I believe I have been infected. About 2 weeks ago, I experienced a severe slowdown in the operation of my PC. Further, program installations would not complete; they would just start, then disappear. When I start MS Word, I get a dialog stating: "This document cannot be registered. It will not be possible to create links from other documents to this one." In trying to fix this problem, I found that the service "DCOM Service Process Launcher" is not even listed when I run services.msc. A few days after this, a (regularly scheduled weekly) ZoneAlarmPro (ZAP) spyware scan detected both Win32.1sass and Win32.Trojan.Agent.97836.A. I directed ZAP to delete these. ZAP directed me to reboot and I did so. I manually ran another ZAP spyware scan and it was clean, but the problems remained. Then the next ZAP regular weekly spyware scan detected Win32.1sass, but not Win32.Trojan.Agent.97836.A. So again I chose delete and rebooted. A rescan was clean. I have been rescanning manually every day for the last week. After deleting (also tried quarantining, with the same results), the next couple of days yield clean scans, then Win32.1sass is detected again.

I would be most grateful for any assistance.

ERUNT runs every night, as I have scheduled it. Here is the DDS.txt file I just produced:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Russ at 5:30:29.19 on 29/May/10
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = https://login.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll
BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\windows\system32\BhoCitUS.dll
BHO: bxNewFolder: {51c8bca8-2524-4523-bf09-738c4eebfc58} - c:\progra~1\bxnewf~1\BXNEWF~1.DLL
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Clavier+] c:\program files\clavier+\Clavier.exe
uRun: [Mailbell] "c:\program files\mailbell\mailbell.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [Opware12] "c:\program files\scansoft\omnipagepro12.0\Opware12.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 7\drag to disc\DrgToDsc.exe"
mRun: [YCentral] c:\progra~1\yahoo!\ycentral\YahooCentral.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\3\printray.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [vptray] c:\progra~1\symant~1\vptray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
StartupFolder: c:\docume~1\russ\startm~1\programs\startup\robofo~1.lnk - c:\program files\siber systems\ai roboform\robotaskbaricon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\taskma~1.lnk - c:\windows\system32\taskmgr.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\msoffice\office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - res://c:\program files\flashcapture\fciext.dll/FCIEXT.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
Trusted Zone: 7-zip.org
Trusted Zone: adobe.com
Trusted Zone: adobe.com\www
Trusted Zone: aigautoservice.com
Trusted Zone: att.com
Trusted Zone: att.com\localization
Trusted Zone: att.net
Trusted Zone: bankofamerica.com
Trusted Zone: bargains101.com\www
Trusted Zone: bestbuy.com
Trusted Zone: celebrity.com
Trusted Zone: delta.com
Trusted Zone: driveragent.com\www
Trusted Zone: e-rewards.com\www
Trusted Zone: empathica.com\www5
Trusted Zone: expedia.com
Trusted Zone: genotrance.com\appsnap
Trusted Zone: google.com
Trusted Zone: googlecode.com
Trusted Zone: henryandfergus.com\www
Trusted Zone: hp.com
Trusted Zone: intuit.com
Trusted Zone: lib.nv.us\*.washoe
Trusted Zone: microsoft.com
Trusted Zone: msn.com\runonce
Trusted Zone: msnbc.com
Trusted Zone: my-etrust.com
Trusted Zone: mybillonline.com\www
Trusted Zone: myrewardzone.com
Trusted Zone: naturemade.com
Trusted Zone: netsolhost.com
Trusted Zone: networksolutions.com
Trusted Zone: nvgaminglaw.com
Trusted Zone: otxresearch.com\survey
Trusted Zone: pcworld.com
Trusted Zone: postpublisher.net
Trusted Zone: regards.com
Trusted Zone: rlicorp.com\ebiz
Trusted Zone: russd.net
Trusted Zone: sbcglobal.net
Trusted Zone: secunia.com
Trusted Zone: secunia.com\psi
Trusted Zone: staples-locator.com
Trusted Zone: staples.com
Trusted Zone: statefarm.com
Trusted Zone: sun.com
Trusted Zone: thankyounetwork.com
Trusted Zone: titantv.com
Trusted Zone: tmh2o.com
Trusted Zone: usair.com
Trusted Zone: usairways.com\www
Trusted Zone: usbank.com
Trusted Zone: wellsfargo.com
Trusted Zone: winamp.com
Trusted Zone: yahoo.com
Trusted Zone: yousendit.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} - hxxps://quicken.ehosts.net/netagent/objects/custappx3.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129966169033
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39024.4767824074
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: {B26B2834-5CD0-46FF-AF5A-DF83B61CC0CB} = 192.168.0.1,206.13.28.12
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Hosts: 192.168.2.103 HP000F20D2F6BC
Hosts: 206.163.217.131 russd.net

