Am I still infected? M-bam found Trojan.Zbot

Inactive
By learninmypc
Nov 1, 2012
  1. Did a full M-bam scan & here it is
    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.01.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    HP_Administrator :: CYBER [administrator]

    11/1/2012 12:26:27 PM
    mbam-log-2012-11-01 (12-26-27).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 394418
    Time elapsed: 2 hour(s), 5 minute(s), 6 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\drivers\dot4\wrapper\_isdel.exe (Trojan.Zbot) -> Quarantined and deleted successfully.

    (end)
    Other scans will be posted.
    DDS (Ver_2012-10-19.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
    Run by HP_Administrator at 19:27:36 on 2012-11-01
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.283 [GMT -7:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ================
    .
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.kirotv.com
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
    BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - c:\program files\common files\simple adblock\SimpleAdblock.dll
    TB: HP view: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
    TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
    TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: HP view: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
    TB: <No Name>: - LocalServer32 - <no file>
    TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
    TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
    mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    mRun: [KBD] c:\hp\kbd\KBD.EXE
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [PS2] c:\windows\system32\ps2.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
    IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251314773281
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
    TCP: NameServer = 192.168.1.1 74.40.74.40
    TCP: Interfaces\{8F197E4D-DAFD-4588-9ED7-B5D6B2B1B6D9} : DHCPNameServer = 192.168.1.1 74.40.74.40
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-9-14 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-9-14 361032]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-9-14 21256]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-9-14 44808]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-6-27 681056]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-9-24 116648]
    S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\scutum50.sys --> c:\windows\system32\drivers\Scutum50.sys [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 250808]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-9-24 116648]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 115168]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2011-12-16 15544]
    S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]
    S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-1-6 594048]
    S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-6-27 1326176]
    S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2011-8-13 163840]
    .
    =============== Created Last 30 ================
    .
    2012-10-30 23:24:31 -------- d-----w- c:\program files\Pale Moon
    2012-10-27 03:26:57 14676448 ----a-w- c:\program files\mozilla firefox\xul.dll
    2012-10-25 02:01:48 -------- d-----w- c:\program files\ESET
    2012-10-17 17:05:01 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-10-15 23:49:37 -------- d-----w- c:\documents and settings\hp_administrator.seattle\local settings\application data\Moonchild Productions
    2012-10-15 23:49:37 -------- d-----w- c:\documents and settings\hp_administrator.seattle\application data\Moonchild Productions
    2012-10-14 13:27:25 -------- d-----w- c:\program files\Comodo
    .
    ==================== Find3M ====================
    .
    2012-10-30 22:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-10-30 22:51:07 41224 ----a-w- c:\windows\avastSS.scr
    2012-10-08 12:21:02 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-10-08 12:21:01 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-09-30 02:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-31 13:00:24 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-08-31 13:00:24 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-30 14:04:24 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
    2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-21 13:29:19 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-08-21 12:58:06 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-08-16 19:59:20 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2003-11-13 07:41:04 1176416 ----a-w- c:\program files\LOTR3.exe
    2003-10-17 16:56:54 340746 -c--a-w- c:\program files\ASSav.scr
    .
    ============= FINISH: 19:29:13.23 ===============
  2. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,086   +222

