[Trojan.Win32.Swisyn.aedm]

Hi Screen 317,

The DDS without word wrap is posted below. Before I try all the last suggestions, can I ask you the following questions?

From the info provided, does it look to be real or false?

Should not Malwarebytes be able to do the removal without these other programs? If not, can you explain briefly why these other steps are required?

Thanks

DDS (Ver_10-03-17.01) - NTFSx86

Run by Dan at 16:30:49.93 on Sat 07/24/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1544 [GMT -5:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\WINDOWS\system32\hphmon03.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\SmartDisk\FlashPath\sdstat.exe

C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MailWasher.exe

C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe

C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

svchost.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTSvcCDA.EXE

C:\WINDOWS\system32\dleecoms.exe

C:\WINDOWS\ehome\ehSched.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe

C:\WINDOWS\system32\slrundll.exe

C:\WINDOWS\system32\HPHipm09.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\PROGRA~1\FBMSOF~1\ZEROSP~1\ZEROSP~1.EXE

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Netscape\Netscape\Netscp.exe

C:\Documents and Settings\Dan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://208.226.8.76:5000/main.cgi?next_file=main.htm

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html

uInternet Settings,ProxyOverride = *.local

BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.7.0.12\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll

TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell printable web\toolband.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [Desktop Weather 3] c:\progra~1\thewea~1\The Weather Channel.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [ZSScheduler] rundll32.exe "c:\program files\fbm software\zerospyware\zsscheduler.dll", runscheduler c:\program files\fbm software\zerospyware\

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [HPHmon03] c:\windows\system32\hphmon03.exe

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [CTDVDDet] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

dRunOnce: [setDefaultMidi] MIDIDEF.EXE

mExplorerRun: [NoActiveDesktopChanges] 00000000

mExplorerRun: [NoActiveDesktop] 0 (0x0)

mExplorerRun: [NoSaveSettings] 0 (0x0)

mExplorerRun: [ClassicShell] 0 (0x0)

StartupFolder: c:\docume~1\dan\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\flashp~1.lnk - c:\program files\smartdisk\flashpath\sdstat.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imaget~1.lnk - c:\program files\sony corporation\image transfer\SonyTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\LAUNCH~1.LNK -

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\MailWasher.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monitor.lnk - c:\program files\arcsoft\media card companion\MCC Monitor.exe

uPolicies-explorer: NoActiveDesktopChanges = 00000000

uPolicies-explorer: NoFileurl = 0 (0x0)

uPolicies-explorer: NoViewOnDrive = 0 (0x0)

mPolicies-explorer: NoSimpleStartMenu = 0 (0x0)

IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: aol.com\free

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {1F75C3DC-38E2-4424-A028-217AA4CB43CA} - hxxp://208.226.8.76:5000/adm/NetCamMotionDetect.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {511073AD-BE56-4D43-AE68-93390514385E} - file://c:\program files\gateway\helpspot\TechTools.CAB

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114297393103

DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} - file://c:\program files\gateway\helpspot\RunExeActiveX.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} - file://c:\program files\gateway\helpspot\StartFirstControl.CAB

DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} - hxxp://68.109.65.182:8002/PlayerPT.cab

DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} - hxxp://sonris-www.dnr.state.la.us/forms90/jinitiator/jinit.exe

DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CE37E095-ACFF-4380-A856-A560D389E5E1} - file://c:\program files\gateway\helpspot\XPLControl.CAB

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} - hxxp://208.226.8.76:5000/NetCamPlayerWeb11gv2.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1107000.00c\symds.sys [2010-5-20 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1107000.00c\symefa.sys [2010-5-20 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\bashdefs\20100709.001\BHDrvx86.sys [2010-7-12 691248]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1107000.00c\cchpx86.sys [2010-5-20 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1107000.00c\ironx86.sys [2010-5-20 116784]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]

R2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe -service --> c:\windows\system32\dleecoms.exe -service [?]

