Dan 76049
-
Posts
5 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Dan 76049
-
-
OK, thanks for the help!
Here is the Regsearch log:
Windows Registry Editor Version 5.00; Registry Search 2.0 by Bobbi Flekman -
Zerospyware detected this malware: Trojan.Win32.Swisyn.aedm
It gave the following details:
Application Name:Trojan.Win32.Swisyn.aedmManufacturer: N/ADescription:A trojan which is a keylogger program that can capture all user keystrokes (including confidential details such username, password, credit card number, etc.). It may also represent security risk for the compromised system and/or its network environmentPlatforms Affected: Windows 98, Windows ME, Windows 2000 and Windows XPDistribution Method:N/AEffect: Privacy Threat, Security Risk, System InstabilityVariants and Versions: N/ADate Released: N/AComponents:HKEY_CLASSES_ROOT\mswinsock.winsock: 1HKEY_CLASSES_ROOT\mswinsock.winsock(default): 1HKEY_CLASSES_ROOT\mswinsock.winsockCLSID\: 1HKEY_CLASSES_ROOT\mswinsock.winsockCurVer\: 1The latest Malwarebytes scan detects nothing. Here is the log file it generated:
Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4345Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187027/24/2010 4:02:38 PMmbam-log-2010-07-24 (16-02-38).txtScan type: Quick scanObjects scanned: 153541Time elapsed: 15 minute(s), 31 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Any suggestion as what to do? Zerospyware suggests quarintine, but messing with registry winsock files causes me concern. Perhaps this is a false positive, any idea how to further make a determination?
-
Thanks for the assistance!
www.virustotal.com
comdlg.dll result
File comdlg32.dll received on 2010.05.26 07:09:12 (UTC)
Current status: finished
Result: 0/41 (0.00%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.26.00 2010.05.26 -
AntiVir 8.2.1.242 2010.05.25 -
Antiy-AVL 2.0.3.7 2010.05.25 -
Authentium 5.2.0.5 2010.05.26 -
Avast 4.8.1351.0 2010.05.25 -
Avast5 5.0.332.0 2010.05.25 -
AVG 9.0.0.787 2010.05.25 -
BitDefender 7.2 2010.05.26 -
CAT-QuickHeal 10.00 2010.05.26 -
ClamAV 0.96.0.3-git 2010.05.26 -
Comodo 4942 2010.05.25 -
DrWeb 5.0.2.03300 2010.05.26 -
eSafe 7.0.17.0 2010.05.25 -
eTrust-Vet 35.2.7509 2010.05.25 -
F-Prot 4.6.0.103 2010.05.25 -
F-Secure 9.0.15370.0 2010.05.26 -
Fortinet 4.1.133.0 2010.05.25 -
GData 21 2010.05.26 -
Ikarus T3.1.1.84.0 2010.05.26 -
Jiangmin 13.0.900 2010.05.24 -
Kaspersky 7.0.0.125 2010.05.26 -
McAfee 5.400.0.1158 2010.05.26 -
McAfee-GW-Edition 2010.1 2010.05.25 -
Microsoft 1.5802 2010.05.26 -
NOD32 5145 2010.05.25 -
Norman 6.04.12 2010.05.25 -
nProtect 2010-05-25.01 2010.05.25 -
Panda 10.0.2.7 2010.05.26 -
PCTools 7.0.3.5 2010.05.26 -
Prevx 3.0 2010.05.26 -
Rising 22.49.02.03 2010.05.26 -
Sophos 4.53.0 2010.05.26 -
Sunbelt 6356 2010.05.26 -
Symantec 20101.1.0.89 2010.05.26 -
TheHacker 6.5.2.0.287 2010.05.25 -
TrendMicro 9.120.0.1004 2010.05.26 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.26 -
VBA32 3.12.12.5 2010.05.25 -
ViRobot 2010.5.20.2326 2010.05.26 -
VirusBuster 5.0.27.0 2010.05.25 -
Additional information
File size: 276992 bytes
MD5 : 86987a5000dfa3ebe2275c0456bcf2fe
SHA1 : 097776790214f0f3489f749be018c84f2dc929d2
SHA256: 31b699e8fd11dd59adbae56650c1b7ae80484091b3b6d9015a95f590e2c3eb05
