TOSHIBA Application Disc Creator
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Face Recognition
TOSHIBA Games
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Yahoo! Messenger
NewsChick

1 edit

NewsChick to TheJoker

Member

to TheJoker
Sorry, double post.

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

TheJoker

MVM

I'm not sure which program actually installed your PestPatrol.

You should never have more than one antivirus or one software firewall installed as they can conflict with each other, and you actually end up with less protection, not more. You appear to have 3 of each installed; AT&T Internet Security Suite, an antivirus and firewall from RPS (developed for Verizon), and Radialpoint Security Services, which also includes an antivirus and firewall. I was not able to identify what software the AT&T software was using, and that's not a good sign. I would actually uninstall all that security software and start over. There are free version of software that will provide you with better protection than nearly all the 3rd party protection software available.

For the ATT&T software I see:
AT&T Internet Security Suite
AT&T Internet Security Wizard 1.5.11


For the RPS software, I see:
RPS Ad Blocker
RPS AntiFraud
RPS AntiSpyware
RPS AntiVirus
RPS App Detector
RPS AsRealtime
RPS Backup
RPS Burn
RPS Diagnostic Utility
RPS Firewall
RPS ParentalControl
RPS Performance Tool
RPS PopupBlocker
RPS Privacy Manager
RPS RpsCore
RPS Security Cleanup
RPS Zip


And then there is Radialpoint Security Services which is another antivirus and firewall.

One of the versy best antivirus programs available is Avira AntiVir, and they have a free version, Avira AntiVir PersonalEdition Classic available at »www.free-av.com, and there is an excellent tutorial available on it's installation and use here:
»www.techsupportforum.com ··· /64.html.

For a firewall, two free firewalls are Sunbelt Personal Firewall available from »www.sunbeltsoftware.com/ ··· Firewall, and Zone Alarm available from »www.zonealarm.com/securi ··· wall.htm. There is a tutorial on understanding firewalls at »www.bleepingcomputer.com ··· l60.html and and a tutorial from Markus Jansson on setting up ZoneAlarm at »www.markusjansson.net/eza.html. If you install ZoneAlarm (an excellent firewall), I recommend NOT installing the new optional feature Spy Blocker, as it's run by the questionable search engine Ask.com. You can read more about Ask.com here. With the tutorial, ZoneAlarm may be the easier to install and configure.

For an overall antimalware utility, you already have Malwarebytes' Anti-Malware installed.

One of the Verizon RPS utilities was a Zip utility, I would simply install WinZip instead, available at winzip.com.

That will provide you much better protection than you currently have. In short, I recommend uninstalling all of the following security related software:

AT&T Internet Security Suite
AT&T Internet Security Wizard 1.5.11
Radialpoint Security Services
RPS Ad Blocker
RPS AntiFraud
RPS AntiSpyware
RPS AntiVirus
RPS App Detector
RPS AsRealtime
RPS Backup
RPS Burn
RPS Diagnostic Utility
RPS Firewall
RPS ParentalControl
RPS Performance Tool
RPS PopupBlocker
RPS Privacy Manager
RPS RpsCore
RPS Security Cleanup
RPS Zip


You should download your antivirus program and firewall before uninstalling the above software. Once it's downloaded, I would uninstall all the software I mentioned, and then install the new antivirus and firewall.

If there is any of the other RPS utilities that you use, I can probably provide you with a free software recommendation as a replacement.

Another anti-spyware scanner that would be good to add would be Spybot Search & Destroy, available from »www.safer-networking.org ··· dex.html. I would not necessarily run it's TeaTimer utility, but it's an excellent anti-spyware scanner.

I would also recommend installing SpywareBlaster for the additional protection it can afford through system setting changes (it's not a program that runs real-time). It supports both Internet Explorer and FireFox (a safer browser than IE).

Remember that you still also need to uninstall old versions of Adobe Reader and Java, and install the current version as previously mentioned.

Also, I see you have Coupon Printer for Windows installed. If you use this and like it's functionality, that's fine, but you should be aware that it would be considered adware.
NewsChick
join:2009-03-07
Rome, GA

1 edit

NewsChick

Member

I will probably uninstall the coupon printer. I think some of the malware things may have been from that. I guess I never thought to go back and delete the actual program.

I am a bit overwhelmed at what to do on all the AV stuff. Not to mention I still am confused about the PestPatrol, RPS, and Radialpoint. I have always just had AVG. My husband was NOT happy with something I "found online" and wanted real virus protection (I gave up trying to explain it). He had the AT&T stuff added. Are you firmly against it ?

RPS stuff ? I don't know if I need or use it ... this is the first I have heard of it. I am very confused.

Do any of those things you posted mention the PestPatrol.

I know you said to turn it "off" before the Adobe & Java stuff, but I don't know how.