R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.sys [2005-4-23 3584]

R2 FlashNT;FlashNT;c:\windows\system32\drivers\FLASHNT.SYS [2005-4-23 72784]

R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.7.0.12\ccsvchst.exe [2010-5-20 126392]

R2 Sdselect;Sdselect;c:\windows\system32\drivers\sdselect.sys [2005-4-23 73296]

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]

R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]

R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-13 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\ipsdefs\20100723.001\IDSXpx86.sys [2010-7-24 331640]

R3 MauiIIIG;Emuzed Maui III-G Device;c:\windows\system32\drivers\MauiIIIG.sys [2005-4-23 175232]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-26 38224]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\virusdefs\20100724.002\NAVENG.SYS [2010-7-24 85424]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\virusdefs\20100724.002\NAVEX15.SYS [2010-7-24 1362608]

R3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\drivers\P1130Vid.sys [2005-4-23 90357]

S1 WinRTUSB;Digital Voice Recorder DDR2K;c:\windows\system32\drivers\WinRTUSB.sys [2005-4-23 38968]

S2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleeserv.exe [2009-12-25 98984]

S2 gupdate1ca0ef525627e8e;Google Update Service (gupdate1ca0ef525627e8e);c:\program files\google\update\GoogleUpdate.exe [2009-7-27 133104]

S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-12-23 79360]

S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]

S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]

S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]

S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]

S3 inibtmgr;WD Bridge Controller Driver;c:\windows\system32\drivers\inibtmgr.sys [2005-4-23 9728]

S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-12-23 709248]

S4 FileDeleter;ZeroSpyware FileDeleter;c:\progra~1\fbmsof~1\zerosp~1\FileDeleter.exe [2005-4-24 229376]

=============== Created Last 30 ================

2010-07-18 11:44:52 0 d-----w- C:\Spyware Log

2010-07-17 16:07:02 54156 ---ha-w- c:\windows\QTFont.qfn

2010-07-17 16:07:02 1409 ----a-w- c:\windows\QTFont.for

2010-07-14 01:20:12 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-12 05:21:54 0 d-----w- C:\GOLIST DX Newsletters

2010-07-12 05:21:38 0 d-----w- C:\GOLIST

2010-07-12 03:36:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

==================== Find3M ====================

2010-07-24 20:45:17 131072 ----a-w- c:\windows\system32\datestamp.dll

2010-07-17 16:03:33 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT

2010-07-12 07:02:02 2069272 ----a-w- c:\windows\system32\AutoPartNt.exe

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-27 19:10:08 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2004-07-30 14:56:22 90112 ----a-w- c:\program files\common files\PCSBclean.exe

2004-07-26 20:30:14 291840 ----a-w- c:\program files\common files\PCSBoff.exe

2010-04-24 03:08:30 16384 --sha-w- c:\windows\temp\cookies\index.dat

2010-04-24 03:08:30 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat

2010-04-24 03:08:30 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 16:31:58.00 ===============

[Trojan.Win32.Swisyn.aedm]

OK, thanks for the help!

Here is the Regsearch log:

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman

[Trojan.Win32.Swisyn.aedm]

Zerospyware detected this malware: Trojan.Win32.Swisyn.aedm

It gave the following details:

Application Name:

Trojan.Win32.Swisyn.aedm

Manufacturer: N/A

Description:

A trojan which is a keylogger program that can capture all user keystrokes (including confidential details such username, password, credit card number, etc.). It may also represent security risk for the compromised system and/or its network environment

Platforms Affected: Windows 98, Windows ME, Windows 2000 and Windows XP

Distribution Method:N/A

Effect: Privacy Threat, Security Risk, System Instability

Variants and Versions: N/A

Date Released: N/A

Components:

HKEY_CLASSES_ROOT\mswinsock.winsock: 1

HKEY_CLASSES_ROOT\mswinsock.winsock(default): 1

HKEY_CLASSES_ROOT\mswinsock.winsockCLSID\: 1

HKEY_CLASSES_ROOT\mswinsock.winsockCurVer\: 1

The latest Malwarebytes scan detects nothing. Here is the log file it generated:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4345

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/24/2010 4:02:38 PM

mbam-log-2010-07-24 (16-02-38).txt

Scan type: Quick scan

Objects scanned: 153541

Time elapsed: 15 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Any suggestion as what to do? Zerospyware suggests quarintine, but messing with registry winsock files causes me concern. Perhaps this is a false positive, any idea how to further make a determination?

