Adaware detected Win32tr\.\perDelf. I have deleted and quarantined the virus . Both times setting a restore point. After the reboot the windows installer comes up and tries to onstall "photo gallery" saying it needs the disk, etc. I cancel and get another window for unhandled exception which stays on top. I can cnt+alt+del and get rid of the window but it pops back up again with a restart. How do I get rid of this trojan?

Hello,

Thanks for posting! I believe this is a false detection!
Was the name of the detected file mfc70u.dll?

If so, it was reported here:
http://www.lavasoftsupport.com/index.php?showtopic=26375

This will likely be fixed in our next update, but in the meantime, if you could post the ad-aware scan log as per the instructions here:
http://www.lavasoftsupport.com/index.php?showtopic=18033
Then I'll be glad to review and advise but I do think that is the one being falsely detected.

Hi,

he Win32.Trojandropper.Delf detection was a false positive and has been fixed in update 0149.0008 - please update Ad-Aware to get the latest definition file.

Regards,

Andy
Lavasoft Malware Labs

Jane - The name of the file is win32tr\.\perDelf. Now if it is a false positive then something else is going on which started after I tried deleting this file in AdAware. I repeated the scan and the same file was still there. I am getting the malware activity at startup as I described in my first posting.

Here is the log of that first scan:

MSG [3476] 2009/07/18 10:47:56: Configure new scan with profile: full
MSG [3476] 2009/07/18 10:47:56: -> scanning critical objects
MSG [3476] 2009/07/18 10:47:56: -> scanning running processes
MSG [3476] 2009/07/18 10:47:56: -> scanning registry
MSG [3476] 2009/07/18 10:47:56: -> scanning lsp
MSG [3476] 2009/07/18 10:47:56: -> scanning ads
MSG [3476] 2009/07/18 10:47:56: -> scanning hosts file
MSG [3476] 2009/07/18 10:47:56: -> scanning mru objects
MSG [3476] 2009/07/18 10:47:56: -> scanning browser hijacks
MSG [3476] 2009/07/18 10:47:56: -> scanning cookies
MSG [3476] 2009/07/18 10:47:56: -> neutralizing rootkits
MSG [3476] 2009/07/18 10:47:56: -> use spyware heuristics
MSG [3476] 2009/07/18 10:47:56: -> scan archives
MSG [3476] 2009/07/18 10:47:56: -> file size limit = 20480 kB (0 = unlimited)
MSG [3476] 2009/07/18 10:47:56: -> scan file/path = C:\
MSG [3260] 2009/07/18 11:16:33: Scan was completed in 1716 seconds
MSG [3260] 2009/07/18 11:16:33: Objects processed: 158257, infections detected: 2
MSG [3348] 2009/07/18 11:18:09: Remediating 2 infections
MSG [3348] 2009/07/18 11:18:21: Infections quarantined: 2, removed: 0, repaired: 0
MSG [3348] 2009/07/18 11:18:21: Infections ignored by remediation: 0 (0 whitelisted, 0 skipped).
MSG [3476] 2009/07/18 11:18:21: Dumping scan report:
>>> Logfile created: 7/18/2009 10:47:57
>>> Lavasoft Ad-Aware version: 8.0.7
>>> Extended engine version: 8.1
>>> User performing scan: tim simpson
>>>
>>> *********************** Definitions database information ***********************
>>> Lavasoft definition file: 149.7
>>> Extended engine definition file: 8.1
>>>
>>> ******************************** Scan results: *********************************
>>> Scan profile name: Full Scan (ID: full)
>>> Objects scanned: 158257
>>> Objects detected: 2
>>>
>>>
>>> Type Detected
>>> ==========================
>>> Processes.......: 0
>>> Registry entries: 0
>>> Hostfile entries: 0
>>> Files...........: 2
>>> Folders.........: 0
>>> LSPs............: 0
>>> Cookies.........: 0
>>> Browser hijacks.: 0
>>> MRU objects.....: 0
>>>
>>>
>>>
>>> Quarantined items:
>>> Description: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP397\A0032871.dll Family Name: Win32.TrojanDropper.Delf Clean status: Success Item ID: 1238256 Family ID: 1385
>>> Description: C:\WINDOWS\system32\mfc70u.dll Family Name: Win32.TrojanDropper.Delf Clean status: Success Item ID: 1238256 Family ID: 1385
>>>
>>> Scan and cleaning complete: Finished correctly after 1716 seconds
