Author Topic: Complicated problem with XP Antispyware 2012 trojan (Read 1139 times)

Biwa · « **on:** June 22, 2011, 04:00:22 AM »

I tried to fix a problem with a trojan on my husband's computer on my own, hoping that he could soon continue to work on a translation job we were doing, but I think I made a mess of it. I hope you can help me, Corrine, or some other kind soul here can. You have helped me before, but I think I was using another name. I had to re-register. (formerly Pcbaaya)

As I mentioned half-way down, I think I have probably gotten rid of the infection because the frequent pop-ups from the Trojan have stopped being displayed, but now I can't click on programs and have them open normally. Even using the "Run" box, I am told to specify some program in which to open "regedit" or "msconfig," in, and I still can't change the boot order. I can't open my FireFox browser without telling the computer every time to "open it in FireFox!" At this rate, his computer is unusable.

I am writing this on my own computer, which is a Dell Inspiron running Win7, the simplest edition, and MSE, but my husband's PC, which has the problem, is as follows:

Dell Dimension 8200
WinXP Home edition
Zone alarm
MSE (I think--hard to tell at this point)

This is the gist of the story, which I posted on the GardenWeb computer help forum. You can read the original whole thing here: http://ths.gardenweb.com/forums/load/comphelp/msg0621010215320.html?2

Yesterday, my husband's computer began displaying frequent messages from "XP Antivirus 2012." It wouldn't let us view any Internet sites or open application software. Things were so bad that we decided to wipe the HD clean and reinstall WinXP, for which we have the installation disk that came with the computer. I managed to transfer the most important documents and pictures to CDs.

But then it was impossible to change the boot order so as to boot from the CD-ROM. I could "select" with the arrow keys, but Enter did nothing, so I was unable to wipe the HD. I remember that last year when I bought my new Inspiron and gave my old Dell (which is in trouble now) to hubby, I had learned somewhere that there is a key combination that can be used to wipe a hard disk with some versions of Win XP, and in fact, that did work for his computer, very easily. However, I could not find my notes about that, if I did make any, and I couldn't find it online again, although I think it must have been at Microsoft.com.

Through Microsoft.com, I found a site that suggested ways to get rid of the trojan (http://deletemalware.blogspot.com/2011/06/remove-xp-antispyware-2012-xp-internet.html), so I did the reg.fix it suggested (though I had to print out all the commands from my computer and then enter them on his PC by hand and I was unable to save a backup copy of the register), and then I was able to reinstall and run Superantispyware, having renamed it as suggested, and the trojan appears to have been deleted. The setup files for it fortunately happened to be already on his computer; I could not reach any Websites to download anti-malware programs until I had run SuperAntiSpyware. And now, I have been able to download Malwarebytes Antimalware, but when I click to install it, I am told to choose a program to run it in--before it is even installed!

Ravencajun at GardenWeb suggested that I ask here about this problem. I will be very grateful and happy, whether the result is being able to wipe the HD clean and reinstall or somehow get back the ability to make programs (and "Run") open normally.

Jan

Biwa · « **Reply #1 on:** June 22, 2011, 05:12:26 AM »

For what it's worth, I think I should tell you that I have found that when I try to open several items (Add/Remove, and some others) in the Control Panel, I get the message "C:\WINDOWS\System32\rundll32.exe Application not found."
Jan

GR@PH;<'S · « **Reply #2 on:** June 22, 2011, 12:59:51 PM »

Biwa,
Please can you follow the Log Posting Instructions then post the log files here.

GR@PH;<'S

Corrine · « **Reply #3 on:** June 22, 2011, 02:29:56 PM »

Hi, Biwa.

Although the blog you sought help from has been around since 2010, it does concern me that you would follow registry edit instructions from an obscure blog. With what has already been done, I do not know if we will be successful, but we'll try.

1) Please download the following two files. It will likely be easier to download the files with your computer and then transfer them to your husband's computer via CD/DVD, external drive, or USB flash drive.

FixNCR.reg
Bleeping Computer Downloads: RKill

2) Insert the removable device into the infected computer and open the folder the drive letter associated with it. Double-click the FixNCR.reg file to fix the Registry on your infected computer.

3) Copy the downloaded RKill file to the desktop of the infected computer.

Double-click rkill to run.
A command window will open then disappear upon completion, this is normal.
Please leave rkill on the Desktop until otherwise advised.
Do NOT restart your computer after running rkill as the malware program(s) will start again.

Notes:

If you you receive security warnings about rkill, please ignore and allow the download to continue.

4) You should now be able to update MBAM.

Launch Malwarebytes' Anti-Malware then click the Update tab and "Check for Updates
Once the update has been installed and the program has loaded, select Quick scan
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
Click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

In addition to the MBAM log, please return to the "Log Posting Instructions" topic and provide the requested logs from that topic, noting that it may take more than one reply.

Thank you.

winchester73 · « **Reply #4 on:** June 22, 2011, 07:50:29 PM »

Did you happen to back up the registry before you made the edits?

Corrine · « **Reply #5 on:** June 22, 2011, 09:05:12 PM »

Apparently not, winchester73.

Quote

so I did the reg.fix it suggested (though I had to print out all the commands from my computer and then enter them on his PC by hand and I was unable to save a backup copy of the register)

Biwa · « **Reply #6 on:** June 23, 2011, 03:33:23 AM »

Thank you all, so much. Corrine's fix worked and my husband can now click on icons and have applications open the way they should. Even then, I did get a message from "XUL runner" saying (when I tried to open FireFox) "Couldn't read application ini." But after I deleted the program and downloaded it again from Mozilla and reinstalled it, if began working fine, like all the other programs.

So I guess that problem is solved. Now there is one new one. The Systray has that red shield with an X on it and claims that Automatic updates is turned off. Even though I went to the Control Panel> System > Automatic Updates and turned the automatic updates on, the Security section in the control panel continues to report Automatic Updates as turned off, while the System section claims they are turned on. This inconsistency persists, even though I have restarted the computer.