[Trojan.FakeAV.KZB and Zerospyware]

Thanks for the assistance!

www.virustotal.com

comdlg.dll result

File comdlg32.dll received on 2010.05.26 07:09:12 (UTC)

Current status: finished

Result: 0/41 (0.00%)

Compact Compact

Print results Print results

Antivirus Version Last Update Result

a-squared 4.5.0.50 2010.05.10 -

AhnLab-V3 2010.05.26.00 2010.05.26 -

AntiVir 8.2.1.242 2010.05.25 -

Antiy-AVL 2.0.3.7 2010.05.25 -

Authentium 5.2.0.5 2010.05.26 -

Avast 4.8.1351.0 2010.05.25 -

Avast5 5.0.332.0 2010.05.25 -

AVG 9.0.0.787 2010.05.25 -

BitDefender 7.2 2010.05.26 -

CAT-QuickHeal 10.00 2010.05.26 -

ClamAV 0.96.0.3-git 2010.05.26 -

Comodo 4942 2010.05.25 -

DrWeb 5.0.2.03300 2010.05.26 -

eSafe 7.0.17.0 2010.05.25 -

eTrust-Vet 35.2.7509 2010.05.25 -

F-Prot 4.6.0.103 2010.05.25 -

F-Secure 9.0.15370.0 2010.05.26 -

Fortinet 4.1.133.0 2010.05.25 -

GData 21 2010.05.26 -

Ikarus T3.1.1.84.0 2010.05.26 -

Jiangmin 13.0.900 2010.05.24 -

Kaspersky 7.0.0.125 2010.05.26 -

McAfee 5.400.0.1158 2010.05.26 -

McAfee-GW-Edition 2010.1 2010.05.25 -

Microsoft 1.5802 2010.05.26 -

NOD32 5145 2010.05.25 -

Norman 6.04.12 2010.05.25 -

nProtect 2010-05-25.01 2010.05.25 -

Panda 10.0.2.7 2010.05.26 -

PCTools 7.0.3.5 2010.05.26 -

Prevx 3.0 2010.05.26 -

Rising 22.49.02.03 2010.05.26 -

Sophos 4.53.0 2010.05.26 -

Sunbelt 6356 2010.05.26 -

Symantec 20101.1.0.89 2010.05.26 -

TheHacker 6.5.2.0.287 2010.05.25 -

TrendMicro 9.120.0.1004 2010.05.26 -

TrendMicro-HouseCall 9.120.0.1004 2010.05.26 -

VBA32 3.12.12.5 2010.05.25 -

ViRobot 2010.5.20.2326 2010.05.26 -

VirusBuster 5.0.27.0 2010.05.25 -

Additional information

File size: 276992 bytes

MD5 : 86987a5000dfa3ebe2275c0456bcf2fe

SHA1 : 097776790214f0f3489f749be018c84f2dc929d2

SHA256: 31b699e8fd11dd59adbae56650c1b7ae80484091b3b6d9015a95f590e2c3eb05

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x1619

timedatestamp.....: 0x4802A0C9 (Mon Apr 14 02:09:45 2008)

machinetype.......: 0x14C (Intel I386)

( 4 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x2FEFD 0x30000 6.48 964c21d6d46e206ba18e57fa4b224d5c

.data 0x31000 0x3460 0xE00 2.61 7721d330f1b716cc36633b89d10655ec

.rsrc 0x35000 0x101F8 0x10200 4.44 f087195cc90e1847662907319546bba4

.reloc 0x46000 0x24DC 0x2600 6.73 4ab4bc65be8f93d3b72d97b366ef60b7

( 8 imports )

> advapi32.dll: RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegEnumValueW, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW, RegQueryValueW

> comctl32.dll: -, -, -, -, PropertySheetW, CreatePropertySheetPageW, -, -, -, -, -, -, -, -, -, -, -, InitCommonControlsEx, ImageList_GetIconSize, -, ImageList_Destroy, -, -, -, ImageList_Draw, CreateToolbarEx