>>>
>>> *********************************** Settings ***********************************
>>>
>>> Scan profile:
>>> ID: full, enabled:1, value: Full Scan
>>> ID: scancriticalareas, enabled:1, value: true
>>> ID: scanrunningapps, enabled:1, value: true
>>> ID: scanregistry, enabled:1, value: true
>>> ID: scanlsp, enabled:1, value: true
>>> ID: scanads, enabled:1, value: true
>>> ID: scanhostsfile, enabled:1, value: true
>>> ID: scanmru, enabled:1, value: true
>>> ID: scanbrowserhijacks, enabled:1, value: true
>>> ID: scantrackingcookies, enabled:1, value: true
>>> ID: closebrowsers, enabled:1, value: false
>>> ID: folderstoscan, enabled:1, value: C:\
>>> ID: usespywareheuristics, enabled:1, value: true
>>> ID: extendedengine, enabled:0, value: true
>>> ID: useheuristics, enabled:0, value: true
>>> ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
>>> ID: filescanningoptions, enabled:1
>>> ID: scanrootkits, enabled:1, value: true
>>> ID: archives, enabled:1, value: true
>>> ID: onlyexecutables, enabled:1, value: false
>>> ID: skiplargerthan, enabled:1, value: 20480
>>>
>>> Scan global:
>>> ID: global, enabled:1
>>> ID: addtocontextmenu, enabled:1, value: true
>>> ID: playsoundoninfection, enabled:1, value: false
>>> ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
>>>
>>> Scheduled scan settings:
>>> <Empty>
>>>
>>> Update settings:
>>> ID: updates, enabled:1
>>> ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
>>> ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>> ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>> ID: schedules, enabled:1, value: true
>>> ID: updatedaily, enabled:1, value: Daily
>>> ID: time, enabled:1, value: Sat Feb 28 10:34:00 2009
>>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:1
>>> ID: monday, enabled:1, value: false
>>> ID: tuesday, enabled:1, value: false
>>> ID: wednesday, enabled:1, value: false
>>> ID: thursday, enabled:1, value: false
>>> ID: friday, enabled:1, value: false
>>> ID: saturday, enabled:1, value: false
>>> ID: sunday, enabled:1, value: false
>>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:1, value:
>>> ID: auto_deal_with_infections, enabled:1, value: false
>>> ID: updateweekly, enabled:1, value: Weekly
>>> ID: time, enabled:1, value: Sat Feb 28 10:34:00 2009
>>> ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:1
>>> ID: monday, enabled:1, value: true
>>> ID: tuesday, enabled:1, value: false
>>> ID: wednesday, enabled:1, value: false
>>> ID: thursday, enabled:1, value: false
>>> ID: friday, enabled:1, value: false
>>> ID: saturday, enabled:1, value: true
>>> ID: sunday, enabled:1, value: false
>>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:1, value:
>>> ID: auto_deal_with_infections, enabled:1, value: false
>>>
>>> Appearance settings:
>>> ID: appearance, enabled:1
>>> ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
>>> ID: showtrayicon, enabled:1, value: true
>>> ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
>>>
>>> Realtime protection settings:
>>> ID: realtime, enabled:1
>>> ID: processprotection, enabled:1, value: true
>>> ID: registryprotection, enabled:0, value: false
>>> ID: networkprotection, enabled:0, value: false
>>> ID: usespywareheuristics, enabled:0, value: true
>>> ID: extendedengine, enabled:0, value: false
>>> ID: useheuristics, enabled:0, value: false
>>> ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
>>> ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
>>>
>>>
>>> ****************************** System information ******************************
>>> Computer name: DELLINSP2
>>> Processor name: Intel® Pentium® Dual CPU T2330 @ 1.60GHz
>>> Processor identifier: x86 Family 6 Model 15 Stepping 13
>>> Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3853, number of processors 2
>>> Physical memory available: 597479424 bytes
>>> Physical memory total: 1063223296 bytes
>>> Virtual memory available: 2054963200 bytes