I am going to have to print these things off and carefully read them and decide what to do ... a lot of info.

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

TheJoker

MVM

IF it's not showing up in the System Tray, there's probably no way to turn it off short of turning off the Windows service for it.
quote:
RPS stuff ? I don't know if I need or use it ... this is the first I have heard of it.

While you may not use it, it's still a second installed antivirus and firewall, which can cause problems, The RadialPoint software is the third. Rather than installing more than one software program for the same thing, which causes conflicts, what you need to do instead is use one of the best antivirus programs available.

The Avira AntiVirus consistently has the best antivirus detection of any tested antivirus.

Those recommendations will give you much better protection than you currently have.
NewsChick
join:2009-03-07
Rome, GA

1 edit

NewsChick

Member

said by TheJoker:

IF it's not showing up in the System Tray, there's probably no way to turn it off short of turning off the Windows service for it.

Turn off the Windows service for it ? I feel so dumb. How would I do this ? And, you are saying it is not part of the 3 AVs I have ?
said by TheJoker:

While you may not use it, it's still a second installed antivirus and firewall, which can cause problems, The RadialPoint software is the third.
I am so confused. I am in the control panel, actually pondering getting rid of AT&T (I know I need to download the Avira first). But in my list of programs to add/delete I would know how to delete them all anyway.There is no RPS or RadialPoint Software showing. Wouldn't RPS stand for RadialPoint Software ?

I wonder if they are all a part of AT&T. Here are some of the things I see in the add/remove section:

ArtistScope Plug In IE 42 (have no idea what this is)

At & T Internet Security Suite

At & T Internet Secruity Wizard 1.5.11

ATI Catalyst Install Manager (This looks like a large program, and I have no idea what it is)

Catalyst Control Center Branding (NO IDEA)

Picasa2 (something from google that I have never seen)

I am sorry to question this. I am just very confused. If it was a certain program just showing up on my delete option it might make a bit more sense to me. I don't think it was there when I downloaded the AT&T stuff. AT&T required me to disable AVG (got an actual warnin) prior to installation. It said you have another AV running. So, I would "assume" if there were 2 more, it would have wanted them disabled as well. I am still inclined to think they are all part of AT&T. However, if it is 3 different AVs from one program, seems like a bit of overload. Still trying to process all of this in my little brain.

The firewall thing is also a bit confusing, as I was thinking "WINDOWS" has a firewall as well, so do I have 2 firewalls ?

When I go to my AT&T Security Suite, there are 3 categories to turn on/off: Antivirus/AntiSpyware/Firewall. So, basically this is NOT complete protection ?

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

1 recommendation

TheJoker

MVM

quote:
There is no RPS or RadialPoint Software showing. Wouldn't RPS stand for RadialPoint Software ?

I hadn't conssidered that, that's certianly possible.
quote:
Turn off the Windows service for it ? I feel so dumb. How would I do this ? And, you are saying it is not part of the 3 AVs I have ?
It may have been installed by one of them, but there's no way to tell which it was.
quote:
I am so confused. I am in the control panel, actually pondering getting rid of AT&T (I know I need to download the Avira first). But in my list of programs to add/delete I would know how to delete them all anyway.There is no RPS or RadialPoint Software showing.
The list of programs to uninstall that you see in Add or Remove Programs should be the same list that was in the file uninstall_list.txt that you posted.

When you go into Add or Remove Programs, do you see any of the items from your uninstall_list I previously quoted?
quote:
Radialpoint Security Services
RPS Ad Blocker
RPS AntiFraud
RPS AntiSpyware
RPS AntiVirus
RPS App Detector
RPS AsRealtime
RPS Backup
RPS Burn
RPS Diagnostic Utility
RPS Firewall
RPS ParentalControl
RPS Performance Tool
RPS PopupBlocker
RPS Privacy Manager
RPS RpsCore
RPS Security Cleanup
RPS Zip
quote:
Here are some of the things I see in the add/remove section:

ArtistScope Plug In IE 42 (have no idea what this is)
Copysafe is to protect web pages and images.
»www.artistscope.com/copy ··· _web.asp
quote:
ATI Catalyst Install Manager (This looks like a large program, and I have no idea what it is)
Catalyst Control Center Branding (NO IDEA)
These are for your ATI video card or integrated video and are required to be there.
quote:
Picasa2 (something from google that I have never seen)
That's a graphics program.
quote:
AT&T required me to disable AVG (got an actual warnin) prior to installation.
When you did that you uninstalled one of the better antivirus program available (although Avira is better). All you needed to do at that point was install a good firewall, and an anti-spyware program.
quote:
The firewall thing is also a bit confusing, as I was thinking "WINDOWS" has a firewall as well, so do I have 2 firewalls ?
The XP firewall isn't sufficient protection, it only checks incoming data. Any of the current good firewall will turn off the Windows firewall when they are installed.
quote:
When I go to my AT&T Security Suite, there are 3 categories to turn on/off: Antivirus/AntiSpyware/Firewall. So, basically this is NOT complete protection ?
It's the categories of protection you need, but not the best available protection. That may be what installed PestPatrol, and that's not a program that I would even recommend running due to it's history of false positives (recommending removal of items that are not a threat).
NewsChick
join:2009-03-07
Rome, GA

2 edits

NewsChick

Member

I do not see any of those RPS items in my add/remove programs. That is why I am so confused.