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1619
timedatestamp.....: 0x4802A0C9 (Mon Apr 14 02:09:45 2008)
machinetype.......: 0x14C (Intel I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2FEFD 0x30000 6.48 964c21d6d46e206ba18e57fa4b224d5c
.data 0x31000 0x3460 0xE00 2.61 7721d330f1b716cc36633b89d10655ec
.rsrc 0x35000 0x101F8 0x10200 4.44 f087195cc90e1847662907319546bba4
.reloc 0x46000 0x24DC 0x2600 6.73 4ab4bc65be8f93d3b72d97b366ef60b7
( 8 imports )
> advapi32.dll: RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegEnumValueW, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW, RegQueryValueW
> comctl32.dll: -, -, -, -, PropertySheetW, CreatePropertySheetPageW, -, -, -, -, -, -, -, -, -, -, -, InitCommonControlsEx, ImageList_GetIconSize, -, ImageList_Destroy, -, -, -, ImageList_Draw, CreateToolbarEx
> gdi32.dll: Rectangle, CreateSolidBrush, DeleteObject, GetStockObject, CreatePen, GetNearestColor, DeleteDC, CreateCompatibleDC, RealizePalette, SelectPalette, PatBlt, BitBlt, LineTo, MoveToEx, CreateCompatibleBitmap, CreateDIBitmap, CreateDiscardableBitmap, GetObjectW, GetTextMetricsW, ExtTextOutW, SetBkMode, SetTextColor, SetBkColor, GetTextExtentPointW, EnumFontFamiliesExW, GetDeviceCaps, GetTextCharset, TextOutW, GetTextCharsetInfo, SetViewportExtEx, SetWindowExtEx, SetMapMode, GetWindowExtEx, GetViewportExtEx, GetMapMode, TranslateCharsetInfo, CreateFontIndirectW, ExcludeClipRect, CreateDCW, CreateICW, CreateFontW, CreateRectRgnIndirect, GetCharWidth32W, SelectObject, SelectClipRgn
> kernel32.dll: FindResourceA, GetACP, GetProcAddress, GetModuleHandleW, MulDiv, lstrcpynW, lstrcmpW, GlobalFree, GlobalAlloc, lstrcpyW, lstrcpyA, DeleteCriticalSection, TlsFree, TlsAlloc, InitializeCriticalSectionAndSpinCount, DisableThreadLibraryCalls, DeleteFileW, GetTempFileNameW, GetProfileStringW, GetLocaleInfoW, GlobalUnlock, GlobalLock, GlobalReAlloc, FreeLibrary, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetTickCount, SetErrorMode, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InterlockedDecrement, InterlockedIncrement, GetSystemDefaultUILanguage, FindResourceExW, ExpandEnvironmentStringsW, FreeResource, LoadResource, LockResource, SetCurrentDirectoryW, CreateEventW, GetModuleFileNameW, LoadLibraryW, CreateThread, WaitForSingleObject, ResetEvent, FreeLibraryAndExitThread, LocalReAlloc, GetFullPathNameW, GetFileAttributesW, GetProcessVersion, GetVolumeInformationW, GetUserDefaultLCID, TlsSetValue, FormatMessageW, FindFirstFileW, FindNextFileW, FindClose, LocalSize, WideCharToMultiByte, CloseHandle, GetVersionExA, InterlockedExchange, GetModuleHandleA, DelayLoadFailureHook, FindResourceW, LocalFree, MultiByteToWideChar, lstrlenA, LocalAlloc, SetLastError, TlsGetValue, lstrlenW, SizeofResource, LeaveCriticalSection, EnterCriticalSection, GetLastError, GetShortPathNameW, GetCurrentDirectoryW, CreateFileW, lstrcmpiW, GetDriveTypeW, SetEvent, GetCurrentThreadId
> ntdll.dll: RtlUnwind, _wcsicmp, wcslen, RtlUnicodeStringToAnsiString, RtlAnsiStringToUnicodeString, RtlUnicodeToMultiByteSize, RtlInitUnicodeStringEx, RtlIsNameLegalDOS8Dot3, _chkstk, _vsnwprintf, memmove, NtQueryVirtualMemory