> gdi32.dll: Rectangle, CreateSolidBrush, DeleteObject, GetStockObject, CreatePen, GetNearestColor, DeleteDC, CreateCompatibleDC, RealizePalette, SelectPalette, PatBlt, BitBlt, LineTo, MoveToEx, CreateCompatibleBitmap, CreateDIBitmap, CreateDiscardableBitmap, GetObjectW, GetTextMetricsW, ExtTextOutW, SetBkMode, SetTextColor, SetBkColor, GetTextExtentPointW, EnumFontFamiliesExW, GetDeviceCaps, GetTextCharset, TextOutW, GetTextCharsetInfo, SetViewportExtEx, SetWindowExtEx, SetMapMode, GetWindowExtEx, GetViewportExtEx, GetMapMode, TranslateCharsetInfo, CreateFontIndirectW, ExcludeClipRect, CreateDCW, CreateICW, CreateFontW, CreateRectRgnIndirect, GetCharWidth32W, SelectObject, SelectClipRgn

> kernel32.dll: FindResourceA, GetACP, GetProcAddress, GetModuleHandleW, MulDiv, lstrcpynW, lstrcmpW, GlobalFree, GlobalAlloc, lstrcpyW, lstrcpyA, DeleteCriticalSection, TlsFree, TlsAlloc, InitializeCriticalSectionAndSpinCount, DisableThreadLibraryCalls, DeleteFileW, GetTempFileNameW, GetProfileStringW, GetLocaleInfoW, GlobalUnlock, GlobalLock, GlobalReAlloc, FreeLibrary, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetTickCount, SetErrorMode, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InterlockedDecrement, InterlockedIncrement, GetSystemDefaultUILanguage, FindResourceExW, ExpandEnvironmentStringsW, FreeResource, LoadResource, LockResource, SetCurrentDirectoryW, CreateEventW, GetModuleFileNameW, LoadLibraryW, CreateThread, WaitForSingleObject, ResetEvent, FreeLibraryAndExitThread, LocalReAlloc, GetFullPathNameW, GetFileAttributesW, GetProcessVersion, GetVolumeInformationW, GetUserDefaultLCID, TlsSetValue, FormatMessageW, FindFirstFileW, FindNextFileW, FindClose, LocalSize, WideCharToMultiByte, CloseHandle, GetVersionExA, InterlockedExchange, GetModuleHandleA, DelayLoadFailureHook, FindResourceW, LocalFree, MultiByteToWideChar, lstrlenA, LocalAlloc, SetLastError, TlsGetValue, lstrlenW, SizeofResource, LeaveCriticalSection, EnterCriticalSection, GetLastError, GetShortPathNameW, GetCurrentDirectoryW, CreateFileW, lstrcmpiW, GetDriveTypeW, SetEvent, GetCurrentThreadId

> ntdll.dll: RtlUnwind, _wcsicmp, wcslen, RtlUnicodeStringToAnsiString, RtlAnsiStringToUnicodeString, RtlUnicodeToMultiByteSize, RtlInitUnicodeStringEx, RtlIsNameLegalDOS8Dot3, _chkstk, _vsnwprintf, memmove, NtQueryVirtualMemory

> shell32.dll: SHAddToRecentDocs, -, -, SHBindToParent, -, -, SHGetPathFromIDListW, -, -, -, -, -, -, -, -, -, -, SHGetDesktopFolder, SHGetMalloc, -, SheChangeDirExW, SHGetFileInfoW, SHGetSpecialFolderPathW, SHGetSpecialFolderLocation, SHCreateShellItem, -, -, -, -, -, -, -, SHGetFolderLocation, -, -, -, -, -, -, -, -, -

> shlwapi.dll: PathAddBackslashW, -, -, -, StrCmpW, -, -, PathIsUNCW, UrlIsW, PathFindExtensionW, -, SHRegGetValueW, PathFileExistsW, -, StrDupW, -, -, StrStrW, PathCombineW, PathMatchSpecW, PathGetDriveNumberW, SHOpenRegStream2W, -, -, StrCmpIW, -, StrRetToBufW, -, PathFindFileNameW, -, SHRegGetBoolUSValueW, StrCmpNIW, wvnsprintfW, PathRemoveBlanksW, PathIsRootW, wnsprintfW, StrRChrW, -, -, PathSkipRootW, StrChrW

