Is Desktop Security 2010 really gone?

Hey folks, thanks for a great site and all of your efforts. I'm new to using these forums so please bear with me. I have a Win XP SP3 machine that had an expired version of ZoneAlarm Security Suite that I deactivated exxcept for firewall because it seemed to have started thrashing my hardrive at one point. I also have Antivir for virus and spyware. The machine was infected with Desktop Security 2010 and I have gone thru the "Read & Run Me" first procedures.

Prior to running the procedures AntiVir in guard mode would constantly give pop-up warnings of certain dlls being some type of trojan, but none of the fixes in the pop-up seemed to do anything, and the warnings would just keep re-occuring until I disabled AntiVir Guard. I restarted the outdated ZoneAlarm and it seemed to actually suppress the DS 2010 pop-ups. Does this mean ZA was better at handling this malware than AntiVir?

I was using MSConfig to keep ZoneAlarm from starting. I set it back to Normal and uninstalled ZA.

Since running the procedure, (two reboots later) I am not getting any Desktop Security 2010 pop-ups. I don't know enough about computers to be sure everything is ok so I'd like to post the logs and get your thoughts before going thru the toggle restore point procedure.

A few other notes from going thru the Read & Run Me First procedure: There are five user accounts on this pc, two are administrative, one guest. I used CCleaner on all but one of the non-admin accounts (forgot one.) Tried to use Add/Remove to remove Desktop Security 2010 but it asks you to get an uninstall key and opens IE with a message that you can't access the site you are taken to.

After ComboFix reboot a RunDLL error appeared twice saying there was an error loading dddbyy.dll - the specified module could not be found. Does that mean there was still malware asking for it to be run?

I got some error box running MGTools - I guess I was tired and didn't write it down but clicked yes and it seems to have run ok. It did open IE to a trendsecure.custhelp.com page.

So thanks again for this site, your help is hugely appreciated

 

Here is MGTools. I rarely use zip function so hopefully this is correct. The only thing that has changed after running the procedure is that some XP updates installed when I shut the machine down There are also some adobe updates waiting to be installed.

 

Tim, thanks for the speedy reply. I don't see any visible signs of Desktop Security 2010 in the Brian Admin account. I don't see any other obvious symptoms either, although I have avoided using this machine after the infection.

Do I need to worry about the other four accounts? One is another admin. I have not see visible signs of DS 2010 in any other account so far.

I don't have a full understanding of how these accounts operate and why DS 2010 wouldn't have infected each one. I see that AntiVir Guard is turned on in my admin account but not in the guest account. So can each account have unique settings for each program?

Do virus and antispyware scans need to be run under each account as well?

Also, when it is time to do a "final cleanup," would you advise on which of the diagnotic programs should be deleted and the best way to do so?

Thanks again!

 

Tim, I have run SAS and MBAM on the other accounts. There were five scans that found something. The programs seemed to clear each item up but I will post the logs since I don't know all that you look for. If there is nothing more to do I will start the clean-up procedure you included in your last post. Thanks again for your time.

 

Last log.

 

Just a clean-up question or two. Somewhere in the process a file called Owner.exe was installed to my desktop. It appears to be another copy of HiJackThis. I didn't run Owner.exe. It does not show in add/remove programs so will simply deleting it from the desktop be enough?

Do I need to do anything other than delete RootRepeal.exe from the desktop?

Finally, I changed the name of mbam-setup.exe to something else - should I change it back?

Thanks again for all the help!