>>> Virtual memory total: 2147352576 bytes
>>> Memory load: 43%
>>> Microsoft Windows XP Professional Service Pack 3 (build 2600)
>>> Windows startup mode:
>>>
>>> Running processes:
>>> PID: 632 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 700 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 728 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 772 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 784 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 960 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1028 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
>>> PID: 1124 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1248 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
>>> PID: 1344 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 1480 name: C:\WINDOWS\System32\WLTRYSVC.EXE owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1500 name: C:\WINDOWS\System32\bcmwltry.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1508 name: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1520 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1620 name: C:\Program Files\Alwil Software\Avast4\ashServ.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1880 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 184 name: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE owner: SYSTEM domain: NT AUTHORITY
>>> PID: 240 name: C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 292 name: C:\Program Files\Dell Support Center\bin\sprtsvc.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 472 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 508 name: C:\WINDOWS\system32\wdfmgr.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 584 name: C:\WINDOWS\system32\fxssvc.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1452 name: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1840 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1924 name: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2244 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2264 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 2952 name: C:\WINDOWS\system32\wscntfy.exe owner: tim simpson domain: DELLINSP2
>>> PID: 2984 name: C:\WINDOWS\Explorer.EXE owner: tim simpson domain: DELLINSP2
>>> PID: 3468 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: tim simpson domain: DELLINSP2
>>> PID: 3524 name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe owner: tim simpson domain: DELLINSP2
>>> PID: 3532 name: C:\WINDOWS\OEM02Mon.exe owner: tim simpson domain: DELLINSP2
>>> PID: 3540 name: C:\Program Files\Dell\QuickSet\quickset.exe owner: tim simpson domain: DELLINSP2
>>> PID: 3548 name: C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe owner: tim simpson domain: DELLINSP2
>>> PID: 3564 name: C:\WINDOWS\system32\WLTRAY.exe owner: tim simpson domain: DELLINSP2
>>> PID: 3572 name: C:\WINDOWS\stsystra.exe owner: tim simpson domain: DELLINSP2
>>> PID: 3584 name: C:\WINDOWS\system32\KADxMain.exe owner: tim simpson domain: DELLINSP2
>>> PID: 3664 name: C:\Program Files\Dell\MediaDirect\PCMService.exe owner: tim simpson domain: DELLINSP2
>>> PID: 4024 name: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe owner: tim simpson domain: DELLINSP2
>>> PID: 372 name: C:\WINDOWS\system32\igfxsrvc.exe owner: tim simpson domain: DELLINSP2
>>> PID: 388 name: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe owner: tim simpson domain: DELLINSP2
>>> PID: 452 name: C:\Program Files\Dell Support Center\bin\sprtcmd.exe owner: tim simpson domain: DELLINSP2
>>> PID: 644 name: C:\Program Files\Visioneer OneTouch\OneTouchMon.exe owner: tim simpson domain: DELLINSP2
>>> PID: 528 name: C:\WINDOWS\system32\hkcmd.exe owner: tim simpson domain: DELLINSP2
>>> PID: 2064 name: C:\WINDOWS\system32\igfxpers.exe owner: tim simpson domain: DELLINSP2
>>> PID: 2672 name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe owner: tim simpson domain: DELLINSP2