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\russ\applic~1\mozilla\firefox\profiles\su8u19g3.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q=
FF - component: c:\documents and settings\russ\application data\mozilla\firefox\profiles\su8u19g3.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\russ\application data\mozilla\firefox\profiles\su8u19g3.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\russ\application data\mozilla\firefox\profiles\su8u19g3.default\extensions\{7e7165e2-0767-448c-852f-5fa8714f2c37}\components\PlainOldFavorites.dll
FF - component: c:\documents and settings\russ\application data\mozilla\firefox\profiles\su8u19g3.default\extensions\speedtest@gotomyhelp.com\components\NetDiag.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\russ\application data\mozilla\firefox\profiles\su8u19g3.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\firefox\plugins\npagent.dll
FF - plugin: c:\program files\firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\microsoft research\hdview for firefox\nphdview.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============


============== File Associations ===============

txtfile="c:\program files\metapad\metapad.exe" %1

=============== Created Last 30 ================

2010-05-29 12:28:56 0 d-----w- c:\temp\964.tmp
2010-05-29 01:07:59 0 d-----w- c:\temp\STOPzilla!
2010-05-27 18:05:30 0 d-----w- c:\temp\plugtmp-28
2010-05-25 20:06:45 0 d-----w- c:\temp\plugtmp-27
2010-05-24 19:52:20 0 d-----w- c:\temp\plugtmp-26
2010-05-18 22:27:20 0 d-----w- c:\temp\plugtmp-25
2010-05-17 22:44:28 0 d-----w- c:\temp\plugtmp-24
2010-05-16 17:39:06 0 d-----w- c:\temp\plugtmp-23
2010-05-15 05:07:53 0 d-----w- c:\temp\plugtmp-22
2010-05-15 01:28:08 0 d-----w- c:\temp\MapInstall
2010-05-12 16:09:56 0 d-----w- c:\temp\OHotfix
2010-05-11 18:32:08 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-05-11 18:32:06 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-05-11 18:32:03 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-05-11 18:32:01 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-05-11 18:32:00 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-05-11 18:30:14 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-05-11 18:30:13 28288 -c--a-w- c:\windows\system32\dllcache\xjis.nls
2010-05-11 18:30:10 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-05-11 18:30:07 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-05-11 18:29:57 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-05-11 18:29:53 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-05-11 18:29:27 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-05-11 18:29:21 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-05-11 18:29:19 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-05-11 18:28:58 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2010-05-11 18:28:52 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2010-05-11 18:28:49 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-05-11 18:28:41 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2010-05-11 18:28:34 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2010-05-11 18:28:27 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2010-05-11 18:28:24 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2010-05-11 18:28:03 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys
2010-05-11 18:27:59 19551 -c--a-w- c:\windows\system32\dllcache\watv02nt.sys
2010-05-11 18:27:55 29311 -c--a-w- c:\windows\system32\dllcache\watv01nt.sys
2010-05-11 18:27:43 11775 -c--a-w- c:\windows\system32\dllcache\wadv05nt.sys
2010-05-11 18:27:38 12127 -c--a-w- c:\windows\system32\dllcache\wadv02nt.sys
2010-05-11 18:27:32 12415 -c--a-w- c:\windows\system32\dllcache\wadv01nt.sys
2010-05-11 18:27:27 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2010-05-11 18:27:25 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2010-05-11 18:27:22 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2010-05-11 18:27:03 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2010-05-11 18:27:00 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2010-05-11 18:25:58 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-05-11 18:24:49 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2010-05-11 18:24:47 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2010-05-11 18:24:41 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2010-05-11 18:24:35 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-05-11 18:24:33 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2010-05-11 18:24:22 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2010-05-11 18:24:18 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2010-05-11 18:24:17 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2010-05-11 18:24:15 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2010-05-11 18:24:05 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2010-05-11 18:24:04 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2010-05-11 18:24:02 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2010-05-11 18:22:57 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2010-05-11 18:21:58 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
