On June 15th, my ZAP log mentions some:
OSFW,2008/06/15,11:04:32 -7:00 GMT,UNKNOWN(0),Microsoft Windows Malicious
Software Removal
Tool,C:\WINDOWS\system32\MRT.exe,PROCESS,OPENPROCESS,DST,\SystemRoot\System32\smss.exe
I realise it now, looking into my ZAP logs file.

Later in the summer this line multiplied dozens of times in the log and I
realize that too now, but before, I started having ZAP alerts, the violet
ones saying
Generic Host Program for win32 services is trying to act as a server
and red alerts saying
LSA Shell Export Version is trying to communicate with
C:\Windows\system32\Zonelabs\UpdClient.exe by opening its process,
application Isass.exe.
among other things.
I always denied them but did not find the time to check this problem.
I have lots of problems in my p/c's function and today I tried to restore
before this date (June 16th) basically in order to avoid those alerts and
eventual trojan provoking them but I cannot restore before August (when I
press the left arrow of restore system calendar being in August it does not
function to lead me to July).
Why is that?
Tks for immediate response.

"E. T." <(E-Mail Removed)> wrote in message
news:02C675AF-8B33-4B64-B744-(E-Mail Removed)...
> On June 15th, my ZAP log mentions some:
> OSFW,2008/06/15,11:04:32 -7:00 GMT,UNKNOWN(0),Microsoft Windows Malicious
> Software Removal
> Tool,C:\WINDOWS\system32\MRT.exe,PROCESS,OPENPROCESS,DST,\SystemRoot\System32\smss.exe
> I realise it now, looking into my ZAP logs file.
>
> Later in the summer this line multiplied dozens of times in the log and I
> realize that too now, but before, I started having ZAP alerts, the violet
> ones saying
> Generic Host Program for win32 services is trying to act as a server
> and red alerts saying
> LSA Shell Export Version is trying to communicate with
> C:\Windows\system32\Zonelabs\UpdClient.exe by opening its process,
> application Isass.exe.
> among other things.
> I always denied them but did not find the time to check this problem.
> I have lots of problems in my p/c's function and today I tried to restore
> before this date (June 16th) basically in order to avoid those alerts and
> eventual trojan provoking them but I cannot restore before August (when I
> press the left arrow of restore system calendar being in August it does
> not
> function to lead me to July).
> Why is that?

Restore only keeps a limited number of restore points. As new ones are
created the older ones are deleted. The reason you cannot get into July is
that there are no restore points available prior to August. You can
increase the space available for restore points but this won't solve your
current problem

Download, install, update and scan your System with Malwarebytes, and Spybot
Search & Destroy.
Do it in Safe mode if necessary, and do it with your Anti-virus as well,
while in Safe Mode..
All info below.

http://www.spybot.info/en/index.html

Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program.
Download, install, update, and immunize your System with it.
Then SCAN with it.
Update it, and scan your System once a fortnight.

http://www.malwarebytes.org/mbam.php

Malwarebytes is as the name says, a Malware Remover!
For the Free version scroll down their page to either download from
Download.com, or Major Geeks.com

Download, install, and update.

Important re: Safe Mode
If you happen to find a problem that you can’t uninstall / delete, reboot
the computer, and go into Safe Mode.
To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow
key to get to Safe Mode from list of options, then hit ENTER.
RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D
while in Safe Mode.

--
Mad Mike


"E. T." wrote:

> On June 15th, my ZAP log mentions some:
> OSFW,2008/06/15,11:04:32 -7:00 GMT,UNKNOWN(0),Microsoft Windows Malicious
> Software Removal
> Tool,C:\WINDOWS\system32\MRT.exe,PROCESS,OPENPROCESS,DST,\SystemRoot\System32\smss.exe
> I realise it now, looking into my ZAP logs file.
>
> Later in the summer this line multiplied dozens of times in the log and I
> realize that too now, but before, I started having ZAP alerts, the violet
> ones saying
> Generic Host Program for win32 services is trying to act as a server
> and red alerts saying
> LSA Shell Export Version is trying to communicate with
> C:\Windows\system32\Zonelabs\UpdClient.exe by opening its process,
> application Isass.exe.
> among other things.
> I always denied them but did not find the time to check this problem.
> I have lots of problems in my p/c's function and today I tried to restore
> before this date (June 16th) basically in order to avoid those alerts and
> eventual trojan provoking them but I cannot restore before August (when I
> press the left arrow of restore system calendar being in August it does not
> function to lead me to July).
> Why is that?
> Tks for immediate response.
>

Even if you had an earlier Restore Point available, using it prolly wouldn't
address your problems.

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_R...:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/...moving_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
conjunction with some other utilities). HijackThis will NOT fix anything on
its own, but it will help you to both identify and remove any
hijackware/spyware with assistance from an expert. **Post your log to
http://spywarehammer.com/simplemachi...php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or another appropriate forum for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


E. T. wrote:
> On June 15th, my ZAP log mentions some:
> OSFW,2008/06/15,11:04:32 -7:00 GMT,UNKNOWN(0),Microsoft Windows Malicious
> Software Removal
> Tool,C:\WINDOWS\system32\MRT.exe,PROCESS,OPENPROCESS,DST,\SystemRoot\System32\smss.exe
> I realise it now, looking into my ZAP logs file.
>
> Later in the summer this line multiplied dozens of times in the log and I
> realize that too now, but before, I started having ZAP alerts, the violet
> ones saying
> Generic Host Program for win32 services is trying to act as a server
> and red alerts saying
> LSA Shell Export Version is trying to communicate with
> C:\Windows\system32\Zonelabs\UpdClient.exe by opening its process,
> application Isass.exe.
> among other things.
> I always denied them but did not find the time to check this problem.
> I have lots of problems in my p/c's function and today I tried to restore
> before this date (June 16th) basically in order to avoid those alerts and
> eventual trojan provoking them but I cannot restore before August (when I
> press the left arrow of restore system calendar being in August it does
> not
> function to lead me to July).
> Why is that?
> Tks for immediate response.