Jump to content

Dan 76049

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Screen 317, The DDS without word wrap is posted below. Before I try all the last suggestions, can I ask you the following questions? From the info provided, does it look to be real or false? Should not Malwarebytes be able to do the removal without these other programs? If not, can you explain briefly why these other steps are required? Thanks DDS (Ver_10-03-17.01) - NTFSx86 Run by Dan at 16:30:49.93 on Sat 07/24/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1544 [GMT -5:00] AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\WINDOWS\system32\hphmon03.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AWS\WeatherBug\Weather.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SmartDisk\FlashPath\sdstat.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MailWasher.exe C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe svchost.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\WINDOWS\system32\dleecoms.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe C:\WINDOWS\system32\slrundll.exe C:\WINDOWS\system32\HPHipm09.exe C:\WINDOWS\ehome\ehmsas.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\PROGRA~1\FBMSOF~1\ZEROSP~1\ZEROSP~1.EXE C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Netscape\Netscape\Netscp.exe C:\Documents and Settings\Dan\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://208.226.8.76:5000/main.cgi?next_file=main.htm uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html uInternet Settings,ProxyOverride = *.local BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.7.0.12\IPSBHO.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell printable web\toolband.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [Desktop Weather 3] c:\progra~1\thewea~1\The Weather Channel.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1 uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [ZSScheduler] rundll32.exe "c:\program files\fbm software\zerospyware\zsscheduler.dll", runscheduler c:\program files\fbm software\zerospyware\ mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe mRun: [HPHmon03] c:\windows\system32\hphmon03.exe mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [CTDVDDet] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe dRunOnce: [setDefaultMidi] MIDIDEF.EXE mExplorerRun: [NoActiveDesktopChanges] 00000000 mExplorerRun: [NoActiveDesktop] 0 (0x0) mExplorerRun: [NoSaveSettings] 0 (0x0) mExplorerRun: [ClassicShell] 0 (0x0) StartupFolder: c:\docume~1\dan\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\flashp~1.lnk - c:\program files\smartdisk\flashpath\sdstat.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imaget~1.lnk - c:\program files\sony corporation\image transfer\SonyTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\LAUNCH~1.LNK - StartupFolder: c:\documents and settings\all users\start menu\programs\startup\MailWasher.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monitor.lnk - c:\program files\arcsoft\media card companion\MCC Monitor.exe uPolicies-explorer: NoActiveDesktopChanges = 00000000 uPolicies-explorer: NoFileurl = 0 (0x0) uPolicies-explorer: NoViewOnDrive = 0 (0x0) mPolicies-explorer: NoSimpleStartMenu = 0 (0x0) IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: aol.com\free DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {1F75C3DC-38E2-4424-A028-217AA4CB43CA} - hxxp://208.226.8.76:5000/adm/NetCamMotionDetect.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab DPF: {511073AD-BE56-4D43-AE68-93390514385E} - file://c:\program files\gateway\helpspot\TechTools.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114297393103 DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} - file://c:\program files\gateway\helpspot\RunExeActiveX.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} - file://c:\program files\gateway\helpspot\StartFirstControl.CAB DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} - hxxp://68.109.65.182:8002/PlayerPT.cab DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} - hxxp://sonris-www.dnr.state.la.us/forms90/jinitiator/jinit.exe DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CE37E095-ACFF-4380-A856-A560D389E5E1} - file://c:\program files\gateway\helpspot\XPLControl.CAB DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} - hxxp://208.226.8.76:5000/NetCamPlayerWeb11gv2.