I did a full scan and these options were all enabled:
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

The scan turned up a minor problem in one file. I scanned that file using the right click context menu and the problem file was not found because the scan options were as follows:
Scan type: Custom scan (D:\YYYY\JJJJJJ.exe|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra

How can I enable Memory, Startup, Registry and Heuristics for a custom scan?

Thanks.

Ellen

After installing a freeware program, malwarebytes pro (1.70.0.1100) informed me that it put backdoor.bot in quarantine twice, after failing to do so (error code 2):

2013/01/20 01:35:55
Detection c:\program files (x86) \zip password finder\recover.exe backdoor.bot quarantine

2013/01/20 01:38:18
Detection c:\program files (x86) \zip password finder\recover.exe backdoor.bot quarantine

2013/01/20 01:18
Error Quarantine failed: SDKQurantine failed with error code 2

Being unsure if the trojan got through due to the error, I took additional steps. Do I need to do anything else? Why was the trojan detected twice, or were there two trojans in the named file? How do I know if the trojan was quarantined before it did any damage? Should I delete the trojan or leave it in quarantine? Do I need to run combofix too?

Here are the steps I've taken si far:

I manually deleted the freeware program that contained the trojan along with a registry key containing the program's name as well as start menu links to the program.

A search of my registry didn't turn up a key with the string "backdoor."

A quick scan with malwarebytes reported no threats.

A quick scan with GMER turned up a suspicious file, which I think it a safe intel process, based on this from http://www.runscanne...Client.exe.html
"Privacyiconclient.exe with description Intel® Management and Security Status is a process file from company Intel Corporation belonging to product Intel® Management and Security Status. The file is digitally signed from Intel Corporation - VeriSign Time Stamping Services Signer - G2 We do not recommend removing digitally signed files from Intel Corporation"
I've attached the GMER log, but only the above file was marked suspicious, if I'm reading it correctly.

I ran AVG's anti-rootkit scan and it found no problems. I scanned my C: drive with AVG and it found no problems there.

I scanned with Avast's aswMBR but can't interpret the log, which I've also attached. It gave me a choice of fixing the MBR but I'm reluctant to do that w/o knowing what will be fixed. I'm guessing it's the "disk 0 unknown mbr code" but I've read that these custom codes are not always malicious and the other scans turned up no problems. If someone can interpret the log, I'd appreciate it.

I scanned with Sophos Virus Removal Tool, which found no threats.

I checked running processes and didn't find backdoor.bot.

Thanks for any help and advice.

Ellen