2010-05-11 18:20:44 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-05-11 18:19:58 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2010-05-11 18:18:57 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2010-05-11 18:17:58 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2010-05-11 18:16:56 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2010-05-11 18:15:48 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2010-05-11 18:14:58 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2010-05-11 18:13:57 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2010-05-11 18:13:54 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2010-05-11 18:13:52 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2010-05-11 18:13:50 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2010-05-11 18:13:45 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2010-05-11 18:13:32 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2010-05-11 18:13:27 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-05-11 18:13:17 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-05-11 18:13:13 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2010-05-11 18:12:53 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-05-11 18:12:51 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-05-11 18:12:49 56832 -c--a-w- c:\windows\system32\dllcache\msdvbnp.ax
2010-05-11 18:12:47 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-05-11 18:12:36 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2010-05-11 18:12:28 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-05-11 18:12:20 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-05-11 18:12:15 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-05-11 18:12:05 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2010-05-11 18:12:03 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2010-05-11 18:10:59 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2010-05-11 18:10:57 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2010-05-11 18:10:54 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-11 18:10:52 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2010-05-11 18:10:50 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2010-05-11 18:10:49 47066 -c--a-w- c:\windows\system32\dllcache\ksc.nls
2010-05-11 18:10:46 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2010-05-11 18:10:39 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2010-05-11 18:10:36 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2010-05-11 18:10:05 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-05-11 18:10:04 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-05-11 18:09:44 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-05-11 18:09:14 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-05-11 18:09:12 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-05-11 18:09:10 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-05-11 18:09:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-05-11 18:08:52 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2010-05-11 18:08:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2010-05-11 18:08:48 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-05-11 18:08:47 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2010-05-11 18:08:45 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-05-11 18:08:43 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2010-05-11 18:08:34 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2010-05-11 18:08:32 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2010-05-11 18:08:30 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2010-05-11 18:08:27 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2010-05-11 18:08:25 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2010-05-11 18:08:22 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2010-05-11 18:05:33 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2010-05-11 18:04:59 165888 -c--a-w- c:\windows\system32\dllcache\hpgt53.dll
2010-05-11 18:03:59 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2010-05-11 18:03:57 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2010-05-11 18:03:46 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2010-05-11 18:03:43 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2010-05-11 18:03:41 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2010-05-11 18:03:36 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
2010-05-11 18:01:02 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2010-05-11 18:00:53 8320 -c--a-w- c:\windows\system32\dllcache\dlttape.sys
2010-05-11 17:58:36 249856 -c--a-w- c:\windows\system32\dllcache\ctmasetp.dll
2010-05-11 17:57:48 13952 -c--a-w- c:\windows\system32\dllcache\cmbatt.sys
2010-05-11 17:57:03 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-11 17:56:21 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll
2010-05-11 17:53:26 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2010-05-11 17:53:24 18432 -c--a-w- c:\windows\system32\dllcache\bdaplgin.ax
2010-05-11 17:52:51 13696 -c--a-w- c:\windows\system32\dllcache\avcstrm.sys
2010-05-11 17:52:47 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2010-05-11 17:49:54 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2010-05-11 17:49:52 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2010-05-11 17:39:11 0 d-----w- c:\windows\I386
2010-05-10 17:17:01 0 d-----w- c:\temp\{8A2D69B0-AD62-47C6-A9E2-3DAE57CEBCA8}
2010-05-10 17:15:51 0 d-----w- c:\temp\{69D40909-41EB-4199-B318-FAA212787BAF}
2010-05-10 17:14:40 0 d-----w- c:\temp\{C1777C60-6EE6-4BAF-904D-3DBE2FDE40AB}
2010-05-10 17:14:40 0 d-----w- c:\program files\ACW
2010-05-09 20:29:08 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2010-05-08 21:42:21 0 d-----w- c:\temp\plugtmp-21
2010-05-06 14:57:59 0 d-----w- c:\temp\plugtmp-20
2010-05-05 08:12:41 0 d-----w- C:\PrevxCSI
2010-05-04 22:46:20 0 d-----w- c:\temp\WebUpdater
2010-05-04 17:15:25 0 d-----w- c:\temp\plugtmp-19
2010-05-04 16:21:52 0 ----a-w- C:\manifest.dat