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL ============= SERVICES / DRIVERS =============== R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1107000.00c\symds.sys [2010-5-20 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1107000.00c\symefa.sys [2010-5-20 173104] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\bashdefs\20100709.001\BHDrvx86.sys [2010-7-12 691248] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1107000.00c\cchpx86.sys [2010-5-20 501888] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1107000.00c\ironx86.sys [2010-5-20 116784] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312] R2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe -service --> c:\windows\system32\dleecoms.exe -service [?] R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.sys [2005-4-23 3584] R2 FlashNT;FlashNT;c:\windows\system32\drivers\FLASHNT.SYS [2005-4-23 72784] R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.7.0.12\ccsvchst.exe [2010-5-20 126392] R2 Sdselect;Sdselect;c:\windows\system32\drivers\sdselect.sys [2005-4-23 73296] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-13 102448] R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\ipsdefs\20100723.001\IDSXpx86.sys [2010-7-24 331640] R3 MauiIIIG;Emuzed Maui III-G Device;c:\windows\system32\drivers\MauiIIIG.sys [2005-4-23 175232] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-26 38224] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\virusdefs\20100724.002\NAVENG.SYS [2010-7-24 85424] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\virusdefs\20100724.002\NAVEX15.SYS [2010-7-24 1362608] R3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\drivers\P1130Vid.sys [2005-4-23 90357] S1 WinRTUSB;Digital Voice Recorder DDR2K;c:\windows\system32\drivers\WinRTUSB.sys [2005-4-23 38968] S2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleeserv.exe [2009-12-25 98984] S2 gupdate1ca0ef525627e8e;Google Update Service (gupdate1ca0ef525627e8e);c:\program files\google\update\GoogleUpdate.exe [2009-7-27 133104] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-12-23 79360] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296] S3 inibtmgr;WD Bridge Controller Driver;c:\windows\system32\drivers\inibtmgr.sys [2005-4-23 9728] S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-12-23 709248] S4 FileDeleter;ZeroSpyware FileDeleter;c:\progra~1\fbmsof~1\zerosp~1\FileDeleter.exe [2005-4-24 229376] =============== Created Last 30 ================ 2010-07-18 11:44:52 0 d-----w- C:\Spyware Log 2010-07-17 16:07:02 54156 ---ha-w- c:\windows\QTFont.qfn 2010-07-17 16:07:02 1409 ----a-w- c:\windows\QTFont.for 2010-07-14 01:20:12 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-12 05:21:54 0 d-----w- C:\GOLIST DX Newsletters 2010-07-12 05:21:38 0 d-----w- C:\GOLIST 2010-07-12 03:36:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll ==================== Find3M ==================== 2010-07-24 20:45:17 131072 ----a-w- c:\windows\system32\datestamp.dll 2010-07-17 16:03:33 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT 2010-07-12 07:02:02 2069272 ----a-w- c:\windows\system32\AutoPartNt.exe 2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-27 19:10:08 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2004-07-30 14:56:22 90112 ----a-w- c:\program files\common files\PCSBclean.exe 2004-07-26 20:30:14 291840 ----a-w- c:\program files\common files\PCSBoff.exe 2010-04-24 03:08:30 16384 --sha-w- c:\windows\temp\cookies\index.dat 2010-04-24 03:08:30 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat 2010-04-24 03:08:30 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 16:31:58.00 ===============
  2. OK, thanks for the help! Here is the Regsearch log: Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman
  3. Zerospyware detected this malware: Trojan.Win32.Swisyn.aedm It gave the following details: Application Name: Trojan.Win32.Swisyn.aedm Manufacturer: N/A Description: A trojan which is a keylogger program that can capture all user keystrokes (including confidential details such username, password, credit card number, etc.). It may also represent security risk for the compromised system and/or its network environment Platforms Affected: Windows 98, Windows ME, Windows 2000 and Windows XP Distribution Method:N/A Effect: Privacy Threat, Security Risk, System Instability Variants and Versions: N/A Date Released: N/A Components: HKEY_CLASSES_ROOT\mswinsock.winsock: 1 HKEY_CLASSES_ROOT\mswinsock.winsock(default): 1 HKEY_CLASSES_ROOT\mswinsock.winsockCLSID\: 1 HKEY_CLASSES_ROOT\mswinsock.winsockCurVer\: 1 The latest Malwarebytes scan detects nothing. Here is the log file it generated: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4345 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/24/2010 4:02:38 PM mbam-log-2010-07-24 (16-02-38).txt Scan type: Quick scan Objects scanned: 153541 Time elapsed: 15 minute(s), 31 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Any suggestion as what to do? Zerospyware suggests quarintine, but messing with registry winsock files causes me concern. Perhaps this is a false positive, any idea how to further make a determination?