> shell32.dll: SHAddToRecentDocs, -, -, SHBindToParent, -, -, SHGetPathFromIDListW, -, -, -, -, -, -, -, -, -, -, SHGetDesktopFolder, SHGetMalloc, -, SheChangeDirExW, SHGetFileInfoW, SHGetSpecialFolderPathW, SHGetSpecialFolderLocation, SHCreateShellItem, -, -, -, -, -, -, -, SHGetFolderLocation, -, -, -, -, -, -, -, -, -
> shlwapi.dll: PathAddBackslashW, -, -, -, StrCmpW, -, -, PathIsUNCW, UrlIsW, PathFindExtensionW, -, SHRegGetValueW, PathFileExistsW, -, StrDupW, -, -, StrStrW, PathCombineW, PathMatchSpecW, PathGetDriveNumberW, SHOpenRegStream2W, -, -, StrCmpIW, -, StrRetToBufW, -, PathFindFileNameW, -, SHRegGetBoolUSValueW, StrCmpNIW, wvnsprintfW, PathRemoveBlanksW, PathIsRootW, wnsprintfW, StrRChrW, -, -, PathSkipRootW, StrChrW
> user32.dll: DialogBoxIndirectParamW, CharPrevW, KillTimer, GetWindowTextLengthW, CreateDialogIndirectParamA, SetTimer, IsWindowVisible, MsgWaitForMultipleObjects, TranslateMessage, DispatchMessageW, CreatePopupMenu, DestroyMenu, BeginDeferWindowPos, DeferWindowPos, EndDeferWindowPos, PeekMessageW, EnumChildWindows, GetDlgCtrlID, SetWindowsHookExW, LoadAcceleratorsW, UnhookWindowsHookEx, CreateDialogIndirectParamW, GetSystemMenu, DeleteMenu, SetParent, CallNextHookEx, LockWindowUpdate, GetWindow, GetLastActivePopup, FindWindowExW, RedrawWindow, DrawTextW, DrawIcon, GetWindowPlacement, SetWindowPlacement, GetKeyState, LoadIconW, LoadImageW, RegisterClipboardFormatW, GetKeyboardLayout, DestroyWindow, GetDlgItemTextA, SetDlgItemTextA, CheckRadioButton, IsWindow, RegisterWindowMessageA, RegisterWindowMessageW, MessageBeep, IsDlgButtonChecked, CheckDlgButton, SetWindowTextW, DlgDirListW, SetDlgItemTextW, GetWindowTextW, MessageBoxW, PostMessageW, CharNextW, DefWindowProcW, GrayStringW, CharLowerW, GetDialogBaseUnits, ScreenToClient, CreateWindowExW, GetWindowLongA, LoadStringW, GetSystemMetrics, ShowCursor, LoadCursorW, SetCursor, IntersectRect, EqualRect, GetSysColorBrush, InvalidateRect, IsWindowEnabled, WinHelpW, BeginPaint, EndPaint, SetPropW, PtInRect, SetCapture, ClipCursor, ValidateRect, ChildWindowFromPoint, DialogBoxIndirectParamAorW, CreateDialogIndirectParamAorW, CharNextA, GetWindowLongW, FrameRect, GetSysColor, CopyRect, ReleaseDC, DrawFocusRect, InflateRect, GetDC, GetFocus, MapWindowPoints, GetClientRect, GetDlgItem, CallWindowProcW, SetFocus, GetDlgItemInt, SetDlgItemInt, GetDlgItemTextW, RemovePropW, EndDialog, UpdateWindow, SendDlgItemMessageW, SetWindowPos, EnableWindow, ShowWindow, MoveWindow, SetWindowLongW, GetWindowRect, DrawEdge, FillRect, GetParent, SendMessageW, GetPropW, TranslateAcceleratorW
( 1 exports )
> ChooseColorA, ChooseColorW, ChooseFontA, ChooseFontW, CommDlgExtendedError, FindTextA, FindTextW, GetFileTitleA, GetFileTitleW, GetOpenFileNameA, GetOpenFileNameW, GetSaveFileNameA, GetSaveFileNameW, LoadAlterBitmap, PageSetupDlgA, PageSetupDlgW, PrintDlgA, PrintDlgExA, PrintDlgExW, PrintDlgW, ReplaceTextA, ReplaceTextW, Ssync_ANSI_UNICODE_Struct_For_WOW, WantArrows, dwLBSubclass, dwOKSubclass
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
ssdeep: -
sigcheck: publisher....: Microsoft Corporation
copyright....: © Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Common Dialogs DLL
original name: comdlg32.dll
internal name: comdlg32