==================== Find3M ====================

2010-05-29 10:34:21 87616 ----a-w- c:\windows\PSSDNSVC.EXE
2010-05-27 07:51:01 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-05-15 01:21:54 142408 ----a-w- c:\docume~1\russ\applic~1\GDIPFONTCACHEV1.DAT
2010-05-09 20:23:09 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-05-09 20:23:07 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2003-08-27 22:19:18 36963 ----a-w- c:\program files\common files\SM1updtr.dll
2008-08-28 03:06:45 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat

============= FINISH: 5:41:47.59 ===============

Contrary to my expectations, I was able to install Spybot Search & Destroy (version 1.6.2.46). I just finished a scan, but it found nothing interesting (just 2 tracking cookies). The report is attached.:sad:

hi hrussd,

If you still need help simply reply to my post.

Thanks.

ok. ZAP is still flagging something? Did you add all those entries to your trusted zone in IE?
We will get another download to start with, as another check for malware. Link and directions:

Please download Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

I just ran a ZAP scan, and it reported no problems.

Yes, all the trusted zones for IE seem familiar to me. I put them there to allow use of the sites, prior to switching to Firefox with NoScript and DropMyRights.

On 29 May, I disconnected the PC from my home LAN. I was worried info might be going out over the Internet, because of the DDS.txt entry:
"FW: ZoneAlarm Pro Firewall *disabled*"

I downloaded mbam-setup-1.46.exe at another PC and installed it on the suspect PC via a USB flash drive. Then I ran Malwarebytes; it was clean. Here are the contents of the log file (mbam-log-2010-06-03 (22-52-41).txt):

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03/Jun/10 22:52:41
mbam-log-2010-06-03 (22-52-41).txt

Scan type: Full scan (C:\|)
Objects scanned: 254775
Time elapsed: 2 hour(s), 45 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

The MBAM log cant look any better. You can keep MBAM. Note that it must be updated manually and a scan started manually.
If all is good on your end, some tips for you:

10 Tips for Reducing/Preventing Your Risk To Malware:

In no special order

1) It is essential to keep your OS (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us),(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the auto-update feature. Staying updated is also necessary for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here. (http://secunia.com/vulnerability_scanning/online/)

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs (http://www.virusvault.us/signs1.html)that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*. There is no reason why your computer can not stay malware free.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem.

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Set up and use limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) A tool (http://nsslabs.com/general/ie8-hardening-tool.html)for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Or see a slideshow (http://threatpost.com/en_us/slideshow/How%20to%20configure%20Internet%20Explorer%20for%20secure%20surfing)on how to better configure IE 8.0.

10) Warez, cracks etc are very popular for carrying all kinds of malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks, then you are also much more likely to encounter malicious code in a downloaded file. Do you really trust the source of the file? Do you really need another malware source?

A longer version in link below.

Happy Safe Surfing.

Many thanks for your time and effort. I am still a bit concerned, so I believe I will reformat the hard disk and reinstall WinXP Pro and all my apps. I appreciate the tips, and will try to observe them.

ok your welcome. Happy safe surfing 'out there.'