Here is the MBAM log:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6923

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/22/2011 7:32:30 PM
mbam-log-2011-06-22 (19-32-30).txt

Scan type: Quick scan
Objects scanned: 174016
Time elapsed: 7 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

And here are the other things that are in the Log Posting Instructions:

But I do not understand whether MBAM and SuperAntiSpyware are considered to be antivirus applications that must be uninstalled before the next step here, but I will assume that it's all right to leave them in. My husband's computer has MSE as its antivirus.

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Minoru at 20:22:18 on 2011-06-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.172 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~1\textware\quickf~1\plugins\IEHelp.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [DXDllRegExe] dxdllreg.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [<NO NAME>]
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: musicmatch.com\online
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{94942CD0-124C-4722-9329-AFF679F61E44} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - c:\windows\system32\textwareilluminatorbaseProtocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\minoru\application data\mozilla\firefox\profiles\n4ks25yu.hlbeqoh\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox
FF - component: c:\documents and settings\minoru\application data\mozilla\firefox\profiles\n4ks25yu.hlbeqoh\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKsl189c7bb5;MpKsl189c7bb5;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1073bf20-809b-44e0-9cff-41b5b920d4c6}\MpKsl189c7bb5.sys [2011-6-22 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-9-27 532224]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-5-26 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-5-26 493032]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-22 366640]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-26 50704]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-22 22712]
S1 MpKsl011c3b70;MpKsl011c3b70;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0ad00b92-5c49-41bf-a10b-8398e834ab5c}\mpksl011c3b70.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0ad00b92-5c49-41bf-a10b-8398e834ab5c}\MpKsl011c3b70.sys [?]
S1 MpKsl1cc0058a;MpKsl1cc0058a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{76c6a266-3760-4615-bb3a-eb3ae411cb6a}\mpksl1cc0058a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{76c6a266-3760-4615-bb3a-eb3ae411cb6a}\MpKsl1cc0058a.sys [?]
S1 MpKsl26554662;MpKsl26554662;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6015f208-4465-4ac3-8cd5-ca891809decf}\mpksl26554662.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6015f208-4465-4ac3-8cd5-ca891809decf}\MpKsl26554662.sys [?]
S1 MpKsl43d98934;MpKsl43d98934;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f06ea956-0c55-4ecd-9de1-c98468010f99}\mpksl43d98934.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f06ea956-0c55-4ecd-9de1-c98468010f99}\MpKsl43d98934.sys [?]
S1 MpKsl4487a25e;MpKsl4487a25e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6015f208-4465-4ac3-8cd5-ca891809decf}\mpksl4487a25e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6015f208-4465-4ac3-8cd5-ca891809decf}\MpKsl4487a25e.sys [?]
S1 MpKsl57e96f3d;MpKsl57e96f3d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{29bdad1b-6877-4a40-b663-e107445a3c05}\mpksl57e96f3d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{29bdad1b-6877-4a40-b663-e107445a3c05}\MpKsl57e96f3d.sys [?]
S1 MpKsl6588535d;MpKsl6588535d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{252d6ead-6ab3-4dfd-bf6b-bf7aa70b7d32}\mpksl6588535d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{252d6ead-6ab3-4dfd-bf6b-bf7aa70b7d32}\MpKsl6588535d.sys [?]
S1 MpKsl7736982a;MpKsl7736982a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2eca3bf6-27f3-4f11-8fbe-ede403c796a7}\mpksl7736982a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2eca3bf6-27f3-4f11-8fbe-ede403c796a7}\MpKsl7736982a.sys [?]
S1 MpKsl7ad2a8d5;MpKsl7ad2a8d5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4a48c95f-f7a0-430a-a971-19c9e080ffb8}\mpksl7ad2a8d5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4a48c95f-f7a0-430a-a971-19c9e080ffb8}\MpKsl7ad2a8d5.sys [?]
S1 MpKsl80b42e4a;MpKsl80b42e4a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8b66a68d-09a8-4c48-84d8-121ab903dc83}\mpksl80b42e4a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8b66a68d-09a8-4c48-84d8-121ab903dc83}\MpKsl80b42e4a.sys [?]
