Removeitpro software results : possible malware?

Hi there.

I recently ran Removeitpro software and it gave some results which I'd like your feedback on.

2:11:27 PM: Infected file (Sys32.bzpdf) C:\WINDOWS\system32\bzpdf.dll
2:11:27 PM: Infected file (Sys32.bzpdfc) C:\WINDOWS\system32\bzpdfc.dll
2:11:40 PM: Infected file (Sys32.edstoolbar) C:\WINDOWS\system32\edstoolbar.dll
2:12:02 PM: Infected file (Sys32.klif) C:\WINDOWS\system32\drivers\klif.sys
2:12:29 PM: Infected file (Sys32.regobj) C:\WINDOWS\system32\regobj.dll
2:12:37 PM: Infected file (Sys32.sysmonitor) C:\WINDOWS\system32\sysmonitor.exe
2:12:37 PM: Infected file (Sys32.sysogg) C:\WINDOWS\system32\sysogg.dll
2:13:16 PM: Infected file (Sys32.amove) C:\WINDOWS\amove.exe
2:13:23 PM: Infected file (Sys32.mqgldfvo) C:\WINDOWS\mqgldfvo.exe
2:13:31 PM: Infected file (Sys32.vmgspntbvms) C:\WINDOWS\vmgspntbvms.dll
2:13:31 PM: Infected file (Sys32.vmgspntbgns) C:\WINDOWS\vmgspntbgns.dll



Now I Googled each file name and some of these files seem to be legit, but some don't, example -


klif.sys
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=505
Kaspersky Internet Security Suite klif.sys Heap Overflow Vulnerability
(I don't even have Kasperspy so why do I have this file?)

regobj.dll
Regobj.dll is Backdoor.Win32.DSSdoor.c.
Related files:
MSINET.OCX
regobj.dll
SocketX.DLL
SocketX.OCX
Read more: http://www.viruslist.com/en/viruses/encyclopedia?virusid=160535
Kill the file regobj.dll and remove regobj.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

sysmonitor.exe
This process is a security risk and should be removed from your system.


Can I safely delete these files?
Your advice is appreciated.

 

Welcome to WindowsBBS sempron

If you've ever run Kaspersky's online scanner, you would have klif.sys
It is a legitimate file, so it's odd that it was tagged as infected. What I recommend you do is first run another antimalware application.

Download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select 'Perform Quick Scan', then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Post the entire report in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Then I'd recommend you do run an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Post the Kaspersky log here.