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-19.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/22/2009 1:37:14 AM
    System Uptime: 11/1/2012 7:22:08 PM (0 hours ago)
    .
    Motherboard: ASUSTek Computer INC. | | Salmon
    Processor: AMD Athlon(tm) 64 Processor 3400+ | Socket 754 | 1790/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 180 GiB total, 75.821 GiB free.
    D: is FIXED (FAT32) - 6 GiB total, 0.685 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    K: is CDROM (CDFS)
    M: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1574: 9/14/2012 6:50:51 AM - System Checkpoint
    RP1575: 9/14/2012 10:24:09 AM - Revo Uninstaller's restore point - COMODO Internet Security
    RP1576: 9/14/2012 10:25:57 AM - Removed COMODO Internet Security
    RP1577: 9/14/2012 10:30:23 AM - Revo Uninstaller's restore point - COMODO GeekBuddy
    RP1578: 9/14/2012 10:42:42 AM - avast! Free Antivirus Setup
    RP1579: 9/15/2012 1:11:54 PM - System Checkpoint
    RP1580: 9/15/2012 3:31:32 PM - Installed HiJackThis
    RP1581: 9/15/2012 3:38:27 PM - Revo Uninstaller's restore point - HiJackThis
    RP1582: 9/15/2012 3:38:41 PM - Removed HiJackThis
    RP1583: 9/16/2012 10:17:08 PM - System Checkpoint
    RP1584: 9/17/2012 10:20:27 PM - System Checkpoint
    RP1585: 9/18/2012 11:03:04 PM - System Checkpoint
    RP1586: 9/19/2012 11:20:34 PM - System Checkpoint
    RP1587: 9/21/2012 12:01:25 AM - System Checkpoint
    RP1588: 9/21/2012 10:16:48 PM - Software Distribution Service 3.0
    RP1589: 9/22/2012 10:47:38 PM - System Checkpoint
    RP1590: 9/24/2012 3:47:27 AM - System Checkpoint
    RP1591: 9/25/2012 4:28:07 AM - System Checkpoint
    RP1592: 9/26/2012 1:05:49 PM - System Checkpoint
    RP1593: 9/27/2012 1:37:08 PM - System Checkpoint
    RP1594: 9/28/2012 1:50:34 PM - System Checkpoint
    RP1595: 9/29/2012 9:31:14 PM - System Checkpoint
    RP1596: 9/30/2012 10:19:53 PM - System Checkpoint
    RP1597: 10/1/2012 10:25:10 PM - System Checkpoint
    RP1598: 10/2/2012 3:25:25 PM - Revo Uninstaller's restore point - Opera 12.02
    RP1599: 10/2/2012 3:29:57 PM - Revo Uninstaller's restore point - Opera 12.02
    RP1600: 10/3/2012 11:12:06 PM - System Checkpoint
    RP1601: 10/4/2012 11:53:06 PM - System Checkpoint
    RP1602: 10/6/2012 2:17:19 AM - System Checkpoint
    RP1603: 10/7/2012 3:02:28 AM - System Checkpoint
    RP1604: 10/8/2012 7:42:31 AM - System Checkpoint
    RP1605: 10/9/2012 7:44:39 AM - System Checkpoint
    RP1606: 10/10/2012 3:00:43 AM - Software Distribution Service 3.0
    RP1607: 10/11/2012 3:21:16 AM - System Checkpoint
    RP1608: 10/12/2012 3:29:30 AM - System Checkpoint
    RP1609: 10/13/2012 3:54:29 AM - System Checkpoint
    RP1610: 10/14/2012 4:02:47 AM - System Checkpoint
    RP1611: 10/14/2012 6:35:31 AM - Revo Uninstaller's restore point - Comodo Dragon
    RP1612: 10/14/2012 6:21:04 PM - Revo Uninstaller's restore point - SRWare Iron version SRWare Iron 22.0.1250.0
    RP1613: 10/16/2012 12:28:12 AM - System Checkpoint
    RP1614: 10/17/2012 12:31:51 AM - System Checkpoint
    RP1615: 10/17/2012 10:04:18 AM - Installed Java 7 Update 9
    RP1616: 10/18/2012 11:06:04 AM - System Checkpoint
    RP1617: 10/19/2012 12:46:01 PM - System Checkpoint
    RP1618: 10/20/2012 8:38:22 PM - System Checkpoint
    RP1619: 10/21/2012 9:37:52 PM - System Checkpoint
    RP1620: 10/22/2012 10:17:32 PM - System Checkpoint
    RP1621: 10/23/2012 10:47:23 PM - System Checkpoint
    RP1622: 10/24/2012 11:13:31 PM - System Checkpoint
    RP1623: 10/25/2012 11:16:47 PM - System Checkpoint
    RP1624: 10/27/2012 12:10:11 AM - System Checkpoint
    RP1625: 10/28/2012 12:20:01 AM - System Checkpoint
    RP1626: 10/29/2012 12:25:11 AM - System Checkpoint
    RP1627: 10/30/2012 12:56:38 AM - System Checkpoint
    RP1628: 10/31/2012 1:00:10 AM - System Checkpoint
    RP1629: 11/1/2012 1:43:52 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Shockwave Player 11.6
    Advanced Video FX Engine
    Advanced Video FX Utility
    Agere Systems PCI Soft Modem
    AiO_Scan
    AiOSoftware
    Amazon Kindle
    Apple Application Support
    Apple Software Update
    avast! Free Antivirus
    Belarc Advisor 8.1
    Belkin Connect Wireless USB Adapter
    BufferChm
    CameraDrivers
    CCleaner
    Copy
    CPUID CPU-Z 1.62
    Creative Live! Cam Center
    Creative Live! Cam Notebook Pro
    Creative Live! Cam Notebook Pro Driver (1.01.03.0405)
    Creative Live! Cam Notebook Pro User's Guide (English)