S1 MpKsl841b97b5;MpKsl841b97b5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7475d733-b2a7-46b7-945f-6d17898d45e1}\mpksl841b97b5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7475d733-b2a7-46b7-945f-6d17898d45e1}\MpKsl841b97b5.sys [?]
S1 MpKsl84f18fed;MpKsl84f18fed;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f1202147-ad2f-42de-bbfe-17dde3871110}\mpksl84f18fed.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f1202147-ad2f-42de-bbfe-17dde3871110}\MpKsl84f18fed.sys [?]
S1 MpKsl9a3dd37c;MpKsl9a3dd37c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8b25cc25-4ea9-42ed-98bc-9d1075e12a60}\mpksl9a3dd37c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8b25cc25-4ea9-42ed-98bc-9d1075e12a60}\MpKsl9a3dd37c.sys [?]
S1 MpKsl9dcbdb2a;MpKsl9dcbdb2a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc38391d-fd10-4cfc-adb4-c1387a9e0205}\mpksl9dcbdb2a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc38391d-fd10-4cfc-adb4-c1387a9e0205}\MpKsl9dcbdb2a.sys [?]
S1 MpKsl9f9f5dea;MpKsl9f9f5dea;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0f5038bf-c9d3-48c6-a6b8-48e8cab99f52}\mpksl9f9f5dea.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0f5038bf-c9d3-48c6-a6b8-48e8cab99f52}\MpKsl9f9f5dea.sys [?]
S1 MpKslb8ca715c;MpKslb8ca715c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c048d7fa-c07b-4b62-8951-34d4d58a330e}\mpkslb8ca715c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c048d7fa-c07b-4b62-8951-34d4d58a330e}\MpKslb8ca715c.sys [?]
S1 MpKslbd62f5d9;MpKslbd62f5d9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f06ea956-0c55-4ecd-9de1-c98468010f99}\mpkslbd62f5d9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f06ea956-0c55-4ecd-9de1-c98468010f99}\MpKslbd62f5d9.sys [?]
S1 MpKsle2a1dc4c;MpKsle2a1dc4c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{18e17006-58aa-436a-8c69-340cb6643643}\mpksle2a1dc4c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{18e17006-58aa-436a-8c69-340cb6643643}\MpKsle2a1dc4c.sys [?]
S1 MpKsle47a795d;MpKsle47a795d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d9a5581e-caee-4f04-bab3-84d37b568e0c}\mpksle47a795d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d9a5581e-caee-4f04-bab3-84d37b568e0c}\MpKsle47a795d.sys [?]
S1 MpKslf1d7f0f9;MpKslf1d7f0f9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f6fd37f-46f1-4980-9670-be91d16f407d}\mpkslf1d7f0f9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f6fd37f-46f1-4980-9670-be91d16f407d}\MpKslf1d7f0f9.sys [?]
S1 MpKslf376c4b3;MpKslf376c4b3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{192abc23-44bf-4d53-802c-de593e09b4b2}\mpkslf376c4b3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{192abc23-44bf-4d53-802c-de593e09b4b2}\MpKslf376c4b3.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-22 39984]
.
=============== Created Last 30 ================
.
2011-06-23 02:44:54   28752   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1073bf20-809b-44e0-9cff-41b5b920d4c6}\MpKsl189c7bb5.sys
2011-06-23 01:59:02   --------   d-----w-   c:\documents and settings\minoru\application data\Malwarebytes
2011-06-23 01:58:51   39984   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-23 01:58:50   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2011-06-23 01:58:46   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-06-23 01:58:46   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-06-21 23:32:50   --------   d-----w-   c:\documents and settings\minoru\application data\SUPERAntiSpyware.com
2011-06-21 23:32:36   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-06-20 08:44:34   6962000   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1073bf20-809b-44e0-9cff-41b5b920d4c6}\mpengine.dll
2011-06-17 12:48:21   105472   ------w-   c:\windows\system32\dllcache\mup.sys
2011-06-09 18:31:00   --------   d-----w-   c:\documents and settings\minoru\local settings\application data\Intuit
2011-06-09 18:29:31   --------   d-----w-   c:\program files\common files\AnswerWorks 5.0
2011-06-09 18:25:08   --------   d-----w-   c:\documents and settings\minoru\local settings\application data\IsolatedStorage
2011-06-09 18:17:53   --------   d-----w-   c:\program files\TurboTax
.
==================== Find3M ====================
.
2011-05-02 15:31:52   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-04-25 16:11:11   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22   385024   ----a-w-   c:\windows\system32\html.iec
2011-04-21 13:37:43   105472   ----a-w-   c:\windows\system32\drivers\mup.sys
2010-01-26 18:11:08   444283   ----a-w-   c:\program files\common files\WinPcapNmap.exe
.
============= FINISH: 20:23:31.70 ===============