>>> PID: 2660 name: C:\WINDOWS\system32\ctfmon.exe owner: tim simpson domain: DELLINSP2
>>> PID: 2840 name: C:\Program Files\Digital Line Detect\DLG.exe owner: tim simpson domain: DELLINSP2
>>> PID: 2900 name: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe owner: tim simpson domain: DELLINSP2
>>> PID: 2960 name: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe owner: tim simpson domain: DELLINSP2
>>> PID: 2228 name: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe owner: tim simpson domain: DELLINSP2
>>> PID: 2352 name: C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe owner: tim simpson domain: DELLINSP2
>>> PID: 1912 name: C:\WINDOWS\system32\HPZinw12.exe owner: tim simpson domain: DELLINSP2
>>> PID: 296 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: tim simpson domain: DELLINSP2
>>>
>>> Startup items:
>>> Name: SynTPEnh
>>> imagepath: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
>>> Name: OEM02Mon.exe
>>> imagepath: C:\WINDOWS\OEM02Mon.exe
>>> Name: Dell QuickSet
>>> imagepath: C:\Program Files\Dell\QuickSet\quickset.exe
>>> Name: DELL Webcam Manager
>>> imagepath: "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
>>> Name: Broadcom Wireless Manager UI
>>> imagepath: C:\WINDOWS\system32\WLTRAY.exe
>>> Name: SigmatelSysTrayApp
>>> imagepath: stsystra.exe
>>> Name: KADxMain
>>> imagepath: C:\WINDOWS\system32\KADxMain.exe
>>> Name: ECenter
>>> imagepath: C:\Dell\E-Center\EULALauncher.exe
>>> Name: dscactivate
>>> imagepath: C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
>>> Name: PCMService
>>> imagepath: "C:\Program Files\Dell\MediaDirect\PCMService.exe"
>>> Name: BuildBU
>>> imagepath: c:\dell\bldbubg.exe
>>> Name: avast!
>>> imagepath: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
>>> Name: HP Software Update
>>> imagepath: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
>>> Name: DellSupportCenter
>>> imagepath: "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
>>> Name: OneTouch Monitor
>>> imagepath: C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
>>> Name: IgfxTray
>>> imagepath: C:\WINDOWS\system32\igfxtray.exe
>>> Name: HotKeysCmds
>>> imagepath: C:\WINDOWS\system32\hkcmd.exe
>>> Name: Persistence
>>> imagepath: C:\WINDOWS\system32\igfxpers.exe
>>> Name: Adobe Reader Speed Launcher
>>> imagepath: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
>>> Name: Ad-Watch
>>> imagepath: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
>>> Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
>>> imagepath: Browseui preloader
>>> Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
>>> imagepath: Component Categories cache daemon
>>> Name: PostBootReminder
>>> imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
>>> Name: CDBurn
>>> imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
>>> Name: WebCheck
>>> imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
>>> Name: SysTray
>>> imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
>>> Name:
>>> location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
>>> imagepath: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
>>> Name:
>>> imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
>>> Name:
>>> location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
>>> imagepath: C:\Program Files\Digital Line Detect\DLG.exe
>>> Name:
>>> location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
>>> imagepath: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
>>> Name:
>>> location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
>>> imagepath: C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
>>>
>>> Bootexecute items:
>>> Name:
>>> imagepath: autocheck autochk *
>>> Name:
>>> imagepath: lsdelete
>>>
>>> Running services:
>>> Name: ALG
>>> displayname: Application Layer Gateway Service
>>> Name: aswUpdSv
>>> displayname: avast! iAVS4 Control Service
>>> Name: AudioSrv
>>> displayname: Windows Audio
