Trojan.Win32.Swisyn.aedm

[Dan 76049]

Zerospyware detected this malware: Trojan.Win32.Swisyn.aedm

It gave the following details:

Application Name:

Trojan.Win32.Swisyn.aedm

Manufacturer: N/A

Description:

A trojan which is a keylogger program that can capture all user keystrokes (including confidential details such username, password, credit card number, etc.). It may also represent security risk for the compromised system and/or its network environment

Platforms Affected: Windows 98, Windows ME, Windows 2000 and Windows XP

Distribution Method:N/A

Effect: Privacy Threat, Security Risk, System Instability

Variants and Versions: N/A

Date Released: N/A

Components:

HKEY_CLASSES_ROOT\mswinsock.winsock: 1

HKEY_CLASSES_ROOT\mswinsock.winsock(default): 1

HKEY_CLASSES_ROOT\mswinsock.winsockCLSID\: 1

HKEY_CLASSES_ROOT\mswinsock.winsockCurVer\: 1

The latest Malwarebytes scan detects nothing. Here is the log file it generated:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4345

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/24/2010 4:02:38 PM

mbam-log-2010-07-24 (16-02-38).txt

Scan type: Quick scan

Objects scanned: 153541

Time elapsed: 15 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Any suggestion as what to do? Zerospyware suggests quarintine, but messing with registry winsock files causes me concern. Perhaps this is a false positive, any idea how to further make a determination?

[screen317]

Hi and welcome to Malwarebytes.

I had never even heard of ZeroSpyware before reading your post, so I would be skeptical of what it detected, especially if MBAM didn't detect it as well.

Let's check it out though, just to be sure:

Download this Registry Search by Bobbi Flekman, save it, and extract regsearch.exe to the Desktop. You will use it in a moment.

Doubleclick regsearch.exe to start it. In the top window, enter mswinsock.winsock as the search string on the first line. Make sure all the option boxes are checked, and click "Ok". Notepad will be opened with text in it (the file will be saved to the Desktop as well as RegSearch.txt). Post this text in your next reply.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

[Dan 76049]

OK, thanks for the help!

Here is the Regsearch log:

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman

[screen317]

Hi,

In Notepad, please turn off Word Wrap, then post the DDS log again.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.
  

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

• Click Start Scanning.
  
• You should get a notification bar (on top) to install the ActiveX control.
  
• Click on it and select to install the ActiveX.
  
• Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  
• In case you are having problems with installing the ActiveX/starting the scan, please read here.
  
• Click the Full System Scan button.
  
• It will start to download scanner components and databases. This can take a while.
  
• The main scan will start.
  
• Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  
• It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  
• The cleaning can take a while, so please be patient.
  
• Then click the Show report button and Copy/Paste what is present under results in your next reply.
  

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

-screen317

[Dan 76049]

Hi Screen 317,

The DDS without word wrap is posted below. Before I try all the last suggestions, can I ask you the following questions?

From the info provided, does it look to be real or false?

Should not Malwarebytes be able to do the removal without these other programs? If not, can you explain briefly why these other steps are required?

Thanks

DDS (Ver_10-03-17.01) - NTFSx86

Run by Dan at 16:30:49.93 on Sat 07/24/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1544 [GMT -5:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\WINDOWS\system32\hphmon03.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\SmartDisk\FlashPath\sdstat.exe

C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MailWasher.exe

C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe

C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

svchost.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTSvcCDA.EXE

C:\WINDOWS\system32\dleecoms.exe

C:\WINDOWS\ehome\ehSched.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe

C:\WINDOWS\system32\slrundll.exe

C:\WINDOWS\system32\HPHipm09.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\PROGRA~1\FBMSOF~1\ZEROSP~1\ZEROSP~1.EXE

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Netscape\Netscape\Netscp.exe

C:\Documents and Settings\Dan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://208.226.8.76:5000/main.cgi?next_file=main.htm

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html

uInternet Settings,ProxyOverride = *.local

BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.7.0.12\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll

TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell printable web\toolband.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [Desktop Weather 3] c:\progra~1\thewea~1\The Weather Channel.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [ZSScheduler] rundll32.exe "c:\program files\fbm software\zerospyware\zsscheduler.dll", runscheduler c:\program files\fbm software\zerospyware\

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [HPHmon03] c:\windows\system32\hphmon03.exe

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [CTDVDDet] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

dRunOnce: [setDefaultMidi] MIDIDEF.EXE

mExplorerRun: [NoActiveDesktopChanges] 00000000

mExplorerRun: [NoActiveDesktop] 0 (0x0)

mExplorerRun: [NoSaveSettings] 0 (0x0)

mExplorerRun: [ClassicShell] 0 (0x0)

StartupFolder: c:\docume~1\dan\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\flashp~1.lnk - c:\program files\smartdisk\flashpath\sdstat.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imaget~1.lnk - c:\program files\sony corporation\image transfer\SonyTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\LAUNCH~1.LNK -