> user32.dll: DialogBoxIndirectParamW, CharPrevW, KillTimer, GetWindowTextLengthW, CreateDialogIndirectParamA, SetTimer, IsWindowVisible, MsgWaitForMultipleObjects, TranslateMessage, DispatchMessageW, CreatePopupMenu, DestroyMenu, BeginDeferWindowPos, DeferWindowPos, EndDeferWindowPos, PeekMessageW, EnumChildWindows, GetDlgCtrlID, SetWindowsHookExW, LoadAcceleratorsW, UnhookWindowsHookEx, CreateDialogIndirectParamW, GetSystemMenu, DeleteMenu, SetParent, CallNextHookEx, LockWindowUpdate, GetWindow, GetLastActivePopup, FindWindowExW, RedrawWindow, DrawTextW, DrawIcon, GetWindowPlacement, SetWindowPlacement, GetKeyState, LoadIconW, LoadImageW, RegisterClipboardFormatW, GetKeyboardLayout, DestroyWindow, GetDlgItemTextA, SetDlgItemTextA, CheckRadioButton, IsWindow, RegisterWindowMessageA, RegisterWindowMessageW, MessageBeep, IsDlgButtonChecked, CheckDlgButton, SetWindowTextW, DlgDirListW, SetDlgItemTextW, GetWindowTextW, MessageBoxW, PostMessageW, CharNextW, DefWindowProcW, GrayStringW, CharLowerW, GetDialogBaseUnits, ScreenToClient, CreateWindowExW, GetWindowLongA, LoadStringW, GetSystemMetrics, ShowCursor, LoadCursorW, SetCursor, IntersectRect, EqualRect, GetSysColorBrush, InvalidateRect, IsWindowEnabled, WinHelpW, BeginPaint, EndPaint, SetPropW, PtInRect, SetCapture, ClipCursor, ValidateRect, ChildWindowFromPoint, DialogBoxIndirectParamAorW, CreateDialogIndirectParamAorW, CharNextA, GetWindowLongW, FrameRect, GetSysColor, CopyRect, ReleaseDC, DrawFocusRect, InflateRect, GetDC, GetFocus, MapWindowPoints, GetClientRect, GetDlgItem, CallWindowProcW, SetFocus, GetDlgItemInt, SetDlgItemInt, GetDlgItemTextW, RemovePropW, EndDialog, UpdateWindow, SendDlgItemMessageW, SetWindowPos, EnableWindow, ShowWindow, MoveWindow, SetWindowLongW, GetWindowRect, DrawEdge, FillRect, GetParent, SendMessageW, GetPropW, TranslateAcceleratorW

( 1 exports )

> ChooseColorA, ChooseColorW, ChooseFontA, ChooseFontW, CommDlgExtendedError, FindTextA, FindTextW, GetFileTitleA, GetFileTitleW, GetOpenFileNameA, GetOpenFileNameW, GetSaveFileNameA, GetSaveFileNameW, LoadAlterBitmap, PageSetupDlgA, PageSetupDlgW, PrintDlgA, PrintDlgExA, PrintDlgExW, PrintDlgW, ReplaceTextA, ReplaceTextW, Ssync_ANSI_UNICODE_Struct_For_WOW, WantArrows, dwLBSubclass, dwOKSubclass

TrID : File type identification

Win32 Executable MS Visual C++ (generic) (53.1%)

Windows Screen Saver (18.4%)

Win32 Executable Generic (12.0%)

Win32 Dynamic Link Library (generic) (10.6%)

Generic Win/DOS Executable (2.8%)

ssdeep: -

sigcheck: publisher....: Microsoft Corporation

copyright....: © Microsoft Corporation. All rights reserved.

product......: Microsoft_ Windows_ Operating System

description..: Common Dialogs DLL

original name: comdlg32.dll

internal name: comdlg32

file version.: 6.00.2900.5512 (xpsp.080413-2105)