All I can try to do is download the Avira, and the uninstall the AT&T packages and see if that removes the RPS stuff ??

I have done as you instructed for the coupon printer,Java, Adobe Reader and am currently fixing to uninstall the Combofix, create the resotre point then do the disk cleanup.

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

TheJoker

MVM

You could do the cleanup first, it doesn't really matter the order. But it's also important to chose a firewall to use also. I think the ZoneAlarm may be the easiest to use, particularly if you read the tutorial on it that I gave a link to (http://www.markusjansson.net/eza.html).

Please run Notepad and paste the following text into a new file:

regedit /e UninstallLM.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
notepad UninstallLM.txt
 

Save the file to the Desktop as log.bat, and make sure the "Save as type" field says "All files". Then double-click on the log.bat file on the desktop. This will create a text file called UninstallLM.txt on the desktop.
NewsChick
join:2009-03-07
Rome, GA

NewsChick

Member

I have downloaded the Avira program and am scanning the system now. I have downloaded Zone Alarm (without the extra program). I have uninstalled all the AT&T stuff.

I have uninstalled ComboFix.

I was fixing to go get the link to the SpywareBlaster, and then ask you about the HOSTS program we used on the other laptop.

I have not done the restor point or disk cleanup yet. When should I follow the log.bat instructions ?

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

TheJoker

MVM

said by NewsChick:

I was fixing to go get the link to the SpywareBlaster, and then ask you about the HOSTS program we used on the other laptop.
That was HostsXpert. That replaced a damaged, modified, or missing HOSTS file with an original copy. There's no indication that there is a problem with your HOSTS file. If you wanted though, you could replace it with MVPS HOSTS file which will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. MVPS HOSTS File is available at »www.mvps.org/winhelp2002 ··· osts.htm.
quote:
I have not done the restor point or disk cleanup yet. When should I follow the log.bat instructions ?

You can do that at any point now.
NewsChick
join:2009-03-07
Rome, GA

NewsChick

Member

Since there is no notification of HOSTS issues, I will skip that.

I "think" I have done all of the steps, but my head is spining

I am pasting a copy of the uninstall list from HJT (so you can see if I have cleaned out all the stuff we discussed), and an HJT log. Do you need to view anything else ?

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
3DVIA player 4.1
Abacast Distributed On-Demand
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Adobe Shockwave Player
ArtistScope Plugin IE 42
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
Avira AntiVir Personal - Free Antivirus
Bodog Casino
Bodog Poker Version 2.16.3.49
Camera Assistant Software for Toshiba
Catalyst Control Center - Branding
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
HijackThis 2.0.2
Java(TM) 6 Update 12
Malwarebytes' Anti-Malware
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Picasa 2
PictureMover
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Microsoft Office Word 2007 (KB956358)
SpywareBlaster 4.1
Synaptics Pointing Device Driver
TOSHIBA Application Disc Creator
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Face Recognition
TOSHIBA Games
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
VC 9.0 Runtime
Yahoo! Messenger
ZoneAlarm

**********************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:13 AM, on 3/17/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Candy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Candy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - http://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 7359 bytes
NewsChick

NewsChick to TheJoker

Member

to TheJoker
said by TheJoker:

Please run Notepad and paste the following text into a new file:

regedit /e UninstallLM.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
notepad UninstallLM.txt
 

Save the file to the Desktop as log.bat, and make sure the "Save as type" field says "All files". Then double-click on the log.bat file on the desktop. This will create a text file called UninstallLM.txt on the desktop.

I have saved this to my desktop. Are there additional instructions ?

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

TheJoker

MVM

Sorry, just post the contents in a reply.
NewsChick
join:2009-03-07
Rome, GA

1 edit

NewsChick

Member

There are no contents showing. When it creates the uninstall file, it opens & saves a blank document.

Did you see the prior post where I pasted 2 logs ?

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

TheJoker

MVM

quote:
There are no contents showing. When it creates the uninstall file, it opens & saves a blank document.
I see what the problem is. The board is adding extra characters if you simply copy the text in the code window, but if you first click "view plain" in the top right of the box, it works properly. However, I didn't see your previous post, and now that I see that those other entries that you didn't see in your Add or Remove Programs are no longer showing up in your uninstall_list.txt, I don't see the need to export that registry key.