I got a message saying not to post "Attach.text" unless told to do so. Do you want me to post it?

Results of screen317's Security Check version 0.99.15
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
ZoneAlarm
ZoneAlarm Toolbar
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player    10.2.159.1
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````

Again, thank you very much. Just in case, and to save time, I think I will try to zip "Attach.text" and post it in a new reply here, since I noticed that the Log Posting Instructions do say to post it.
Jan

Biwa · « **Reply #7 on:** June 23, 2011, 03:39:51 AM »

Hi again. I think I have succeeded in zipping Attach.txt, but I have never zipped anything before and don't know how to post it here, so I will copy and paste the whole thing. I hope that's all right.
Jan

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/26/2010 10:43:49 PM
System Uptime: 6/22/2011 7:44:22 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0FJ030
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 144 GiB total, 93.054 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP414: 3/24/2011 11:37:40 PM - Software Distribution Service 3.0
RP415: 3/25/2011 7:38:30 AM - Software Distribution Service 3.0
RP416: 3/26/2011 9:40:46 AM - System Checkpoint
RP417: 3/27/2011 7:56:21 AM - Software Distribution Service 3.0
RP418: 3/28/2011 1:49:44 AM - Software Distribution Service 3.0
RP419: 3/28/2011 6:07:50 PM - Software Distribution Service 3.0
RP420: 3/29/2011 7:15:53 PM - System Checkpoint
RP421: 3/30/2011 6:59:02 AM - Software Distribution Service 3.0
RP422: 3/31/2011 7:07:21 AM - System Checkpoint
RP423: 4/1/2011 8:07:41 AM - Software Distribution Service 3.0
RP424: 4/2/2011 8:33:08 AM - System Checkpoint
RP425: 4/2/2011 9:43:00 PM - Software Distribution Service 3.0
RP426: 4/3/2011 9:49:06 PM - System Checkpoint
RP427: 4/4/2011 2:03:39 AM - Software Distribution Service 3.0
RP428: 4/4/2011 6:07:16 PM - Software Distribution Service 3.0
RP429: 4/5/2011 6:40:57 PM - System Checkpoint
RP430: 4/6/2011 6:58:54 AM - Software Distribution Service 3.0
RP431: 4/7/2011 7:02:20 AM - System Checkpoint
RP432: 4/8/2011 6:33:14 AM - Software Distribution Service 3.0
RP433: 4/9/2011 7:01:38 AM - System Checkpoint
RP434: 4/10/2011 7:09:23 AM - Software Distribution Service 3.0
RP435: 4/11/2011 1:48:29 AM - Software Distribution Service 3.0
RP436: 4/11/2011 7:04:42 AM - Software Distribution Service 3.0
RP437: 4/12/2011 8:00:10 AM - System Checkpoint
RP438: 4/13/2011 6:11:54 AM - Software Distribution Service 3.0
RP439: 4/13/2011 8:31:48 AM - Software Distribution Service 3.0
RP440: 4/14/2011 6:16:17 AM - Software Distribution Service 3.0
RP441: 4/15/2011 6:20:42 AM - Software Distribution Service 3.0
RP442: 4/16/2011 6:41:03 AM - Software Distribution Service 3.0
RP443: 4/17/2011 7:12:02 AM - Software Distribution Service 3.0
RP444: 4/18/2011 2:03:57 AM - Software Distribution Service 3.0
RP445: 4/19/2011 6:44:05 AM - Software Distribution Service 3.0
RP446: 4/20/2011 7:10:03 AM - System Checkpoint
RP447: 4/21/2011 6:24:30 AM - Software Distribution Service 3.0
RP448: 4/22/2011 7:03:35 AM - Software Distribution Service 3.0
RP449: 4/23/2011 7:23:28 AM - Software Distribution Service 3.0
RP450: 4/24/2011 9:57:39 AM - System Checkpoint
RP451: 4/24/2011 6:32:04 PM - Software Distribution Service 3.0
RP452: 4/25/2011 2:14:16 AM - Software Distribution Service 3.0
RP453: 4/25/2011 10:05:20 PM - Software Distribution Service 3.0
RP454: 4/26/2011 11:09:15 PM - Software Distribution Service 3.0
RP455: 4/27/2011 6:40:07 AM - Software Distribution Service 3.0
RP456: 4/28/2011 6:51:07 AM - Software Distribution Service 3.0
RP457: 4/29/2011 7:03:10 AM - Software Distribution Service 3.0
RP458: 4/30/2011 7:09:39 PM - Software Distribution Service 3.0
RP459: 5/1/2011 10:21:13 PM - System Checkpoint
RP460: 5/2/2011 2:02:46 AM - Software Distribution Service 3.0
RP461: 5/3/2011 6:51:24 AM - Software Distribution Service 3.0
RP462: 5/4/2011 7:30:25 AM - System Checkpoint
RP463: 5/4/2011 12:53:38 PM - Software Distribution Service 3.0
RP464: 5/5/2011 1:27:26 PM - System Checkpoint
RP465: 5/6/2011 5:57:11 AM - Software Distribution Service 3.0
RP466: 5/7/2011 6:00:47 AM - Software Distribution Service 3.0
RP467: 5/8/2011 7:10:35 AM - Software Distribution Service 3.0
RP468: 5/9/2011 2:16:24 AM - Software Distribution Service 3.0
RP469: 5/10/2011 7:39:11 AM - Software Distribution Service 3.0
RP470: 5/11/2011 7:49:17 AM - System Checkpoint
RP471: 5/11/2011 10:25:01 PM - Software Distribution Service 3.0
RP472: 5/12/2011 6:46:03 AM - Software Distribution Service 3.0
RP473: 5/13/2011 7:07:32 AM - System Checkpoint
RP474: 5/14/2011 6:21:18 AM - Software Distribution Service 3.0
RP475: 5/15/2011 6:25:03 AM - Software Distribution Service 3.0
RP476: 5/16/2011 1:34:58 AM - Software Distribution Service 3.0
RP477: 5/16/2011 7:09:41 PM - Software Distribution Service 3.0
RP478: 5/17/2011 7:58:19 PM - System Checkpoint
RP479: 5/18/2011 5:55:16 AM - Software Distribution Service 3.0
RP480: 5/19/2011 6:06:50 AM - Software Distribution Service 3.0
RP481: 5/20/2011 6:24:36 AM - System Checkpoint
RP482: 5/21/2011 6:01:13 AM - Software Distribution Service 3.0
RP483: 5/22/2011 6:19:02 AM - Software Distribution Service 3.0
RP484: 5/23/2011 1:57:00 AM - Software Distribution Service 3.0
RP485: 5/23/2011 7:31:26 PM - Software Distribution Service 3.0
RP486: 5/24/2011 7:46:03 PM - System Checkpoint
RP487: 5/25/2011 5:36:41 AM - Software Distribution Service 3.0
RP488: 5/26/2011 5:55:27 AM - Software Distribution Service 3.0
RP489: 5/27/2011 6:40:24 AM - Software Distribution Service 3.0
RP490: 5/28/2011 7:32:35 AM - System Checkpoint
RP491: 5/29/2011 6:59:56 AM - Software Distribution Service 3.0
RP492: 5/30/2011 2:27:12 AM - Software Distribution Service 3.0
RP493: 5/31/2011 6:44:12 AM - System Checkpoint
RP494: 5/31/2011 11:57:23 AM - Software Distribution Service 3.0
RP495: 6/1/2011 12:39:30 PM - System Checkpoint
RP496: 6/2/2011 5:41:30 AM - Software Distribution Service 3.0
RP497: 6/3/2011 5:57:11 AM - Software Distribution Service 3.0
RP498: 6/4/2011 6:54:48 AM - Software Distribution Service 3.0
RP499: 6/5/2011 8:23:15 AM - System Checkpoint
RP500: 6/5/2011 8:58:35 PM - Software Distribution Service 3.0
