Mysterious Trojan

My spysweeper program detected a trace of the massaker trojan on my system last night and quarantined it. I run Spysweeper every night and the trojan was not detected the night before. This is my home computer and I have it turned off during the night and most of the day while I'm at work. I turn it on when I'm going to use it and usually lock it (windows+l) if I'm away from the computer for long.

I checked the registry and couldn't find anything unusual in windows/current version/run or run services.

I run my computer on a limited account and use Firefox browser, but still have IE set to high security. I also have Zone Alarm, PC Cillin (which I'm surprised didn't catch this), Spybot w/teatimer running, and Windows defender.

I hadn't noticed any problems with my computer. This was only detected on a routine scan with Spysweeper.

After the quarantine, I re-scanned with Spysweeper and scanned with PC Cillin; both came up clean.

The strange thing is that Spysweeper's site says this trojan is generally spread through email attachments, but the only email account I check on this computer is hotmail, which scans for viruses, and I won't open email from someone I don't know and don't open attachments that I'm not 100% sure about and I rarely receive attachments from anyone I know. The file that Spysweeper said was infected is easyoffice\pop.wav. Easy Office is a program that I've had installed for at least a year.

The thing I'm worried about and really want advice about is the recommendation that Spysweeper's site gives to consider changing your bank account and credit card numbers (if you bank online, which I do) and all passwords. They also recommend checking your credit report regularly in the near future, which I will do, since I work for an organization that handles consumer fraud and I understand all about identity theft. Changing my bank account numbers and credit card numbers would be a great inconvenience that I will do if necessary, but I'm not sure whether my case warrants it. I did not visit my bank website since my last clean Spysweeper scan and don't have Firefox save ANY passwords. I have Firefox automatically clear out history, cookies, cache, etc. every time I close it and I have all files on my computer with passwords, personal info. or other sensitive data encrypted.

Does anyone have any idea how I may have picked up this bug, how much damage it could have done on a limited account and an opinion on the bank account issue?

 

I had a suspicion it might be a false positive, but don't want to take any chances with something that potentially serious.

I will be keeping a close eye on all of my financial accounts, believe me.

How many real time blockers do you recommend that I keep? I would like to keep Spysweeper, other than that which do you recommend that I keep running? Should I keep the main programs installed, so I can still do manual or scheduled scans (for the ones I end up disabling real-time blocking on)?

Should I disable those before or after I follow your recommended steps?

I will wait for your response before proceeding.

 

Actually, I just noticed that the scanning in you recommended steps is done in safe mode, so I won't worry about waiting to hear from you to start, but I still would like your opinion on the real-time blockers. I will be back later with my HJT log.

 

Ok, I've finished all of the recommended steps. None of the scanners found anything, except Panda, which found 2 cookies. I deleted them via the browser and re-scanned with Panda. The second scan was clean.

I'm attaching that log and the HJT log.

 

I will follow your advice as far as my scanners/real-time blockers. I did actually install the igive window. Igive is a site that has agreement with large online retailers, so they will donate portions of your purchase to your favorite cause. I may uninstall it anyway, though, since I haven't been able to get it to work.

Thank you so much for your help. You all have the biggest hearts to spend time helping people like me.