That looks much better, and you now have a better protected system. Did you run a full system scan after installing Avira? If not, I would recommend it.

I see that you don't have FireFox installed. That's a more secure browser than Internet Explorer, particularly if you include the add-on NoScript, and only enable scripting on sites that you trust. You will, however, still need to use IE to use Windows Update.

I think you are all set, that was a great job.
NewsChick
join:2009-03-07
Rome, GA

NewsChick

Member

I did the scan with Avira. It said there were 4 "warnings". I have no idea "what" they were and if they are still there:

Avira AntiVir Personal
Report file date: Tuesday, March 17, 2009 12:00

Scanning for 1304912 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: SYSTEM
Computer name: CANDY-PC

Version information:
BUILD.DAT : 8.2.0.347 16934 Bytes 3/16/2009 14:45:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 13:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 12:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 17:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 12:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 16:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 13:03:20
ANTIVIR2.VDF : 7.1.2.152 749568 Bytes 3/11/2009 13:03:26
ANTIVIR3.VDF : 7.1.2.181 182784 Bytes 3/17/2009 13:03:28
Engineversion : 8.2.0.116
AEVDF.DLL : 8.1.1.0 106868 Bytes 3/17/2009 13:03:53
AESCRIPT.DLL : 8.1.1.63 364923 Bytes 3/17/2009 13:03:51
AESCN.DLL : 8.1.1.8 127346 Bytes 3/17/2009 13:03:48
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 18:58:38
AEPACK.DLL : 8.1.3.10 397686 Bytes 3/17/2009 13:03:46
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 3/17/2009 13:03:43
AEHEUR.DLL : 8.1.0.104 1634679 Bytes 3/17/2009 13:03:41
AEHELP.DLL : 8.1.2.2 119158 Bytes 3/17/2009 13:03:35
AEGEN.DLL : 8.1.1.29 336245 Bytes 3/17/2009 13:03:32
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 15:05:56
AECORE.DLL : 8.1.6.6 176501 Bytes 3/17/2009 13:03:30
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 15:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 13:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 14:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 17:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 16:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 13:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 17:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 22:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 17:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 17:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 18:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 18:34:37

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\alldiscs.avp
Logging..........................: low
Primary action...................: repair
Secondary action.................: quarantine
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Tuesday, March 17, 2009 12:00

Starting search for hidden objects.
'110373' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ieuser.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '1' Module(s) have been scanned
Scan process 'CFSwMgr.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'NDSTray.exe' - '1' Module(s) have been scanned
Scan process 'TCrdMain.exe' - '1' Module(s) have been scanned
Scan process 'SmoothView.exe' - '1' Module(s) have been scanned
Scan process 'TPwrMain.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'SmartFaceVWatchSrv.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'TosIPCSrv.exe' - '1' Module(s) have been scanned
Scan process 'TosCoSrv.exe' - '1' Module(s) have been scanned
Scan process 'TODDSrv.exe' - '1' Module(s) have been scanned
Scan process 'TNaviSrv.exe' - '1' Module(s) have been scanned
Scan process 'swupdtmr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'pinger.exe' - '1' Module(s) have been scanned
Scan process 'CSHelper.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'wlanext.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
66 processes with 66 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
[INFO] Please restart the search with Administrator rights

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '46' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Users\Candy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FWI6S3Y3\zaSetup_80_065_000_en[1].exe
[0] Archive type: ZIP SFX (self extracting)
--> WINDOWS6.0-KB929547-V2-X64.MSU
[1] Archive type: CAB (Microsoft)
--> Windows6.0-KB929547-v2-x64.cab
[WARNING] No further files can be extracted from this archive. The archive will be closed

End of the scan: Tuesday, March 17, 2009 12:35
Used time: 35:18 Minute(s)

The scan has been canceled!

12084 Scanning directories
260192 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
260190 Files not concerned
2143 Archives were scanned
4 Warnings
0 Notes
110373 Objects were scanned with rootkit scan
0 Hidden objects were found

Thanks for the compliments. My brain was swimming. I am not thrilled with Firefox. I don't like the way it displays things, etc. I am gonna pass on that suggestion for now. I hope the firewall is working correctly as well.

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

1 recommendation

TheJoker

MVM

Those were simply warnings that a file could not be opened for scanning internally, and the others were files in use that Windows uses as part of it's operating system. There were no infected or suspicious file found, which is excellent.
NewsChick
join:2009-03-07
Rome, GA

NewsChick

Member

Thanks for EVERYTHING !!

Maybe I won't have to come back ...

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

TheJoker

MVM

I'm glad I could be of assistance.