    Creative Photo Calendar
    Creative Photo Manager
    Creative Software AutoUpdate
    Creative System Information
    Creative WebCam Center
    CreativeProjects
    CreativeProjectsTemplates
    CueTour
    Destinations
    Director
    DocProc
    DocumentViewer
    Easy Internet Sign-up
    ERUNT 1.1j
    ESET Online Scanner v3
    Fax
    FileHippo.com Update Checker
    Foxit Reader
    Google Earth
    Google Talk Plugin
    Google Update Helper
    Google Updater
    Help and Support Additions
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Deskjet Preloaded Printer Drivers
    HP Diagnostic Assistant
    HP Image Zone 4.2
    HP Image Zone for Media Center PC
    HP Image Zone Plus 4.2
    HP Photo & Imaging 3.5 - HP Devices
    HP PSC & OfficeJet 4.0
    HP Software Update
    HP Tunes
    HP Unload DLL Patch
    hpg2436
    hpg3970
    hpg4600
    hpg5530
    hpg8200
    HPIZ402
    HpSdpAppCoreApp
    HPSystemDiagnostics
    InstantShare
    IntelliMover Data Transfer Demo
    InterVideo WinDVD Creator 2
    InterVideo WinDVD Player
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 7 Update 5
    JavaFX 2.1.1
    Junk Mail filter update
    K-Lite Codec Pack 6.3.9 (Full)
    KBD
    Malwarebytes Anti-Malware version 1.65.1.1000
    Media Player Classic - Home Cinema 1.6.1.4235
    Microsoft .NET Framework 1.0 Hotfix (KB2572066)
    Microsoft .NET Framework 1.0 Hotfix (KB2604042)
    Microsoft .NET Framework 1.0 Hotfix (KB2656378)
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office Excel Viewer 2003
    Microsoft Office File Validation Add-In
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Standard Edition 2003
    Microsoft Picture It! Photo 2002
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works Suite Add-in for Microsoft Word
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Firefox 16.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyDefrag v4.3.1
    NVIDIA Drivers
    Octoshape add-in for Adobe Flash Player
    OpenAL
    Otto
    Pale Moon 15.2.1 (x86 en-US)
    PhotoGallery
    PhotoMail Maker
    Photosmart 320,370,7400,8100,8400 Series
    PlayFLV
    PrintScreen
    Process Lasso
    PS2
    PSPrinters06
    Python 2.2 combined Win32 extensions
    Python 2.2.1
    QFolder
    Quick Startup 2.8.0.718
    QuickProjects
    Readme
    Revo Uninstaller 1.94
    RoboForm 7-8-2-5 (All Users)
    Scan
    SeaMonkey 2.13.2 (x86 en-US)
    Secunia PSI (3.0.0.2004)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Shockwave
    SightSpeed
    SIW version 2010.07.14
    SkinsHP1
    SkinsHP2
    Sonic Encoders
    Sonic RecordNow!
    Speccy
    Spybot - Search & Destroy
    SpywareBlaster 4.6
    SUPERAntiSpyware
    swMSM
    TeamViewer 7
    TrayApp
    Unload
    Unlocker 1.9.1
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB972636)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB980302)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Updates from HP
    VC 9.0 Runtime
    Virtual Seattle Interactive 98
    Visual J# .NET Redistributable Package
    VLC media player 2.0.4
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows PowerShell(TM) 1.0
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB2619340
    Windows XP Media Center Edition 2005 KB2628259
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    Works Suite OS Pack
    Works Synchronization
    WOT for Internet Explorer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/28/2012 2:31:06 PM, error: Service Control Manager [7000] - The Scutum50 NDIS Protocol Driver service failed to start due to the following error: The system cannot find the file specified.
    10/26/2012 9:03:54 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    10/26/2012 9:03:46 PM, error: Service Control Manager [7034] - The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).
    10/26/2012 9:03:46 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    10/26/2012 9:03:46 PM, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
    10/26/2012 9:03:46 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
    10/26/2012 9:03:46 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    10/26/2012 9:03:46 PM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    10/26/2012 9:03:46 PM, error: Service Control Manager [7031] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
  3. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    According to my research it may be false positive.