RP501: 6/6/2011 1:58:39 AM - Software Distribution Service 3.0
RP502: 6/6/2011 8:52:34 PM - Software Distribution Service 3.0
RP503: 6/8/2011 5:20:59 AM - Software Distribution Service 3.0
RP504: 6/9/2011 5:38:32 AM - System Checkpoint
RP505: 6/9/2011 11:25:23 AM - Installed TurboTax 2009 wrapper
RP506: 6/9/2011 11:26:10 AM - Installed TurboTax 2009 WinPerReleaseEngine
RP507: 6/9/2011 11:27:58 AM - Installed TurboTax 2009 WinPerFedFormset
RP508: 6/9/2011 11:29:03 AM - Installed TurboTax 2009 WinPerTaxSupport
RP509: 6/9/2011 11:29:29 AM - Installed iSEEK AnswerWorks English Runtime
RP510: 6/10/2011 5:48:38 AM - Software Distribution Service 3.0
RP511: 6/11/2011 6:48:48 AM - Software Distribution Service 3.0
RP512: 6/12/2011 6:52:34 AM - System Checkpoint
RP513: 6/12/2011 7:26:03 PM - Software Distribution Service 3.0
RP514: 6/13/2011 2:25:42 AM - Software Distribution Service 3.0
RP515: 6/13/2011 7:20:34 PM - Software Distribution Service 3.0
RP516: 6/14/2011 7:36:16 PM - System Checkpoint
RP517: 6/15/2011 5:36:28 AM - Software Distribution Service 3.0
RP518: 6/16/2011 6:02:25 AM - Software Distribution Service 3.0
RP519: 6/17/2011 6:09:34 AM - System Checkpoint
RP520: 6/17/2011 11:06:21 PM - Software Distribution Service 3.0
RP521: 6/18/2011 6:40:28 AM - Software Distribution Service 3.0
RP522: 6/18/2011 11:27:05 PM - Software Distribution Service 3.0
RP523: 6/19/2011 7:00:12 AM - Software Distribution Service 3.0
RP524: 6/20/2011 1:44:27 AM - Software Distribution Service 3.0
RP525: 6/21/2011 1:50:03 AM - System Checkpoint
RP526: 6/22/2011 2:10:42 AM - System Checkpoint
.
==== Installed Programs ======================
.
5500
5500_Help
5500Tour
5500Trb
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Reader Japanese Fonts
AiO_Scan
AIOMinimal
AiOSoftware
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian Director
ATI Control Panel
ATI Display Driver
BibleWorks 7
Bonjour
C-Dilla Licence Management System
Cambridge Advanced Learner's Dictionary
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Copy
CreativeProjects
Dell CinePlayer
Dell Driver Reset Tool
Dell Support 3.1
Dell System Restore
Digital Content Portal
Digital Line Detect
Director
DocProc
EducateU
ELIcon
Fax
FLV Player 2.0 (build 25)
Free YouTube Downloader 3.0.48
Freecorder 4.02 Application
GemMaster Mystic
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Photo & Imaging 3.1
HP PSC & OfficeJet 3.0
HP Software Update
hpmdtab
HPSystemDiagnostics
InstantShare
Intel Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Intel(R) Quick Resume Technology Drivers
Intel® Viiv™
iSEEK AnswerWorks English Runtime
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Macromedia Shockwave Player
Malwarebytes' Anti-Malware version 1.51.0.1200
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Excel 2002
Microsoft IntelliType Pro 7.0
Microsoft Picture It! Photo 7.0
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Modem Helper
Mozilla Firefox 5.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
NetWaiting
OpenOffice.org 3.2
Otto
Overland
Oxford English Dictionary
PhotoGallery
PrintScreen
QFolder
Quicken 2006
QuickProjects
QuickTime
RadioSure
Readme
RealPlayer Basic
Replay AV 8
Replay Converter 4
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SkinsHP1
SkinsHP2
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
SUPERAntiSpyware
TrayApp
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC 9.0 Runtime
VDownloader 3.0.720
Viewpoint Media Player
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
Watchtower Library 2010 - ???
Watchtower Library 2010 - English
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinPcap 4.1.1
WordPerfect Office 12
Works Suite OS Pack
ZoneAlarm
ZoneAlarm Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/22/2011 7:45:06 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
6/22/2011 7:35:41 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
6/22/2011 5:48:06 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.2338.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
6/21/2011 5:43:15 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
6/21/2011 5:30:00 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
6/21/2011 3:13:32 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
6/21/2011 2:52:42 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
6/21/2011 2:51:34 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
6/21/2011 2:48:51 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
6/20/2011 7:24:55 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
6/20/2011 7:09:08 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.2338.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
6/20/2011 11:10:35 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
6/20/2011 11:00:31 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
6/19/2011 7:04:23 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
6/19/2011 6:50:00 AM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
6/18/2011 9:24:40 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error message: The referenced assembly is not installed on your system. .
6/18/2011 9:24:40 PM, error: SideBySide [59] - Generate Activation Context failed for C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\MOFL.DLL. Reference error message: The operation completed successfully. .
6/18/2011 9:24:40 PM, error: SideBySide [59] - Generate Activation Context failed for C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FPERSON.DLL. Reference error message: The operation completed successfully. .
6/18/2011 9:24:40 PM, error: SideBySide [59] - Generate Activation Context failed for C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FNAME.DLL. Reference error message: The operation completed successfully. .
6/18/2011 9:24:40 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
6/18/2011 6:30:17 AM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
6/17/2011 5:45:08 AM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
6/16/2011 9:09:37 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
6/16/2011 5:51:09 AM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
6/15/2011 5:25:26 AM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
6/15/2011 1:52:38 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
.
==== End Of File ===========================