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\MailWasher.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monitor.lnk - c:\program files\arcsoft\media card companion\MCC Monitor.exe

uPolicies-explorer: NoActiveDesktopChanges = 00000000

uPolicies-explorer: NoFileurl = 0 (0x0)

uPolicies-explorer: NoViewOnDrive = 0 (0x0)

mPolicies-explorer: NoSimpleStartMenu = 0 (0x0)

IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: aol.com\free

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {1F75C3DC-38E2-4424-A028-217AA4CB43CA} - hxxp://208.226.8.76:5000/adm/NetCamMotionDetect.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {511073AD-BE56-4D43-AE68-93390514385E} - file://c:\program files\gateway\helpspot\TechTools.CAB

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114297393103

DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} - file://c:\program files\gateway\helpspot\RunExeActiveX.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} - file://c:\program files\gateway\helpspot\StartFirstControl.CAB

DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} - hxxp://68.109.65.182:8002/PlayerPT.cab

DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} - hxxp://sonris-www.dnr.state.la.us/forms90/jinitiator/jinit.exe

DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CE37E095-ACFF-4380-A856-A560D389E5E1} - file://c:\program files\gateway\helpspot\XPLControl.CAB

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} - hxxp://208.226.8.76:5000/NetCamPlayerWeb11gv2.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1107000.00c\symds.sys [2010-5-20 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1107000.00c\symefa.sys [2010-5-20 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\bashdefs\20100709.001\BHDrvx86.sys [2010-7-12 691248]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1107000.00c\cchpx86.sys [2010-5-20 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1107000.00c\ironx86.sys [2010-5-20 116784]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]

R2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe -service --> c:\windows\system32\dleecoms.exe -service [?]

R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.sys [2005-4-23 3584]

R2 FlashNT;FlashNT;c:\windows\system32\drivers\FLASHNT.SYS [2005-4-23 72784]

R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.7.0.12\ccsvchst.exe [2010-5-20 126392]

R2 Sdselect;Sdselect;c:\windows\system32\drivers\sdselect.sys [2005-4-23 73296]

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]

R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]

R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-13 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\ipsdefs\20100723.001\IDSXpx86.sys [2010-7-24 331640]

R3 MauiIIIG;Emuzed Maui III-G Device;c:\windows\system32\drivers\MauiIIIG.sys [2005-4-23 175232]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-26 38224]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\virusdefs\20100724.002\NAVENG.SYS [2010-7-24 85424]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\virusdefs\20100724.002\NAVEX15.SYS [2010-7-24 1362608]

R3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\drivers\P1130Vid.sys [2005-4-23 90357]

S1 WinRTUSB;Digital Voice Recorder DDR2K;c:\windows\system32\drivers\WinRTUSB.sys [2005-4-23 38968]

S2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleeserv.exe [2009-12-25 98984]

S2 gupdate1ca0ef525627e8e;Google Update Service (gupdate1ca0ef525627e8e);c:\program files\google\update\GoogleUpdate.exe [2009-7-27 133104]

S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-12-23 79360]

S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]

S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]

S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]

S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]

S3 inibtmgr;WD Bridge Controller Driver;c:\windows\system32\drivers\inibtmgr.sys [2005-4-23 9728]

S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-12-23 709248]

S4 FileDeleter;ZeroSpyware FileDeleter;c:\progra~1\fbmsof~1\zerosp~1\FileDeleter.exe [2005-4-24 229376]

=============== Created Last 30 ================

2010-07-18 11:44:52 0 d-----w- C:\Spyware Log

2010-07-17 16:07:02 54156 ---ha-w- c:\windows\QTFont.qfn

2010-07-17 16:07:02 1409 ----a-w- c:\windows\QTFont.for

2010-07-14 01:20:12 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-12 05:21:54 0 d-----w- C:\GOLIST DX Newsletters

2010-07-12 05:21:38 0 d-----w- C:\GOLIST

2010-07-12 03:36:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

==================== Find3M ====================

2010-07-24 20:45:17 131072 ----a-w- c:\windows\system32\datestamp.dll

2010-07-17 16:03:33 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT

2010-07-12 07:02:02 2069272 ----a-w- c:\windows\system32\AutoPartNt.exe

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-27 19:10:08 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2004-07-30 14:56:22 90112 ----a-w- c:\program files\common files\PCSBclean.exe

2004-07-26 20:30:14 291840 ----a-w- c:\program files\common files\PCSBoff.exe

2010-04-24 03:08:30 16384 --sha-w- c:\windows\temp\cookies\index.dat

2010-04-24 03:08:30 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat

2010-04-24 03:08:30 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 16:31:58.00 ===============

[screen317]

Should not Malwarebytes be able to do the removal without these other programs? If not, can you explain briefly why these other steps are required?

I cannot say for sure right now whether those detections are real or just artifacts (i.e. false positives). The entries being detected can be added by infections but they can also be legitimate. Running those other tools will confirm if there is actually malware present.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!