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEiD : -

RDS : NSRL Reference Data Set

oledlg.dll result

File 7529A63100B9BD08E01801CAC2C39A0084060BC7.dll received on 2010.05.23 05:56:31 (UTC)

Current status: finished

Result: 0/41 (0.00%)

Compact Compact

Print results Print results

Antivirus Version Last Update Result

a-squared 4.5.0.50 2010.05.10 -

AhnLab-V3 2010.05.23.00 2010.05.22 -

AntiVir 8.2.1.242 2010.05.21 -

Antiy-AVL 2.0.3.7 2010.05.21 -

Authentium 5.2.0.5 2010.05.22 -

Avast 4.8.1351.0 2010.05.22 -

Avast5 5.0.332.0 2010.05.22 -

AVG 9.0.0.787 2010.05.23 -

BitDefender 7.2 2010.05.23 -

CAT-QuickHeal 10.00 2010.05.21 -

ClamAV 0.96.0.3-git 2010.05.22 -

Comodo 4918 2010.05.23 -

DrWeb 5.0.2.03300 2010.05.23 -

eSafe 7.0.17.0 2010.05.20 -

eTrust-Vet None 2010.05.21 -

F-Prot 4.6.0.103 2010.05.23 -

F-Secure 9.0.15370.0 2010.05.22 -

Fortinet 4.1.133.0 2010.05.22 -

GData 21 2010.05.23 -

Ikarus T3.1.1.84.0 2010.05.23 -

Jiangmin 13.0.900 2010.05.22 -

Kaspersky 7.0.0.125 2010.05.23 -

McAfee 5.400.0.1158 2010.05.23 -

McAfee-GW-Edition 2010.1 2010.05.23 -

Microsoft 1.5802 2010.05.23 -

NOD32 5138 2010.05.22 -

Norman 6.04.12 2010.05.22 -

nProtect 2010-05-22.01 2010.05.22 -

Panda 10.0.2.7 2010.05.22 -

PCTools 7.0.3.5 2010.05.23 -

Prevx 3.0 2010.05.23 -

Rising 22.48.06.03 2010.05.23 -

Sophos 4.53.0 2010.05.23 -

Sunbelt 6341 2010.05.23 -

Symantec 20101.1.0.89 2010.05.23 -

TheHacker 6.5.2.0.285 2010.05.23 -

TrendMicro 9.120.0.1004 2010.05.22 -

TrendMicro-HouseCall 9.120.0.1004 2010.05.23 -

VBA32 3.12.12.5 2010.05.22 -

ViRobot 2010.5.20.2326 2010.05.22 -

VirusBuster 5.0.27.0 2010.05.22 -

Additional information

File size: 122880 bytes

MD5 : 0b467f470cc9918fdceedcfd7dc4d697

SHA1 : 1cb8c72bc84e5e1f21c72aca356f1fc91cd4a704

SHA256: 87c8bcc4dff318fc393a8c0fb0b82ccc9da83ec0f5811cf303f3ac265a575578

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x11759

timedatestamp.....: 0x4802A117 (Mon Apr 14 02:11:03 2008)

machinetype.......: 0x14C (Intel I386)

( 4 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x12693 0x12800 6.40 45117fbb928e78c7a030dc362df2f2f8

.data 0x14000 0x136C 0x200 1.37 5ecd1c97ec69a51963958999263056e5

.rsrc 0x16000 0xA010 0xA200 4.53 b067c9dc540d7dc64407935995e790e2

.reloc 0x21000 0xFE4 0x1000 6.16 4ed1bf81b131925cf441b5f5a00d31d6

( 7 imports )

> advapi32.dll: RegNotifyChangeKeyValue, RegOpenKeyW, RegQueryValueW, RegEnumKeyW, RegCloseKey