Thanks again,
Jan

Corrine · « **Reply #8 on:** June 23, 2011, 02:48:18 PM »

Hi, Jan.

MBAM and SuperAntiSpyware are anti-malware programs. MSE is the antivirus software on your husband's computer. It is confusing, isn't it since the terms are often used interchangeably. In this next step, you will want to make sure all three as well as ZoneAlarm are closed.

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.

Now, please run ComboFix:

Note: If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
Double-click ComboFix.exe on your desktop and follow the prompts.
As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click "Yes" to continue scanning for malware.
When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.

Biwa · « **Reply #9 on:** June 23, 2011, 05:03:57 PM »

Thanks for setting me straight on the difference between malware protection and anti-virus. In checking out your link to an explanation of how to disable them all, I noticed "Windows Defender" and wondered if it is the same thing as "Windows Firewall," which my husband has been using. So far as I can tell, W. Defender is not installed on his machine.

Can you also tell me whether there is any possibility of the trojan's having infected my husband's USB flash drive or the CD backups I made of picture, audio, and doc. files at the time when I thought I would have to wipe his HD clean. If there is, I will just format the flash drive and throw away the CD.

Here is the log file from ComboFix:

ComboFix 11-06-22.05 - Minoru 06/23/2011 9:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.707 [GMT -7:00]
Running from: c:\documents and settings\Minoru\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))))))))))))))))))))))))))
.
.
2011-06-23 13:40 . 2011-06-23 13:40   28752   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1073BF20-809B-44E0-9CFF-41B5B920D4C6}\MpKsle5a26324.sys
2011-06-23 02:44 . 2011-06-23 02:44   28752   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1073BF20-809B-44E0-9CFF-41B5B920D4C6}\MpKsl189c7bb5.sys
2011-06-23 01:59 . 2011-06-23 01:59   --------   d-----w-   c:\documents and settings\Minoru\Application Data\Malwarebytes
2011-06-23 01:58 . 2011-05-29 16:11   39984   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-23 01:58 . 2011-06-23 01:58   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-23 01:58 . 2011-06-23 01:58   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-06-23 01:58 . 2011-05-29 16:11   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-06-21 23:32 . 2011-06-21 23:32   --------   d-----w-   c:\documents and settings\Minoru\Application Data\SUPERAntiSpyware.com
2011-06-21 23:32 . 2011-06-23 02:43   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-06-20 08:44 . 2011-05-09 20:46   6962000   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1073BF20-809B-44E0-9CFF-41B5B920D4C6}\mpengine.dll
2011-06-17 12:48 . 2011-04-21 13:37   105472   ------w-   c:\windows\system32\dllcache\mup.sys
2011-06-09 18:31 . 2011-06-09 18:31   --------   d-----w-   c:\documents and settings\Minoru\Local Settings\Application Data\Intuit
2011-06-09 18:29 . 2011-06-09 18:29   --------   d-----w-   c:\program files\Common Files\AnswerWorks 5.0
2011-06-09 18:25 . 2011-06-09 18:25   --------   d-----w-   c:\documents and settings\Minoru\Local Settings\Application Data\IsolatedStorage
2011-06-09 18:17 . 2011-06-09 18:17   --------   d-----w-   c:\program files\TurboTax
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-09 20:46 . 2010-09-28 16:11   6962000   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-02 15:31 . 2005-08-16 09:40   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2006-04-18 14:28   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2005-08-16 09:18   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2005-08-16 09:18   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2005-08-16 09:18   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2005-08-16 09:18   385024   ----a-w-   c:\windows\system32\html.iec
2011-04-21 13:37 . 2005-08-16 09:18   105472   ----a-w-   c:\windows\system32\drivers\mup.sys
2010-01-26 18:11 . 2010-11-07 02:22   444283   ----a-w-   c:\program files\Common Files\WinPcapNmap.exe
2011-06-16 04:17 . 2011-06-23 02:57   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2010-05-09 18:50   2517088   ----a-w-   c:\program files\ZoneAlarm\tbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-04-18 26112]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-27 212992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-10 28672]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-18 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 07:04   332800   ----a-w-   c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 08:12   94208   ----a-w-   c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2005-06-17 12:56   139264   ----a-w-   c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-09 00:20   8192   ----a-w-   c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-09-09 00:20   110592   ----a-w-   c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 18:17   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 MpKsl189c7bb5;MpKsl189c7bb5;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1073BF20-809B-44E0-9CFF-41B5B920D4C6}\MpKsl189c7bb5.sys [6/22/2011 7:44 PM 28752]
R1 MpKsle5a26324;MpKsle5a26324;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1073BF20-809B-44E0-9CFF-41B5B920D4C6}\MpKsle5a26324.sys [6/23/2011 6:40 AM 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [5/26/2010 6:35 AM 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [5/26/2010 6:35 AM 493032]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/22/2011 6:58 PM 366640]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/26/2010 7:09 PM 50704]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/22/2011 6:58 PM 22712]
S1 MpKsl011c3b70;MpKsl011c3b70;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0AD00B92-5C49-41BF-A10B-8398E834AB5C}\MpKsl011c3b70.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0AD00B92-5C49-41BF-A10B-8398E834AB5C}\MpKsl011c3b70.sys [?]
