Virus preventing me from opening Spybot SnD, HJT/etc EDIT: I

Updated Malwarebytes and scanned. Results below, thanks!

Malwarebytes' Anti-Malware 1.41
Database version: 3011
Windows 5.1.2600 Service Pack 3

10/22/2009 10:32:00 AM
mbam-log-2009-10-22 (10-32-00).txt

Scan type: Quick Scan
Objects scanned: 93728
Time elapsed: 2 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\PEV.exe (Trojan.PWS) -> Quarantined and deleted successfully.

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Full Scan, and press Scan. Remove selected, and post the log in your next reply.

Malwarebytes' Anti-Malware 1.41
Database version: 3016
Windows 5.1.2600 Service Pack 3

10/23/2009 4:00:52 PM
mbam-log-2009-10-23 (16-00-52).txt

Scan type: Full Scan (C:\|)
Objects scanned: 159036
Time elapsed: 15 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thanks!

Let's do a final check, hopefully:

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.
[color:05d5="red"]Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

Thanks, and yes I do have a few more questions.

1) Can you tell me how I can regain control of my Spybot SnD? I can not modify, delete, run, or re-download the program. It says that I do not have permission. The original virus that I got is apparently gone, but I still do not have permissions to use Spybot SnD.

2) My mouse issue appears to be the port itself, but I'm not educated enough to know whether or not it's a software issue that changed when getting hit with this virus. It could have coincidentally failed on me at the same time this virus hit. Do you know how I can diagnose this, or at least determine if there is a software or registry issue pertaining to my mouse port? The mouse works when I use a USB port. I get no response when using my rear port and this started the same night I got this virus.

Thank you so much for your help!

I recommend to reinstall Spybot. I provided the install link above, so you can find the site.

Find this entry in Device Manager (Right-click My Computer and click Manage. Then click the Device Manager on the left side):
HID-compliant mouse by Microsoft

Right-click on that entry and click Uninstall.
Then, press the following shortcut on your keyboard:
Alt + a + a
(Press the Alt key, then a, then press a again)

That should have selected, Scan for Hardware Changes. Windows should reinstall that driver automatically for your mouse. Then, let me know the status afterwards.

Thanks, however I cannot reinstall Spybot. I already have SpyBot.exe on my PC and it will not allow me to write over the existing file because I do not have appropriate access/permissions on said file. I also cannot delete or rename the file.

I did the above for the mouse. The rear mouse port is still non-responsive. I have tried different mice as well.

Thanks again DragonMaster Jay!