> gdi32.dll: CreateICW, GetMetaFileBitsEx, GetTextExtentPointW, CreateCompatibleDC, BitBlt, GetBkColor, DeleteDC, CreateSolidBrush, SetBkMode, UnrealizeObject, SetBrushOrgEx, SetBkColor, ExtTextOutW, SaveDC, SetMapMode, SetViewportOrgEx, SetViewportExtEx, EnumMetaFile, PlayMetaFile, RestoreDC, CreateCompatibleBitmap, CreateBitmap, SetDIBits, GetBitmapBits, PlayMetaFileRecord, GetStockObject, SelectObject, GetTextMetricsW, DeleteObject, GetObjectW, CreateFontIndirectW, GetDeviceCaps, SetTextColor

> kernel32.dll: GetProcAddress, LoadLibraryW, lstrcmpW, lstrcmpiA, MultiByteToWideChar, SearchPathW, FindClose, FindFirstFileW, GetShortPathNameW, GetCurrentDirectoryW, GetFileAttributesW, TlsGetValue, GetVersion, TlsAlloc, TlsFree, LocalFree, TlsSetValue, LocalAlloc, GlobalSize, ResetEvent, WaitForSingleObject, CreateEventW, CloseHandle, MulDiv, FindNextFileW, DisableThreadLibraryCalls, GetVersionExW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, lstrcmpiW, lstrlenW, GetFullPathNameW, IsBadStringPtrW, IsBadCodePtr, IsBadWritePtr, CompareFileTime, GetDateFormatW, FileTimeToSystemTime, FileTimeToLocalFileTime, GetTimeFormatW, LocalFileTimeToFileTime, SystemTimeToFileTime, GetSystemTime, WideCharToMultiByte, IsBadReadPtr, GetNumberFormatW, GetLocaleInfoW, LockResource, LoadResource, FindResourceW, GlobalLock, FreeLibrary, GlobalAlloc, GlobalFree, GlobalUnlock

> msvcrt.dll: _onexit, __dllonexit, _adjust_fdiv, _initterm, __2@YAPAXI@Z, __3@YAXPAX@Z, iswalpha, _except_handler3, wcschr, malloc, free, _vsnwprintf, memmove, _resetstkoflw

> ntdll.dll: RtlFreeHeap, RtlAllocateHeap, RtlImageNtHeader

> ole32.dll: OleDuplicateData, ReleaseStgMedium, OleMetafilePictFromIconAndLabel, GetClassFile, CLSIDFromProgID, OleGetIconOfFile, OleCreateLinkToFile, OleCreateFromFile, OleRegGetUserType, CoGetMalloc, OleQueryCreateFromData, OleQueryLinkFromData, OleGetClipboard, CoTaskMemRealloc, CoTaskMemFree, IsValidInterface, StringFromCLSID, CLSIDFromString, OleCreate, OleGetIconOfClass

> user32.dll: GetLastActivePopup, IsIconic, LoadIconW, IsWindow, GetDesktopWindow, DialogBoxIndirectParamW, GetWindowLongW, SetPropW, RemovePropW, EnableWindow, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, WinHelpW, GetDlgCtrlID, SetForegroundWindow, ScreenToClient, GetCursorPos, GetPropW, MapWindowPoints, GetClipboardFormatNameW, CharPrevW, GetDialogBaseUnits, GetClientRect, DestroyWindow, UpdateWindow, InvalidateRect, IsDlgButtonChecked, CreateIcon, GetSystemMetrics, DrawFocusRect, DrawIcon, GetSysColor, RegisterWindowMessageW, GetFocus, EndPaint, GetWindowWord, BeginPaint, FillRect, SetWindowWord, DefWindowProcW, RegisterClassW, LoadCursorW, CheckDlgButton, CharNextW, DialogBoxParamW, SetTimer, KillTimer, InflateRect, PeekMessageW, DispatchMessageW, TranslateMessage, IsDialogMessageW, DrawMenuBar, GetMenu, GetActiveWindow, DestroyMenu, InsertMenuW, CreatePopupMenu, DeleteMenu, RegisterClipboardFormatW, GetForegroundWindow, SetClipboardViewer, ChangeClipboardChain, LoadBitmapW, ShowCursor, SetCursor, CharLowerW, GetWindow, GetWindowThreadProcessId, GetWindowTextW, IsWindowEnabled, GetDlgItemInt, MessageBoxW, DestroyIcon, GetParent, GetWindowTextLengthW, SetFocus, CheckRadioButton, SetDlgItemInt, CreateWindowExW, GetDlgItem, ShowWindow, LoadStringW, SendMessageW, PostMessageW, EndDialog, GetDlgItemTextW, SetWindowLongW, SetDlgItemTextW, SendDlgItemMessageW, SetWindowTextW, IsWindowVisible, ChildWindowFromPointEx