file version.: 6.00.2900.5512 (xpsp.080413-2105)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set
oledlg.dll result
File 7529A63100B9BD08E01801CAC2C39A0084060BC7.dll received on 2010.05.23 05:56:31 (UTC)
Current status: finished
Result: 0/41 (0.00%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.23.00 2010.05.22 -
AntiVir 8.2.1.242 2010.05.21 -
Antiy-AVL 2.0.3.7 2010.05.21 -
Authentium 5.2.0.5 2010.05.22 -
Avast 4.8.1351.0 2010.05.22 -
Avast5 5.0.332.0 2010.05.22 -
AVG 9.0.0.787 2010.05.23 -
BitDefender 7.2 2010.05.23 -
CAT-QuickHeal 10.00 2010.05.21 -
ClamAV 0.96.0.3-git 2010.05.22 -
Comodo 4918 2010.05.23 -
DrWeb 5.0.2.03300 2010.05.23 -
eSafe 7.0.17.0 2010.05.20 -
eTrust-Vet None 2010.05.21 -
F-Prot 4.6.0.103 2010.05.23 -
F-Secure 9.0.15370.0 2010.05.22 -
Fortinet 4.1.133.0 2010.05.22 -
GData 21 2010.05.23 -
Ikarus T3.1.1.84.0 2010.05.23 -
Jiangmin 13.0.900 2010.05.22 -
Kaspersky 7.0.0.125 2010.05.23 -
McAfee 5.400.0.1158 2010.05.23 -
McAfee-GW-Edition 2010.1 2010.05.23 -
Microsoft 1.5802 2010.05.23 -
NOD32 5138 2010.05.22 -
Norman 6.04.12 2010.05.22 -
nProtect 2010-05-22.01 2010.05.22 -
Panda 10.0.2.7 2010.05.22 -
PCTools 7.0.3.5 2010.05.23 -
Prevx 3.0 2010.05.23 -
Rising 22.48.06.03 2010.05.23 -
Sophos 4.53.0 2010.05.23 -
Sunbelt 6341 2010.05.23 -
Symantec 20101.1.0.89 2010.05.23 -
TheHacker 6.5.2.0.285 2010.05.23 -
TrendMicro 9.120.0.1004 2010.05.22 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.23 -
VBA32 3.12.12.5 2010.05.22 -
ViRobot 2010.5.20.2326 2010.05.22 -
VirusBuster 5.0.27.0 2010.05.22 -
Additional information
File size: 122880 bytes
MD5 : 0b467f470cc9918fdceedcfd7dc4d697
SHA1 : 1cb8c72bc84e5e1f21c72aca356f1fc91cd4a704
SHA256: 87c8bcc4dff318fc393a8c0fb0b82ccc9da83ec0f5811cf303f3ac265a575578
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x11759
timedatestamp.....: 0x4802A117 (Mon Apr 14 02:11:03 2008)
machinetype.......: 0x14C (Intel I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x12693 0x12800 6.40 45117fbb928e78c7a030dc362df2f2f8
.data 0x14000 0x136C 0x200 1.37 5ecd1c97ec69a51963958999263056e5
.rsrc 0x16000 0xA010 0xA200 4.53 b067c9dc540d7dc64407935995e790e2
.reloc 0x21000 0xFE4 0x1000 6.16 4ed1bf81b131925cf441b5f5a00d31d6
( 7 imports )
> advapi32.dll: RegNotifyChangeKeyValue, RegOpenKeyW, RegQueryValueW, RegEnumKeyW, RegCloseKey
> gdi32.dll: CreateICW, GetMetaFileBitsEx, GetTextExtentPointW, CreateCompatibleDC, BitBlt, GetBkColor, DeleteDC, CreateSolidBrush, SetBkMode, UnrealizeObject, SetBrushOrgEx, SetBkColor, ExtTextOutW, SaveDC, SetMapMode, SetViewportOrgEx, SetViewportExtEx, EnumMetaFile, PlayMetaFile, RestoreDC, CreateCompatibleBitmap, CreateBitmap, SetDIBits, GetBitmapBits, PlayMetaFileRecord, GetStockObject, SelectObject, GetTextMetricsW, DeleteObject, GetObjectW, CreateFontIndirectW, GetDeviceCaps, SetTextColor