    Open MBAM, click on "Quarantine" tab, highlight that finding and click on "Restore" button.

    Next....

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
    NOTE. Make sure to reverse the above changes, when done with this step.
    Upload following files to http://www.virustotal.com/ for security check:
    - C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\drivers\dot4\wrapper\_isdel.exe
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
  4. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,086   +222

    Is this what you wanted
    Normalized URL: http://_isdel.exe/
    Detection ratio: 0 / 30
    Analysis date: 2012-11-02 03:16:12 UTC ( 0 minutes ago )
    File scan: The URL response content could not be retrieved or it is some text format (HTML, XML, CSV, TXT, etc.), hence, it was not enqueued for antivirus scanning.
    [​IMG]
    0​
    0​
  5. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    This is what I though. False positive.
    Can you zip and attach that file?
    I want to forward it to MBAM people.
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    I wanted to jump in here real quick to give some assistance to speed along the answer...

    This detection depends actually (since the program has been faked before by Smitfraud)...

    While uploading the file, run the following and post log:

    1. Click the Start Menu.
    2. Click Run.
    3. Type in "mbam.exe /developer", without the quotes.
    4. Run the same type of scan you did before and save the logfile and post it.
  7. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,086   +222

    Will do so.
  8. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,086   +222

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.01.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    HP_Administrator :: CYBER [administrator]

    11/2/2012 5:56:20 AM
    mbam-log-2012-11-02 (05-56-20).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 392895
    Time elapsed: 2 hour(s), 10 minute(s), 17 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\drivers\dot4\wrapper\_isdel.exe (Trojan.Zbot) -> Quarantined and deleted successfully. [b467a012e37a20160bc17c9356aefd03]

    (end)
  9. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,086   +222

    Broni, do you still want me to "This is what I though. False positive.
    Can you zip and attach that file?
    I want to forward it to MBAM people."?
    If so, how do I do that?
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Go ahead and do as suggested. Find this file: C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\drivers\dot4\wrapper\_isdel.exe

    Right-click, Send to > Zip folder.

    Upload it here.
  11. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,086   +222

    This part HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\drivers\dot4\wrapper\_isdel.exe

    or just this part _isdel.exe
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Just this part _isdel.exe
  13. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,086   +222

    in the wrapper.JPG
    I'm there, but I don't see it:confused:
  14. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      _isdel.exe
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
  15. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,086   +222

    SystemLook 30.07.11 by jpshortstuff
    Log created at 15:38 on 02/11/2012 by HP_Administrator
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "_isdel.exe"
    No files found.

    -= EOF =-
  16. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,086   +222

    No question being too stupid, should I of done this "Open MBAM, click on "Quarantine" tab, highlight that finding and click on "Restore" button." first??
  17. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Absolutely. I thought you did it :)
  18. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,086   +222

    Ok, I hope this is it

    Attached Files:

     
  19. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Thank you :)
  20. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,086   +222

    You're welcome. Now what do I do?
  21. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Nothing. You're good to go.
    I went to MBAM forum and there is already a long topic in which people are reporting very same file in different location being flagged by MBAM.
    Some fixes were already applied.
  22. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,086   +222

    Thank you very kindly. Have a great weekend & don't forget to fall back.:)
  23. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Same to you :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.