S1 MpKsl1cc0058a;MpKsl1cc0058a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{76C6A266-3760-4615-BB3A-EB3AE411CB6A}\MpKsl1cc0058a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{76C6A266-3760-4615-BB3A-EB3AE411CB6A}\MpKsl1cc0058a.sys [?]
S1 MpKsl26554662;MpKsl26554662;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6015F208-4465-4AC3-8CD5-CA891809DECF}\MpKsl26554662.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6015F208-4465-4AC3-8CD5-CA891809DECF}\MpKsl26554662.sys [?]
S1 MpKsl43d98934;MpKsl43d98934;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F06EA956-0C55-4ECD-9DE1-C98468010F99}\MpKsl43d98934.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F06EA956-0C55-4ECD-9DE1-C98468010F99}\MpKsl43d98934.sys [?]
S1 MpKsl4487a25e;MpKsl4487a25e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6015F208-4465-4AC3-8CD5-CA891809DECF}\MpKsl4487a25e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6015F208-4465-4AC3-8CD5-CA891809DECF}\MpKsl4487a25e.sys [?]
S1 MpKsl57e96f3d;MpKsl57e96f3d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{29BDAD1B-6877-4A40-B663-E107445A3C05}\MpKsl57e96f3d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{29BDAD1B-6877-4A40-B663-E107445A3C05}\MpKsl57e96f3d.sys [?]
S1 MpKsl6588535d;MpKsl6588535d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{252D6EAD-6AB3-4DFD-BF6B-BF7AA70B7D32}\MpKsl6588535d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{252D6EAD-6AB3-4DFD-BF6B-BF7AA70B7D32}\MpKsl6588535d.sys [?]
S1 MpKsl7736982a;MpKsl7736982a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2ECA3BF6-27F3-4F11-8FBE-EDE403C796A7}\MpKsl7736982a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2ECA3BF6-27F3-4F11-8FBE-EDE403C796A7}\MpKsl7736982a.sys [?]
S1 MpKsl7ad2a8d5;MpKsl7ad2a8d5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4A48C95F-F7A0-430A-A971-19C9E080FFB8}\MpKsl7ad2a8d5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4A48C95F-F7A0-430A-A971-19C9E080FFB8}\MpKsl7ad2a8d5.sys [?]
S1 MpKsl80b42e4a;MpKsl80b42e4a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8B66A68D-09A8-4C48-84D8-121AB903DC83}\MpKsl80b42e4a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8B66A68D-09A8-4C48-84D8-121AB903DC83}\MpKsl80b42e4a.sys [?]
S1 MpKsl841b97b5;MpKsl841b97b5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7475D733-B2A7-46B7-945F-6D17898D45E1}\MpKsl841b97b5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7475D733-B2A7-46B7-945F-6D17898D45E1}\MpKsl841b97b5.sys [?]
S1 MpKsl84f18fed;MpKsl84f18fed;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F1202147-AD2F-42DE-BBFE-17DDE3871110}\MpKsl84f18fed.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F1202147-AD2F-42DE-BBFE-17DDE3871110}\MpKsl84f18fed.sys [?]
S1 MpKsl9a3dd37c;MpKsl9a3dd37c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8B25CC25-4EA9-42ED-98BC-9D1075E12A60}\MpKsl9a3dd37c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8B25CC25-4EA9-42ED-98BC-9D1075E12A60}\MpKsl9a3dd37c.sys [?]
S1 MpKsl9dcbdb2a;MpKsl9dcbdb2a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC38391D-FD10-4CFC-ADB4-C1387A9E0205}\MpKsl9dcbdb2a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC38391D-FD10-4CFC-ADB4-C1387A9E0205}\MpKsl9dcbdb2a.sys [?]
S1 MpKsl9f9f5dea;MpKsl9f9f5dea;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F5038BF-C9D3-48C6-A6B8-48E8CAB99F52}\MpKsl9f9f5dea.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F5038BF-C9D3-48C6-A6B8-48E8CAB99F52}\MpKsl9f9f5dea.sys [?]
S1 MpKslb8ca715c;MpKslb8ca715c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C048D7FA-C07B-4B62-8951-34D4D58A330E}\MpKslb8ca715c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C048D7FA-C07B-4B62-8951-34D4D58A330E}\MpKslb8ca715c.sys [?]
S1 MpKslbd62f5d9;MpKslbd62f5d9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F06EA956-0C55-4ECD-9DE1-C98468010F99}\MpKslbd62f5d9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F06EA956-0C55-4ECD-9DE1-C98468010F99}\MpKslbd62f5d9.sys [?]
S1 MpKsle2a1dc4c;MpKsle2a1dc4c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{18E17006-58AA-436A-8C69-340CB6643643}\MpKsle2a1dc4c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{18E17006-58AA-436A-8C69-340CB6643643}\MpKsle2a1dc4c.sys [?]
S1 MpKsle47a795d;MpKsle47a795d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9A5581E-CAEE-4F04-BAB3-84D37B568E0C}\MpKsle47a795d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9A5581E-CAEE-4F04-BAB3-84D37B568E0C}\MpKsle47a795d.sys [?]
S1 MpKslf1d7f0f9;MpKslf1d7f0f9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F6FD37F-46F1-4980-9670-BE91D16F407D}\MpKslf1d7f0f9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F6FD37F-46F1-4980-9670-BE91D16F407D}\MpKslf1d7f0f9.sys [?]
S1 MpKslf376c4b3;MpKslf376c4b3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{192ABC23-44BF-4D53-802C-DE593E09B4B2}\MpKslf376c4b3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{192ABC23-44BF-4D53-802C-DE593E09B4B2}\MpKslf376c4b3.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/22/2011 6:58 PM 39984]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLE5A26324
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-27 c:\windows\Tasks\HP DArC Task 2003-06-26 13:16ewlett-Packard2003-06-26 13:16p officejet 5500 seriesA3652443A372B157BFD83129692C2C2475483DE7285621986.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-27 01:50]
.
2011-03-07 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2009-05-21 18:25]
.
2011-06-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\documents and settings\Minoru\Application Data\Mozilla\Firefox\Profiles\n4ks25yu.hlbeqoh\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-DXDllRegExe - dxdllreg.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-RadioSure - c:\documents and settings\Minoru\Desktop\RadioSure\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-23 09:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
- - - - - - - > 'lsass.exe'(760)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(2500)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-06-23 09:34:00
ComboFix-quarantined-files.txt 2011-06-23 16:33
.
Pre-Run: 100,404,436,992 bytes free
Post-Run: 101,212,827,648 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 425FEAA1852A18A326FB682178A5F484