( 1 exports )

> OleUIAddVerbMenuA, OleUIAddVerbMenuW, OleUIBusyA, OleUIBusyW, OleUICanConvertOrActivateAs, OleUIChangeIconA, OleUIChangeIconW, OleUIChangeSourceA, OleUIChangeSourceW, OleUIConvertA, OleUIConvertW, OleUIEditLinksA, OleUIEditLinksW, OleUIInsertObjectA, OleUIInsertObjectW, OleUIObjectPropertiesA, OleUIObjectPropertiesW, OleUIPasteSpecialA, OleUIPasteSpecialW, OleUIPromptUserA, OleUIPromptUserW, OleUIUpdateLinksA, OleUIUpdateLinksW

TrID : File type identification

Win32 Executable MS Visual C++ (generic) (65.2%)

Win32 Executable Generic (14.7%)

Win32 Dynamic Link Library (generic) (13.1%)

Generic Win/DOS Executable (3.4%)

DOS Executable Generic (3.4%)

ssdeep: 1536:xpg+5cfZrz1wYZ7HtkwuFQCdcdlwT8/zEw+fNgG121Ab8Lqzn4Ck/6CutK5:WZrzmYJHmQqwlwT8c21Ab8Lqzi6C

sigcheck: publisher....: Microsoft Corporation

copyright....: © Microsoft Corporation. All rights reserved.

product......: Microsoft Windows OLE 2.0 User Interface Support

description..: Microsoft Windows OLE 2.0 User Interface Support

original name: OLEDLG.DLL

internal name: OLEDLG

file version.: 1.0 (xpsp.080413-2108)

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEiD : -

RDS : NSRL Reference Data Set

-

Hello Dan 76049! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

• The process of cleaning your system may take some time, so please be patient.
  
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  
• Instructions that I give are for your system only!
  
• If you don't know or can't understand something please ask.
  
• Do not install or uninstall any software or hardware, while work on.
  

Please go to www.virustotal.com and upload the following files:

C:\WINDOWS\system32\comdlg32.dll

C:\WINDOWS\system32\oledlg.dll

Please post the resaults in your next reply here.

[Trojan.FakeAV.KZB and Zerospyware]

After a recent Windows Update of XP Service Pack 3, Zerospyware identified the Windows System32 file of "comdlg32.dll" and "oledlg.dll" as having Trojan.FakeAV.KZB. The program on several attempts failed to remove it. After lots of hair pulling and googling, I fount MWB and used it.

On the first MWB Quick Scan I found 4 Adware instances and removed them, log file shown below. Then after removal, did a full scan with MWB and it shows zero issues. Zerospyware still shows the Trojan.FakeAV.KZB and cites the two files named above. MWB does not. Norton AV 2010 is showing no problems. No problems with computer, although it boots quicker after the 4 adwares were removed by MWB.

My question is this. Based on this whole story, does anyone thing the Zerospyware alert is real or is it most likely a false positive? Any help would be most appreciated.

MWB Log file 1....

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4147

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/26/2010 10:27:43 PM

mbam-log-2010-05-26 (22-27-43).txt

Scan type: Quick scan

Objects scanned: 142320

Time elapsed: 14 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 6

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227d9c-0efe-4f8a-aa55-30386a3f5686} (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6f7d-442c-93e3-4a4827c2e4c8} (Adware.NetOptimizer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

MWB Log file 2 after Adware removal....

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4147

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/27/2010 1:34:04 AM

mbam-log-2010-05-27 (01-34-04).txt

Scan type: Full scan (C:\|)

Objects scanned: 380500

Time elapsed: 2 hour(s), 36 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ZeroSpyware still shows the Trojan.FakeAV.KZB in the two system 32 dll files!!!

Thanks in advance for any suggestions!