>>> Name: avast! Antivirus
>>> displayname: avast! Antivirus
>>> Name: avast! Mail Scanner
>>> displayname: avast! Mail Scanner
>>> Name: avast! Web Scanner
>>> displayname: avast! Web Scanner
>>> Name: BITS
>>> displayname: Background Intelligent Transfer Service
>>> Name: Browser
>>> displayname: Computer Browser
>>> Name: CryptSvc
>>> displayname: Cryptographic Services
>>> Name: DcomLaunch
>>> displayname: DCOM Server Process Launcher
>>> Name: Dhcp
>>> displayname: DHCP Client
>>> Name: Dnscache
>>> displayname: DNS Client
>>> Name: ERSvc
>>> displayname: Error Reporting Service
>>> Name: Eventlog
>>> displayname: Event Log
>>> Name: EventSystem
>>> displayname: COM+ Event System
>>> Name: FastUserSwitchingCompatibility
>>> displayname: Fast User Switching Compatibility
>>> Name: Fax
>>> displayname: Fax
>>> Name: helpsvc
>>> displayname: Help and Support
>>> Name: lanmanserver
>>> displayname: Server
>>> Name: lanmanworkstation
>>> displayname: Workstation
>>> Name: Lavasoft Ad-Aware Service
>>> displayname: Lavasoft Ad-Aware Service
>>> Name: LmHosts
>>> displayname: TCP/IP NetBIOS Helper
>>> Name: MDM
>>> displayname: Machine Debug Manager
>>> Name: Netman
>>> displayname: Network Connections
>>> Name: Nla
>>> displayname: Network Location Awareness (NLA)
>>> Name: PlugPlay
>>> displayname: Plug and Play
>>> Name: Pml Driver HPZ12
>>> displayname: Pml Driver HPZ12
>>> Name: PolicyAgent
>>> displayname: IPSEC Services
>>> Name: ProtectedStorage
>>> displayname: Protected Storage
>>> Name: RasMan
>>> displayname: Remote Access Connection Manager
>>> Name: RemoteRegistry
>>> displayname: Remote Registry
>>> Name: RpcSs
>>> displayname: Remote Procedure Call (RPC)
>>> Name: SamSs
>>> displayname: Security Accounts Manager
>>> Name: Schedule
>>> displayname: Task Scheduler
>>> Name: seclogon
>>> displayname: Secondary Logon
>>> Name: SENS
>>> displayname: System Event Notification
>>> Name: SharedAccess
>>> displayname: Windows Firewall/Internet Connection Sharing (ICS)
>>> Name: ShellHWDetection
>>> displayname: Shell Hardware Detection
>>> Name: Spooler
>>> displayname: Print Spooler
>>> Name: sprtsvc_dellsupportcenter
>>> displayname: SupportSoft Sprocket Service (dellsupportcenter)
>>> Name: srservice
>>> displayname: System Restore Service
>>> Name: SSDPSRV
>>> displayname: SSDP Discovery Service
>>> Name: stisvc
>>> displayname: Windows Image Acquisition (WIA)
>>> Name: TapiSrv
>>> displayname: Telephony
>>> Name: TermService
>>> displayname: Terminal Services
>>> Name: Themes
>>> displayname: Themes
>>> Name: TrkWks
>>> displayname: Distributed Link Tracking Client
>>> Name: UMWdf
>>> displayname: Windows User Mode Driver Framework
>>> Name: w32time
>>> displayname: Windows Time
>>> Name: WebClient
>>> displayname: WebClient
>>> Name: winmgmt
>>> displayname: Windows Management Instrumentation
>>> Name: wltrysvc
>>> displayname: Dell Wireless WLAN Tray Service
>>> Name: wscsvc
>>> displayname: Security Center
>>> Name: wuauserv
>>> displayname: Automatic Updates
>>> Name: WZCSVC
>>> displayname: Wireless Zero Configuration
>>>
>>>

CALAMITY JANE - you were right (of course) the update got rid of the false positive. The installer window is tring to reinstall part of my HP photsmart software for my network printer. That was uninstalled accidently by adaware. Unfortunately I can't find the reinstall disk, yet. When I get the msi package it should reinstall it and fix the error

Hello,

Thanks for posting the log. Yes, that was a false detection. Did you reboot (restart) your computer after you quarantined the file? If not please do that now.

Then after the reboot please check in your quarantine to see if the quarantined file is there and restore them from quarantine
Here is how:
How to Restore an Item from Quarantine
In case you deleted a file that was a false detection

That should resolve the problem without having to reinstall the program. Let me know