> kernel32.dll: GetProcAddress, LoadLibraryW, lstrcmpW, lstrcmpiA, MultiByteToWideChar, SearchPathW, FindClose, FindFirstFileW, GetShortPathNameW, GetCurrentDirectoryW, GetFileAttributesW, TlsGetValue, GetVersion, TlsAlloc, TlsFree, LocalFree, TlsSetValue, LocalAlloc, GlobalSize, ResetEvent, WaitForSingleObject, CreateEventW, CloseHandle, MulDiv, FindNextFileW, DisableThreadLibraryCalls, GetVersionExW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, lstrcmpiW, lstrlenW, GetFullPathNameW, IsBadStringPtrW, IsBadCodePtr, IsBadWritePtr, CompareFileTime, GetDateFormatW, FileTimeToSystemTime, FileTimeToLocalFileTime, GetTimeFormatW, LocalFileTimeToFileTime, SystemTimeToFileTime, GetSystemTime, WideCharToMultiByte, IsBadReadPtr, GetNumberFormatW, GetLocaleInfoW, LockResource, LoadResource, FindResourceW, GlobalLock, FreeLibrary, GlobalAlloc, GlobalFree, GlobalUnlock
> msvcrt.dll: _onexit, __dllonexit, _adjust_fdiv, _initterm, __2@YAPAXI@Z, __3@YAXPAX@Z, iswalpha, _except_handler3, wcschr, malloc, free, _vsnwprintf, memmove, _resetstkoflw
> ntdll.dll: RtlFreeHeap, RtlAllocateHeap, RtlImageNtHeader
> ole32.dll: OleDuplicateData, ReleaseStgMedium, OleMetafilePictFromIconAndLabel, GetClassFile, CLSIDFromProgID, OleGetIconOfFile, OleCreateLinkToFile, OleCreateFromFile, OleRegGetUserType, CoGetMalloc, OleQueryCreateFromData, OleQueryLinkFromData, OleGetClipboard, CoTaskMemRealloc, CoTaskMemFree, IsValidInterface, StringFromCLSID, CLSIDFromString, OleCreate, OleGetIconOfClass
> user32.dll: GetLastActivePopup, IsIconic, LoadIconW, IsWindow, GetDesktopWindow, DialogBoxIndirectParamW, GetWindowLongW, SetPropW, RemovePropW, EnableWindow, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, WinHelpW, GetDlgCtrlID, SetForegroundWindow, ScreenToClient, GetCursorPos, GetPropW, MapWindowPoints, GetClipboardFormatNameW, CharPrevW, GetDialogBaseUnits, GetClientRect, DestroyWindow, UpdateWindow, InvalidateRect, IsDlgButtonChecked, CreateIcon, GetSystemMetrics, DrawFocusRect, DrawIcon, GetSysColor, RegisterWindowMessageW, GetFocus, EndPaint, GetWindowWord, BeginPaint, FillRect, SetWindowWord, DefWindowProcW, RegisterClassW, LoadCursorW, CheckDlgButton, CharNextW, DialogBoxParamW, SetTimer, KillTimer, InflateRect, PeekMessageW, DispatchMessageW, TranslateMessage, IsDialogMessageW, DrawMenuBar, GetMenu, GetActiveWindow, DestroyMenu, InsertMenuW, CreatePopupMenu, DeleteMenu, RegisterClipboardFormatW, GetForegroundWindow, SetClipboardViewer, ChangeClipboardChain, LoadBitmapW, ShowCursor, SetCursor, CharLowerW, GetWindow, GetWindowThreadProcessId, GetWindowTextW, IsWindowEnabled, GetDlgItemInt, MessageBoxW, DestroyIcon, GetParent, GetWindowTextLengthW, SetFocus, CheckRadioButton, SetDlgItemInt, CreateWindowExW, GetDlgItem, ShowWindow, LoadStringW, SendMessageW, PostMessageW, EndDialog, GetDlgItemTextW, SetWindowLongW, SetDlgItemTextW, SendDlgItemMessageW, SetWindowTextW, IsWindowVisible, ChildWindowFromPointEx
( 1 exports )
> OleUIAddVerbMenuA, OleUIAddVerbMenuW, OleUIBusyA, OleUIBusyW, OleUICanConvertOrActivateAs, OleUIChangeIconA, OleUIChangeIconW, OleUIChangeSourceA, OleUIChangeSourceW, OleUIConvertA, OleUIConvertW, OleUIEditLinksA, OleUIEditLinksW, OleUIInsertObjectA, OleUIInsertObjectW, OleUIObjectPropertiesA, OleUIObjectPropertiesW, OleUIPasteSpecialA, OleUIPasteSpecialW, OleUIPromptUserA, OleUIPromptUserW, OleUIUpdateLinksA, OleUIUpdateLinksW
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ssdeep: 1536:xpg+5cfZrz1wYZ7HtkwuFQCdcdlwT8/zEw+fNgG121Ab8Lqzn4Ck/6CutK5:WZrzmYJHmQqwlwT8c21Ab8Lqzi6C
sigcheck: publisher....: Microsoft Corporation
copyright....: © Microsoft Corporation. All rights reserved.