  4. Thanks for the assistance! www.virustotal.com comdlg.dll result File comdlg32.dll received on 2010.05.26 07:09:12 (UTC) Current status: finished Result: 0/41 (0.00%) Compact Compact Print results Print results Antivirus Version Last Update Result a-squared 4.5.0.50 2010.05.10 - AhnLab-V3 2010.05.26.00 2010.05.26 - AntiVir 8.2.1.242 2010.05.25 - Antiy-AVL 2.0.3.7 2010.05.25 - Authentium 5.2.0.5 2010.05.26 - Avast 4.8.1351.0 2010.05.25 - Avast5 5.0.332.0 2010.05.25 - AVG 9.0.0.787 2010.05.25 - BitDefender 7.2 2010.05.26 - CAT-QuickHeal 10.00 2010.05.26 - ClamAV 0.96.0.3-git 2010.05.26 - Comodo 4942 2010.05.25 - DrWeb 5.0.2.03300 2010.05.26 - eSafe 7.0.17.0 2010.05.25 - eTrust-Vet 35.2.7509 2010.05.25 - F-Prot 4.6.0.103 2010.05.25 - F-Secure 9.0.15370.0 2010.05.26 - Fortinet 4.1.133.0 2010.05.25 - GData 21 2010.05.26 - Ikarus T3.1.1.84.0 2010.05.26 - Jiangmin 13.0.900 2010.05.24 - Kaspersky 7.0.0.125 2010.05.26 - McAfee 5.400.0.1158 2010.05.26 - McAfee-GW-Edition 2010.1 2010.05.25 - Microsoft 1.5802 2010.05.26 - NOD32 5145 2010.05.25 - Norman 6.04.12 2010.05.25 - nProtect 2010-05-25.01 2010.05.25 - Panda 10.0.2.7 2010.05.26 - PCTools 7.0.3.5 2010.05.26 - Prevx 3.0 2010.05.26 - Rising 22.49.02.03 2010.05.26 - Sophos 4.53.0 2010.05.26 - Sunbelt 6356 2010.05.26 - Symantec 20101.1.0.89 2010.05.26 - TheHacker 6.5.2.0.287 2010.05.25 - TrendMicro 9.120.0.1004 2010.05.26 - TrendMicro-HouseCall 9.120.0.1004 2010.05.26 - VBA32 3.12.12.5 2010.05.25 - ViRobot 2010.5.20.2326 2010.05.26 - VirusBuster 5.0.27.0 2010.05.25 - Additional information File size: 276992 bytes MD5 : 86987a5000dfa3ebe2275c0456bcf2fe SHA1 : 097776790214f0f3489f749be018c84f2dc929d2 SHA256: 31b699e8fd11dd59adbae56650c1b7ae80484091b3b6d9015a95f590e2c3eb05 PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1619 timedatestamp.....: 0x4802A0C9 (Mon Apr 14 02:09:45 2008) machinetype.......: 0x14C (Intel I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2FEFD 0x30000 6.48 964c21d6d46e206ba18e57fa4b224d5c .data 0x31000 0x3460 0xE00 2.61 7721d330f1b716cc36633b89d10655ec .rsrc 0x35000 0x101F8 0x10200 4.44 f087195cc90e1847662907319546bba4 .reloc 0x46000 0x24DC 0x2600 6.73 4ab4bc65be8f93d3b72d97b366ef60b7 ( 8 imports ) > advapi32.dll: RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegEnumValueW, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW, RegQueryValueW > comctl32.dll: -, -, -, -, PropertySheetW, CreatePropertySheetPageW, -, -, -, -, -, -, -, -, -, -, -, InitCommonControlsEx, ImageList_GetIconSize, -, ImageList_Destroy, -, -, -, ImageList_Draw, CreateToolbarEx > gdi32.dll: Rectangle, CreateSolidBrush, DeleteObject, GetStockObject, CreatePen, GetNearestColor, DeleteDC, CreateCompatibleDC, RealizePalette, SelectPalette, PatBlt, BitBlt, LineTo, MoveToEx, CreateCompatibleBitmap, CreateDIBitmap, CreateDiscardableBitmap, GetObjectW, GetTextMetricsW, ExtTextOutW, SetBkMode, SetTextColor, SetBkColor, GetTextExtentPointW, EnumFontFamiliesExW, GetDeviceCaps, GetTextCharset, TextOutW, GetTextCharsetInfo, SetViewportExtEx, SetWindowExtEx, SetMapMode, GetWindowExtEx, GetViewportExtEx, GetMapMode, TranslateCharsetInfo, CreateFontIndirectW, ExcludeClipRect, CreateDCW, CreateICW, CreateFontW, CreateRectRgnIndirect, GetCharWidth32W, SelectObject, SelectClipRgn > kernel32.dll: FindResourceA, GetACP, GetProcAddress, GetModuleHandleW, MulDiv, lstrcpynW, lstrcmpW, GlobalFree, GlobalAlloc, lstrcpyW, lstrcpyA, DeleteCriticalSection, TlsFree, TlsAlloc, InitializeCriticalSectionAndSpinCount, DisableThreadLibraryCalls, DeleteFileW, GetTempFileNameW, GetProfileStringW, GetLocaleInfoW, GlobalUnlock, GlobalLock, GlobalReAlloc, FreeLibrary, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetTickCount, SetErrorMode, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InterlockedDecrement, InterlockedIncrement, GetSystemDefaultUILanguage, FindResourceExW, ExpandEnvironmentStringsW, FreeResource, LoadResource, LockResource, SetCurrentDirectoryW, CreateEventW, GetModuleFileNameW, LoadLibraryW, CreateThread, WaitForSingleObject, ResetEvent, FreeLibraryAndExitThread, LocalReAlloc, GetFullPathNameW, GetFileAttributesW, GetProcessVersion, GetVolumeInformationW, GetUserDefaultLCID, TlsSetValue, FormatMessageW, FindFirstFileW, FindNextFileW, FindClose, LocalSize, WideCharToMultiByte, CloseHandle, GetVersionExA, InterlockedExchange, GetModuleHandleA, DelayLoadFailureHook, FindResourceW, LocalFree, MultiByteToWideChar, lstrlenA, LocalAlloc, SetLastError, TlsGetValue, lstrlenW, SizeofResource, LeaveCriticalSection, EnterCriticalSection, GetLastError, GetShortPathNameW, GetCurrentDirectoryW, CreateFileW, lstrcmpiW, GetDriveTypeW, SetEvent, GetCurrentThreadId > ntdll.dll: RtlUnwind, _wcsicmp, wcslen, RtlUnicodeStringToAnsiString, RtlAnsiStringToUnicodeString, RtlUnicodeToMultiByteSize, RtlInitUnicodeStringEx, RtlIsNameLegalDOS8Dot3, _chkstk, _vsnwprintf, memmove, NtQueryVirtualMemory > shell32.dll: SHAddToRecentDocs, -, -, SHBindToParent, -, -, SHGetPathFromIDListW, -, -, -, -, -, -, -, -, -, -, SHGetDesktopFolder, SHGetMalloc, -, SheChangeDirExW, SHGetFileInfoW, SHGetSpecialFolderPathW, SHGetSpecialFolderLocation, SHCreateShellItem, -, -, -, -, -, -, -, SHGetFolderLocation, -, -, -, -, -, -, -, -, - > shlwapi.dll: PathAddBackslashW, -, -, -, StrCmpW, -, -, PathIsUNCW, UrlIsW, PathFindExtensionW, -, SHRegGetValueW, PathFileExistsW, -, StrDupW, -, -, StrStrW, PathCombineW, PathMatchSpecW, PathGetDriveNumberW, SHOpenRegStream2W, -, -, StrCmpIW, -, StrRetToBufW, -, PathFindFileNameW, -, SHRegGetBoolUSValueW, StrCmpNIW, wvnsprintfW, PathRemoveBlanksW, PathIsRootW, wnsprintfW, StrRChrW, -, -, PathSkipRootW, StrChrW > user32.dll: DialogBoxIndirectParamW, CharPrevW, KillTimer, GetWindowTextLengthW, CreateDialogIndirectParamA, SetTimer, IsWindowVisible, MsgWaitForMultipleObjects, TranslateMessage, DispatchMessageW, CreatePopupMenu, DestroyMenu, BeginDeferWindowPos, DeferWindowPos, EndDeferWindowPos, PeekMessageW, EnumChildWindows, GetDlgCtrlID, SetWindowsHookExW, LoadAcceleratorsW, UnhookWindowsHookEx, CreateDialogIndirectParamW, GetSystemMenu, DeleteMenu, SetParent, CallNextHookEx, LockWindowUpdate, GetWindow, GetLastActivePopup, FindWindowExW, RedrawWindow, DrawTextW, DrawIcon, GetWindowPlacement, SetWindowPlacement, GetKeyState, LoadIconW, LoadImageW, RegisterClipboardFormatW, GetKeyboardLayout, DestroyWindow, GetDlgItemTextA, SetDlgItemTextA, CheckRadioButton, IsWindow, RegisterWindowMessageA, RegisterWindowMessageW, MessageBeep, IsDlgButtonChecked, CheckDlgButton, SetWindowTextW, DlgDirListW, SetDlgItemTextW, GetWindowTextW, MessageBoxW, PostMessageW, CharNextW, DefWindowProcW, GrayStringW, CharLowerW, GetDialogBaseUnits, ScreenToClient, CreateWindowExW, GetWindowLongA, LoadStringW, GetSystemMetrics, ShowCursor, LoadCursorW, SetCursor, IntersectRect, EqualRect, GetSysColorBrush, InvalidateRect, IsWindowEnabled, WinHelpW, BeginPaint, EndPaint, SetPropW, PtInRect, SetCapture, ClipCursor, ValidateRect, ChildWindowFromPoint, DialogBoxIndirectParamAorW, CreateDialogIndirectParamAorW, CharNextA, GetWindowLongW, FrameRect, GetSysColor, CopyRect, ReleaseDC, DrawFocusRect, InflateRect, GetDC, GetFocus, MapWindowPoints, GetClientRect, GetDlgItem, CallWindowProcW, SetFocus, GetDlgItemInt, SetDlgItemInt, GetDlgItemTextW, RemovePropW, EndDialog, UpdateWindow, SendDlgItemMessageW, SetWindowPos, EnableWindow, ShowWindow, MoveWindow, SetWindowLongW, GetWindowRect, DrawEdge, FillRect, GetParent, SendMessageW, GetPropW, TranslateAcceleratorW ( 1 exports ) > ChooseColorA, ChooseColorW, ChooseFontA, ChooseFontW, CommDlgExtendedError, FindTextA, FindTextW, GetFileTitleA, GetFileTitleW, GetOpenFileNameA, GetOpenFileNameW, GetSaveFileNameA, GetSaveFileNameW, LoadAlterBitmap, PageSetupDlgA, PageSetupDlgW, PrintDlgA, PrintDlgExA, PrintDlgExW, PrintDlgW, ReplaceTextA, ReplaceTextW, Ssync_ANSI_UNICODE_Struct_For_WOW, WantArrows, dwLBSubclass, dwOKSubclass TrID : File type identification Win32 Executable MS Visual C++ (generic) (53.1%) Windows Screen Saver (18.4%) Win32 Executable Generic (12.0%) Win32 Dynamic Link Library (generic) (10.6%) Generic Win/DOS Executable (2.8%) ssdeep: - sigcheck: publisher....: Microsoft Corporation copyright....: © Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: Common Dialogs DLL original name: comdlg32.dll internal name: comdlg32 file version.: 6.00.2900.5512 (xpsp.080413-2105) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEiD : - RDS : NSRL Reference Data Set oledlg.dll result File 7529A63100B9BD08E01801CAC2C39A0084060BC7.dll received on 2010.05.23 05:56:31 (UTC) Current status: finished Result: 0/41 (0.00%) Compact Compact Print results Print results Antivirus Version Last Update Result a-squared 4.5.0.50 2010.05.10 - AhnLab-V3 2010.05.23.00 2010.05.22 - AntiVir 8.2.1.242 2010.05.21 - Antiy-AVL 2.0.3.7 2010.05.21 - Authentium 5.2.0.5 2010.05.22 - Avast 4.8.1351.0 2010.05.22 - Avast5 5.0.332.0 2010.05.22 - AVG 9.0.0.787 2010.05.23 - BitDefender 7.2 2010.05.23 - CAT-QuickHeal 10.00 2010.05.21 - ClamAV 0.96.0.3-git 2010.05.22 - Comodo 4918 2010.05.23 - DrWeb 5.0.2.03300 2010.05.23 - eSafe 7.0.17.0 2010.05.20 - eTrust-Vet None 2010.05.21 - F-Prot 4.6.0.103 2010.05.23 - F-Secure 9.0.15370.0 2010.05.22 - Fortinet 4.1.133.0 2010.05.22 - GData 21 2010.05.23 - Ikarus T3.1.1.84.0 2010.05.23 - Jiangmin 13.0.900 2010.05.22 - Kaspersky 7.0.0.125 2010.05.23 - McAfee 5.400.0.1158 2010.05.23 - McAfee-GW-Edition 2010.1 2010.05.23 - Microsoft 1.5802 2010.05.23 - NOD32 5138 2010.05.22 - Norman 6.04.12 2010.05.22 - nProtect 2010-05-22.01 2010.05.22 - Panda 10.0.2.7 2010.05.22 - PCTools 7.0.3.5 2010.05.23 - Prevx 3.0 2010.05.23 - Rising 22.48.06.03 2010.05.23 - Sophos 4.53.0 2010.05.23 - Sunbelt 6341 2010.05.23 - Symantec 20101.1.0.89 2010.05.23 - TheHacker 6.5.2.0.285 2010.05.23 - TrendMicro 9.120.0.1004 2010.05.22 - TrendMicro-HouseCall 9.120.0.1004 2010.05.23 - VBA32 3.12.12.5 2010.05.22 - ViRobot 2010.5.20.2326 2010.05.22 - VirusBuster 5.0.27.0 2010.05.22 - Additional information File size: 122880 bytes MD5 : 0b467f470cc9918fdceedcfd7dc4d697 SHA1 : 1cb8c72bc84e5e1f21c72aca356f1fc91cd4a704 SHA256: 87c8bcc4dff318fc393a8c0fb0b82ccc9da83ec0f5811cf303f3ac265a575578 PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x11759 timedatestamp.....: 0x4802A117 (Mon Apr 14 02:11:03 2008) machinetype.......: 0x14C (Intel I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x12693 0x12800 6.40 45117fbb928e78c7a030dc362df2f2f8 .data 0x14000 0x136C 0x200 1.37 5ecd1c97ec69a51963958999263056e5 .rsrc 0x16000 0xA010 0xA200 4.53 b067c9dc540d7dc64407935995e790e2 .reloc 0x21000 0xFE4 0x1000 6.16 4ed1bf81b131925cf441b5f5a00d31d6 ( 7 imports ) > advapi32.dll: RegNotifyChangeKeyValue, RegOpenKeyW, RegQueryValueW, RegEnumKeyW, RegCloseKey > gdi32.dll: CreateICW, GetMetaFileBitsEx, GetTextExtentPointW, CreateCompatibleDC, BitBlt, GetBkColor, DeleteDC, CreateSolidBrush, SetBkMode, UnrealizeObject, SetBrushOrgEx, SetBkColor, ExtTextOutW, SaveDC, SetMapMode, SetViewportOrgEx, SetViewportExtEx, EnumMetaFile, PlayMetaFile, RestoreDC, CreateCompatibleBitmap, CreateBitmap, SetDIBits, GetBitmapBits, PlayMetaFileRecord, GetStockObject, SelectObject, GetTextMetricsW, DeleteObject, GetObjectW, CreateFontIndirectW, GetDeviceCaps, SetTextColor > kernel32.dll: GetProcAddress, LoadLibraryW, lstrcmpW, lstrcmpiA, MultiByteToWideChar, SearchPathW, FindClose, FindFirstFileW, GetShortPathNameW, GetCurrentDirectoryW, GetFileAttributesW, TlsGetValue, GetVersion, TlsAlloc, TlsFree, LocalFree, TlsSetValue, LocalAlloc, GlobalSize, ResetEvent, WaitForSingleObject, CreateEventW, CloseHandle, MulDiv, FindNextFileW, DisableThreadLibraryCalls, GetVersionExW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, lstrcmpiW, lstrlenW, GetFullPathNameW, IsBadStringPtrW, IsBadCodePtr, IsBadWritePtr, CompareFileTime, GetDateFormatW, FileTimeToSystemTime, FileTimeToLocalFileTime, GetTimeFormatW, LocalFileTimeToFileTime, SystemTimeToFileTime, GetSystemTime, WideCharToMultiByte, IsBadReadPtr, GetNumberFormatW, GetLocaleInfoW, LockResource, LoadResource, FindResourceW, GlobalLock, FreeLibrary, GlobalAlloc, GlobalFree, GlobalUnlock > msvcrt.dll: _onexit, __dllonexit, _adjust_fdiv, _initterm, __2@YAPAXI@Z, __3@YAXPAX@Z, iswalpha, _except_handler3, wcschr, malloc, free, _vsnwprintf, memmove, _resetstkoflw > ntdll.dll: RtlFreeHeap, RtlAllocateHeap, RtlImageNtHeader > ole32.dll: OleDuplicateData, ReleaseStgMedium, OleMetafilePictFromIconAndLabel, GetClassFile, CLSIDFromProgID, OleGetIconOfFile, OleCreateLinkToFile, OleCreateFromFile, OleRegGetUserType, CoGetMalloc, OleQueryCreateFromData, OleQueryLinkFromData, OleGetClipboard, CoTaskMemRealloc, CoTaskMemFree, IsValidInterface, StringFromCLSID, CLSIDFromString, OleCreate, OleGetIconOfClass > user32.dll: GetLastActivePopup, IsIconic, LoadIconW, IsWindow, GetDesktopWindow, DialogBoxIndirectParamW, GetWindowLongW, SetPropW, RemovePropW, EnableWindow, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, WinHelpW, GetDlgCtrlID, SetForegroundWindow, ScreenToClient, GetCursorPos, GetPropW, MapWindowPoints, GetClipboardFormatNameW, CharPrevW, GetDialogBaseUnits, GetClientRect, DestroyWindow, UpdateWindow, InvalidateRect, IsDlgButtonChecked, CreateIcon, GetSystemMetrics, DrawFocusRect, DrawIcon, GetSysColor, RegisterWindowMessageW, GetFocus, EndPaint, GetWindowWord, BeginPaint, FillRect, SetWindowWord, DefWindowProcW, RegisterClassW, LoadCursorW, CheckDlgButton, CharNextW, DialogBoxParamW, SetTimer, KillTimer, InflateRect, PeekMessageW, DispatchMessageW, TranslateMessage, IsDialogMessageW, DrawMenuBar, GetMenu, GetActiveWindow, DestroyMenu, InsertMenuW, CreatePopupMenu, DeleteMenu, RegisterClipboardFormatW, GetForegroundWindow, SetClipboardViewer, ChangeClipboardChain, LoadBitmapW, ShowCursor, SetCursor, CharLowerW, GetWindow, GetWindowThreadProcessId, GetWindowTextW, IsWindowEnabled, GetDlgItemInt, MessageBoxW, DestroyIcon, GetParent, GetWindowTextLengthW, SetFocus, CheckRadioButton, SetDlgItemInt, CreateWindowExW, GetDlgItem, ShowWindow, LoadStringW, SendMessageW, PostMessageW, EndDialog, GetDlgItemTextW, SetWindowLongW, SetDlgItemTextW, SendDlgItemMessageW, SetWindowTextW, IsWindowVisible, ChildWindowFromPointEx ( 1 exports ) > OleUIAddVerbMenuA, OleUIAddVerbMenuW, OleUIBusyA, OleUIBusyW, OleUICanConvertOrActivateAs, OleUIChangeIconA, OleUIChangeIconW, OleUIChangeSourceA, OleUIChangeSourceW, OleUIConvertA, OleUIConvertW, OleUIEditLinksA, OleUIEditLinksW, OleUIInsertObjectA, OleUIInsertObjectW, OleUIObjectPropertiesA, OleUIObjectPropertiesW, OleUIPasteSpecialA, OleUIPasteSpecialW, OleUIPromptUserA, OleUIPromptUserW, OleUIUpdateLinksA, OleUIUpdateLinksW TrID : File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) ssdeep: 1536:xpg+5cfZrz1wYZ7HtkwuFQCdcdlwT8/zEw+fNgG121Ab8Lqzn4Ck/6CutK5:WZrzmYJHmQqwlwT8c21Ab8Lqzi6C sigcheck: publisher....: Microsoft Corporation copyright....: © Microsoft Corporation. All rights reserved. product......: Microsoft Windows OLE 2.0 User Interface Support description..: Microsoft Windows OLE 2.0 User Interface Support original name: OLEDLG.DLL internal name: OLEDLG file version.: 1.0 (xpsp.080413-2108) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEiD : - RDS : NSRL Reference Data Set -
  5. After a recent Windows Update of XP Service Pack 3, Zerospyware identified the Windows System32 file of "comdlg32.dll" and "oledlg.dll" as having Trojan.FakeAV.KZB. The program on several attempts failed to remove it. After lots of hair pulling and googling, I fount MWB and used it. On the first MWB Quick Scan I found 4 Adware instances and removed them, log file shown below. Then after removal, did a full scan with MWB and it shows zero issues. Zerospyware still shows the Trojan.FakeAV.KZB and cites the two files named above. MWB does not. Norton AV 2010 is showing no problems. No problems with computer, although it boots quicker after the 4 adwares were removed by MWB. My question is this. Based on this whole story, does anyone thing the Zerospyware alert is real or is it most likely a false positive? Any help would be most appreciated. MWB Log file 1.... Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4147 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/26/2010 10:27:43 PM mbam-log-2010-05-26 (22-27-43).txt Scan type: Quick scan Objects scanned: 142320 Time elapsed: 14 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 6 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227d9c-0efe-4f8a-aa55-30386a3f5686} (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6f7d-442c-93e3-4a4827c2e4c8} (Adware.NetOptimizer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) MWB Log file 2 after Adware removal.... Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4147 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/27/2010 1:34:04 AM mbam-log-2010-05-27 (01-34-04).txt Scan type: Full scan (C:\|) Objects scanned: 380500 Time elapsed: 2 hour(s), 36 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ZeroSpyware still shows the Trojan.FakeAV.KZB in the two system 32 dll files!!! Thanks in advance for any suggestions!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.