Thank you so very much. Next time, I will come here first instead of risking making a malware problem worse.
Jan

Corrine · « **Reply #10 on:** June 23, 2011, 06:15:22 PM »

Hi, Jan.

Window Defender is Microsoft's anti-spyware program. Microsoft Security Essentials includes the anti-spyware engine of Windows Defender. Windows Firewall is a built-in software firewall. Your husband is using the Zone Alarm firewall, not the Windows Firewall.

Computer worms will infect flash drives, not trojans. Based on what was removed, I don't believe the Flash drive is infected. However, you can certainly scan the flash drive with Microsoft Security Essentials. All you need to do is right-click the Microsoft Security Essentials (MSE) icon in the system tray. Click the Settings tab and select "Advanced". Make sure the option to "Scan removable drives" is checked. Save the changes. Then insert the flash drive and launch MSE to scan the flash drive.

Now, let's take care of the outdated, vulnerable software:

Please go to Add/Remove programs and uninstall Java(TM) 6 Update 23. Please download JavaRa and unzip it to your desktop.

Double-click on JavaRa.exe to start the program. (Windows Vista users Right-click JavaRa.exe > Select Run as Administrator)
Click on Remove Older Versions to remove older versions of Java.
A logfile will pop up. Please save it to a convenient location.

Then download and install Java SE Runtime Environment 6u26.

Note: UNCHECK any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

Next, please update Adobe Flash Player. You need to update for both Internet Explorer and Firefox.

Direct download for IE: http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe
Direct Download for non-IE (Opera, Firefox etc): http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe

After install, verify Flash Player version for each browser installed at About Flash Player page.

Personally, I would not allow any programs in the Trusted Zone. After all, even well known sites can be the victim of an SQL injection, hidden scripts, and more. If you elect to remove the entries from the Trusted Zone, please do the following:

Trusted Zone: intuit.com\ttlc
Trusted Zone: musicmatch.com\online

Launch Internet Explorer, click Internet Options on the Tools menu, and then click the Security tab.
Click Trusted Sites, and then click Sites.
Click the site you want to delete, and then click Remove.

Please go here to run an on-line scan from ESET.

Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic and also let me know how things are now.

Biwa · « **Reply #11 on:** June 24, 2011, 07:53:06 AM »

At last! There seem to be no more problems. The conflicting notices in the Control Panel and Systray have stopped and automatic updating is definitely turned on. The MSE scan of the flash drive came up clean, too. I am going to bed now (almost 1:00 am) and will sleep well, thanks to you, Corrine. I appreciate all your help so much! I will report to the GardenWeb forum after hearing from you.
Jan

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - delete file error:The process cannot access the file because it is being used by another process.

OnlineScanner.ocx - copy file error :The process cannot access the file because it is being used by another process.

OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=b9cfeabe38f9d641a47ceeb15ea448cb
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-24 07:19:46
# local_time=2011-06-24 12:19:46 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776869 42 87 0 19987914 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 75 70 23190684 31482730 0 0
# scanned=92081
# found=0
# cleaned=0
# scan_time=6134

Corrine · « **Reply #12 on:** June 24, 2011, 05:42:33 PM »

That is great news, Jan!

Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.

To further check if your husband's system is missing security updates or has insecure applications, install Secunia Personal Software Inspector or, alternatively, visit http://secunia.com/software_inspector/ . The Secunia Software Inspector runs through your browser with no installation or download required and does the following:

Detects insecure versions of applications installed
Verifies that all Microsoft patches are applied
Assists you in updating your system and applications

You may also want to install and update SpywareBlaster to prevent the installation of spyware and other potentially unwanted software: http://www.javacoolsoftware.com/spywareblaster.html

My favorite security software is WinPatrol which includes the features described at http://www.winpatrol.com/features.html If you have any questions or need assistance with WinPatrol, we have a new forum dedicated to WinPatrol Help & Information.

Please let me know if you have any questions.

Biwa · « **Reply #13 on:** June 25, 2011, 12:26:40 AM »

Thank you, thank you! Your help has been priceless, as always, and it's good to know you are there in case of need. We have sent a small donation and wish it could be more. Our income is very limited since the economy went bad.

I will run Secunia on my husband's PC. I had used it from time to time on my own, but never thought to use it on my husband's. Thank you for the suggestions. Would Spywareblaster and WinPatrol conflict with Malwarebytes? Are they things that can be used when MSE is on and Malwarebytes activated at Startup?

Jan

Corrine · « **Reply #14 on:** June 25, 2011, 12:54:33 AM »

You are most welcome, Jan.

Thank you for sending the donation to sUBs account. It was very kind of you and most appreciated. He spends hours upon hours developing his tool as well as helping the security community in the background.

SpywareBlaster works in the background so you won't even know it is running. Do note, however, that it is necessary to update it. In order to track updates, you could subscribe to the SpywareBlaster Updates topic. Instructions for subscribing are here: Stay Current -- Subscribe to the Update Topics for your system software!.

WinPatrol will not conflict with any other programs on your or your husband's computer either. I've prepared a few "How To's, Tips & Information". Unfortunately, I haven't had much time to expand yet since the forum is new but questions about WinPatrol are always welcome.

LandzDown Forum

News:

Author Topic: Complicated problem with XP Antispyware 2012 trojan (Read 1139 times)

Biwa

Complicated problem with XP Antispyware 2012 trojan

Biwa

Re: Complicated problem with XP Antispyware 2012 trojan

GR@PH;<'S

Re: Complicated problem with XP Antispyware 2012 trojan

Corrine

Re: Complicated problem with XP Antispyware 2012 trojan

winchester73

Re: Complicated problem with XP Antispyware 2012 trojan

Corrine

Re: Complicated problem with XP Antispyware 2012 trojan

Biwa

Re: Complicated problem with XP Antispyware 2012 trojan

Biwa

Re: Complicated problem with XP Antispyware 2012 trojan

Corrine

Re: Complicated problem with XP Antispyware 2012 trojan

Biwa

Re: Complicated problem with XP Antispyware 2012 trojan

Corrine

Re: Complicated problem with XP Antispyware 2012 trojan

Biwa

Re: Complicated problem with XP Antispyware 2012 trojan

Corrine

Re: Complicated problem with XP Antispyware 2012 trojan

Biwa

Re: Complicated problem with XP Antispyware 2012 trojan

Corrine

Re: Complicated problem with XP Antispyware 2012 trojan