product......: Microsoft Windows OLE 2.0 User Interface Support
description..: Microsoft Windows OLE 2.0 User Interface Support
original name: OLEDLG.DLL
internal name: OLEDLG
file version.: 1.0 (xpsp.080413-2108)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set
-
Hello Dan 76049! Welcome to MalwareBytes' Anti-Malware Forums!My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:
- The process of cleaning your system may take some time, so please be patient.
- Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
- Instructions that I give are for your system only!
- If you don't know or can't understand something please ask.
- Do not install or uninstall any software or hardware, while work on.
Please go to www.virustotal.com and upload the following files:
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\oledlg.dll
Please post the resaults in your next reply here.
- The process of cleaning your system may take some time, so please be patient.
-
After a recent Windows Update of XP Service Pack 3, Zerospyware identified the Windows System32 file of "comdlg32.dll" and "oledlg.dll" as having Trojan.FakeAV.KZB. The program on several attempts failed to remove it. After lots of hair pulling and googling, I fount MWB and used it.
On the first MWB Quick Scan I found 4 Adware instances and removed them, log file shown below. Then after removal, did a full scan with MWB and it shows zero issues. Zerospyware still shows the Trojan.FakeAV.KZB and cites the two files named above. MWB does not. Norton AV 2010 is showing no problems. No problems with computer, although it boots quicker after the 4 adwares were removed by MWB.
My question is this. Based on this whole story, does anyone thing the Zerospyware alert is real or is it most likely a false positive? Any help would be most appreciated.
MWB Log file 1....
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4147
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/26/2010 10:27:43 PM
mbam-log-2010-05-26 (22-27-43).txt
Scan type: Quick scan
Objects scanned: 142320
Time elapsed: 14 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227d9c-0efe-4f8a-aa55-30386a3f5686} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6f7d-442c-93e3-4a4827c2e4c8} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
MWB Log file 2 after Adware removal....
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4147
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/27/2010 1:34:04 AM
mbam-log-2010-05-27 (01-34-04).txt
Scan type: Full scan (C:\|)
Objects scanned: 380500
Time elapsed: 2 hour(s), 36 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ZeroSpyware still shows the Trojan.FakeAV.KZB in the two system 32 dll files!!!
Thanks in advance for any suggestions!
Trojan.Win32.Swisyn.aedm
in Resolved Malware Removal Logs
Posted
Hi Screen 317,
The DDS without word wrap is posted below. Before I try all the last suggestions, can I ask you the following questions?
From the info provided, does it look to be real or false?
Should not Malwarebytes be able to do the removal without these other programs? If not, can you explain briefly why these other steps are required?
