Is this really malware?

Hi, People….

I’m not certain that what follows are the result of malware, but I’m guessing they are.

In no particular order, these are the behaviors I’ve noticed for over a month:

When I open Word 2002, more often than not, the page defaults to Print Layout instead of Normal.

If I open a document and close it without doing anything, I’m asked if I want to save the changes I didn’t make.

A couple of times I’ve gotten a message that Word experienced a problem, and had to close.

More frequently than usual, programs will open in “Restore down” mode, instead of maximized.

Every so often, the hour glass appears momentarily (and sometimes longer), and the information on the page seems to shift (or goes blank?) until the hour glass goes away. If I happen to have a menu open, it will disappear, and if the title bar in a window is blue, it will momentarily turn gray. (Websites are affected, too.)

For the past two weeks, almost every e-mail I receive comes with an attachment called ATT0000*.htm, or .dat, or .jpg (so far). I’ve seen these before, but never so concentrated..

I view my mail on my ISP’s site (Verizon) before downloading it in OE, and the other day—for instance—I had 7 messages; two of which were marked with attachments. When I downloaded them, all 7 had ATT0000 attachments.

Another time, I had an e-mail immediately returned as undeliverable, because I had used an incorrect address; and it, too, had an ATT0000 attachment.

Ordinarily, I wouldn’t put these attachments in the category of malware, but it almost seems as though they’re being generated on my computer, or that my machine is, somehow, attracting them.

At least some programs seem to take longer than usual to load. There sometimes seems to be a slight delay before programs will close.

For at least a couple of weeks, there was mostly a 45 second delay between the Welcome screen and the appearance of the desktop. Now, it’s closer to 30 seconds, interspersed with normal interval.

The other day, after running CCleaner, I noticed a deleted cookie for a site I’ve never knowingly visited: marketscore.com. Google showed it to be a potential malware site. I found several registry entries for marketscore, and netsetter, but neither appears in Add/Remove Programs, nor did Search find any files.

My computer freezes on shut-down more than usual. Restarting with the reset button will allow it to go through the shut-down routine OK. Recently, Spy Sweeper and zlclient.exe went through their “End Program” routines, but neither would close, and hitting Ctrl-Alt-Delete to End Task didn’t work, so I had to use the reset button. Usually, if the shut-down routine doesn’t work, the computer simply freezes.

That’s all I can think of for now.


My OS is XP Home with SP2.

I have the following anti-malware programs:

AVG Free, Windows Defender, Spybot S&D, Trojan Hunter, Ad Aware SE Plus, and Spy Sweeper; all of which I run weekly. Plus Zone Alarm Pro.

Once a month, I use one or more of the following online scanners:

BitDefender, Kaspersky, and Ewido.

So far, none has found anything, so I wonder if I’m experiencing computer glitches, rather than malware?

I hope you can help.

Many thanks.

fillip

 

Hello, chaslang...

Thanks for your fast reply to my post.

You folks gave me a lot of chores to perform, and I thought I'd be done by now.

However, I'm not there quite yet, but I wanted to acknowledge your response.

I'll post as soon as I finish my "homework".

Thanks, again.

fillip

 

I believe I’ve completed your instructions.

I’ll upload 3 files into this post, and a 4th into another one. I assume that’s done by replying to my reply.

I ran Panda ActiveScan in Normal Mode, but a “Report” window didn’t appear. If I understand their FAQ correctly, a report is generated only if the program finds something. My scan came up all zeroes.

I haven’t disabled System Restore.

Judging by the results I’ve seen, I expect you were right about my symptons not indicating malware.

Hopefully, something will show up in the HJT log or your special .txt logs that may give clues to the cause of my experiences.

I’m looking forward to your reply.

Thanks.

 

Here's the HJT log.

I hope I've done everything OK!

 

Thanks for your suggestions.

I have several comments and FYIs.

First, all of my anti-malware programs were active before I developed the symptoms I described in my first post.

Second, when I read your “Read and Run Me First,” I realized I had an outdated version of Sun Java, and installed the latest, which was Update 8. I thought it would install itself over the old version, but I should have known better. So, thanks for that.

Version 4 is no more.

Third, you were right about possible conflicts. Although WinPatrol was still on my machine, I had disabled it on Startup.

The problem was, that it responded to the same things that Ad-Watch did, and both their windows would pop up at the same time, which was not helpful, to say the least.

At your suggestion, I uninstalled it, together with Windows Defender. Windows Defender may have been overkill, because of Spy Sweeper (another paid-for program).

However, I’m not prepared to remove Spy Sweeper just yet. It alerts me to suspicious behavior, similar to Ad-Watch and Zone Alarm, but there are no overlaps. Neither does there seem to be any intereference among them.

Incidentally, I keep reading conflicting opinions as to which anti-malware programs to install, and some suggest even more programs than I use.

There were, in fact, some other problems that developed after one of Spy Sweeper’s program updates.

These were: The Spy Sweeper icon wouldn’t appear in the system tray unless I opened the program; the Shields function was corrupted; and when I ran Ad-Aware, it would freeze shortly after starting.

It took Webroot three relatively close-spaced updates to fix the problems, but both programs work fine, now.

Also, I uninstalled a program I stopped using some time ago, in the hope that it might help speed things up.

When I finished all this, I defragged the drive, even though there was no need.

Bottom line is—even with all the deletions—the symptons are still present.

As you said—I guess I’ll have to look elsewhere for the source(s) of my machine’s problems.

Chaslang, I certainly want to thank you for your attention and your help Both are much appreciated..

I’m almost sorry I didn’t have malware on my computer.

My troubles might all be gone!

In the meantime, take care, and perhaps we’ll meet again.

Regards,

fillip

 

Son of a gun!

Uninstalling Spy Sweeper seems to have eliminated one of my symptons; namely, the burping hour glass apparently has stopped burping.

I wasn’t too happy to let Spy Sweeper go, but it if it doesn’t behave well on my machine, there’s not much point in keeping it..

With respect to the Word 2002 symptons, I suspect they may be related to Word itself.

I did a repair reinstall, but it didn’t help.

Sometime back, I changed from Windows Update to Microsoft Update.
There is some possiblity that one of their Office updates (I use only Word) may have done me wrong.

If you have any suggestions on how best to track this down, I’d appreciate them.

Regarding programs which annoyingly open “un-maximized,” I seem to recall there is a feature which allows me to force all programs to open maximized, but I forget where it is.

Something might have changed the settings, or my memory is way off. If so, this is an unresolved problem, the source of which I don’t know; nor do I have a clue what to to about it.

The jury is still out on the problem referring to the length of time it takes between the Welcome screen and the desktop. It’s still mostly 30 seconds, which seems excessively long; particularly since the time is sometimes much shorter, and it used to be consistently shorter.

Tentatively, I think at least some programs are opening faster than before Spy Sweeper removal. Ditto with closing.

I haven’t had any shut-down problems recently, so I can’t be certain whether anything we’ve done has affected that, or not.

You mentioned SpywareBlaster. I forgot to tell you that I use it, but it’s for IE only. The only times I use IE are for Microsoft, and online scanning—but every little bit helps!

I think I’ve covered all the items from my original post.

If there is any further help you can offer, I’m all ears.

 

I ain’t too swift.

I didn’t know SpywareBlaster works with Firefox. That’s good to know.

I’ll take your suggestion about the Software forum.

Thanks for all.

fillip