Thanks
DDS (Ver_10-03-17.01) - NTFSx86
Run by Dan at 16:30:49.93 on Sat 07/24/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1544 [GMT -5:00]
AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MailWasher.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\dleecoms.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\system32\slrundll.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\PROGRA~1\FBMSOF~1\ZEROSP~1\ZEROSP~1.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\Dan\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://208.226.8.76:5000/main.cgi?next_file=main.htm
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = *.local
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.7.0.12\IPSBHO.DLL
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll
TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell printable web\toolband.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Desktop Weather 3] c:\progra~1\thewea~1\The Weather Channel.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [ZSScheduler] rundll32.exe "c:\program files\fbm software\zerospyware\zsscheduler.dll", runscheduler c:\program files\fbm software\zerospyware\
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [HPHmon03] c:\windows\system32\hphmon03.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [CTDVDDet] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
dRunOnce: [setDefaultMidi] MIDIDEF.EXE
mExplorerRun: [NoActiveDesktopChanges] 00000000
mExplorerRun: [NoActiveDesktop] 0 (0x0)
mExplorerRun: [NoSaveSettings] 0 (0x0)
mExplorerRun: [ClassicShell] 0 (0x0)
StartupFolder: c:\docume~1\dan\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\flashp~1.lnk - c:\program files\smartdisk\flashpath\sdstat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imaget~1.lnk - c:\program files\sony corporation\image transfer\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\LAUNCH~1.LNK -
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\MailWasher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monitor.lnk - c:\program files\arcsoft\media card companion\MCC Monitor.exe
uPolicies-explorer: NoActiveDesktopChanges = 00000000
uPolicies-explorer: NoFileurl = 0 (0x0)
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: aol.com\free
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1F75C3DC-38E2-4424-A028-217AA4CB43CA} - hxxp://208.226.8.76:5000/adm/NetCamMotionDetect.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {511073AD-BE56-4D43-AE68-93390514385E} - file://c:\program files\gateway\helpspot\TechTools.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114297393103
DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} - file://c:\program files\gateway\helpspot\RunExeActiveX.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} - file://c:\program files\gateway\helpspot\StartFirstControl.CAB
DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} - hxxp://68.109.65.182:8002/PlayerPT.cab
DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} - hxxp://sonris-www.dnr.state.la.us/forms90/jinitiator/jinit.exe
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CE37E095-ACFF-4380-A856-A560D389E5E1} - file://c:\program files\gateway\helpspot\XPLControl.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} - hxxp://208.226.8.76:5000/NetCamPlayerWeb11gv2.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
============= SERVICES / DRIVERS ===============
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1107000.00c\symds.sys [2010-5-20 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1107000.00c\symefa.sys [2010-5-20 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\bashdefs\20100709.001\BHDrvx86.sys [2010-7-12 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1107000.00c\cchpx86.sys [2010-5-20 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1107000.00c\ironx86.sys [2010-5-20 116784]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe -service --> c:\windows\system32\dleecoms.exe -service [?]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.sys [2005-4-23 3584]
R2 FlashNT;FlashNT;c:\windows\system32\drivers\FLASHNT.SYS [2005-4-23 72784]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.7.0.12\ccsvchst.exe [2010-5-20 126392]
R2 Sdselect;Sdselect;c:\windows\system32\drivers\sdselect.sys [2005-4-23 73296]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-13 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\ipsdefs\20100723.001\IDSXpx86.sys [2010-7-24 331640]
R3 MauiIIIG;Emuzed Maui III-G Device;c:\windows\system32\drivers\MauiIIIG.sys [2005-4-23 175232]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-26 38224]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\virusdefs\20100724.002\NAVENG.SYS [2010-7-24 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\virusdefs\20100724.002\NAVEX15.SYS [2010-7-24 1362608]
R3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\drivers\P1130Vid.sys [2005-4-23 90357]
S1 WinRTUSB;Digital Voice Recorder DDR2K;c:\windows\system32\drivers\WinRTUSB.sys [2005-4-23 38968]
S2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleeserv.exe [2009-12-25 98984]
S2 gupdate1ca0ef525627e8e;Google Update Service (gupdate1ca0ef525627e8e);c:\program files\google\update\GoogleUpdate.exe [2009-7-27 133104]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-12-23 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
S3 inibtmgr;WD Bridge Controller Driver;c:\windows\system32\drivers\inibtmgr.sys [2005-4-23 9728]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-12-23 709248]
S4 FileDeleter;ZeroSpyware FileDeleter;c:\progra~1\fbmsof~1\zerosp~1\FileDeleter.exe [2005-4-24 229376]
=============== Created Last 30 ================
2010-07-18 11:44:52 0 d-----w- C:\Spyware Log
2010-07-17 16:07:02 54156 ---ha-w- c:\windows\QTFont.qfn
2010-07-17 16:07:02 1409 ----a-w- c:\windows\QTFont.for
2010-07-14 01:20:12 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 05:21:54 0 d-----w- C:\GOLIST DX Newsletters
2010-07-12 05:21:38 0 d-----w- C:\GOLIST
2010-07-12 03:36:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
==================== Find3M ====================
2010-07-24 20:45:17 131072 ----a-w- c:\windows\system32\datestamp.dll
2010-07-17 16:03:33 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2010-07-12 07:02:02 2069272 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 19:10:08 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2004-07-30 14:56:22 90112 ----a-w- c:\program files\common files\PCSBclean.exe
2004-07-26 20:30:14 291840 ----a-w- c:\program files\common files\PCSBoff.exe
2010-04-24 03:08:30 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-04-24 03:08:30 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-04-24 03:08:30 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
============= FINISH: 16:31:58.00 ===============