Hi,I had my computer cleaned by Noviciate only a few weeks back and thought my computer was running quite well.recently I decided to try some free anti virus scans after buying some new security software as I have been a victim of ID theft in the past.Pandas Active scan picked up a threat and Ashampoo Anti spyware 2 trial version picked up Trojan.Win32.Pasta.aju!A2........DR.WEB cure it free scan also picked up a threat and I am worried about how safe my PC is.It seems to be running fine at the moment....I have ran E-SET online scanner and F-SECUREs online scan and they found nothing.I tried to run rootrepeal but on step f when I click okay,my PC resets itself.however I have managed to take a backup with ERUNT and have a DDS log >
DDS (Ver_09-06-26.01) - NTFSx86
Run by allybongo123 at 20:42:59.53 on 14/11/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3197.2746 [GMT 0:00]
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AntiLogger\AntiLogger.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\allybongo123\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun
uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [AntiLogger] "c:\program files\antilogger\AntiLogger.exe" /minimized
mRun: ['Ashampoo AntiSpyWare 2 Guard'] c:\program files\ashampoo\ashampoo antispyware 2\AntiSpyWare2Guard.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\allybo~1\applic~1\mozilla\firefox\profiles\xxoc649g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1683615&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://m.uk.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "
https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-11-11 28552]
R1 AntiLog32;AntiLog32;c:\program files\antilogger\AntiLog32.sys [2009-10-23 116080]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2009-11-14 3968]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-11-5 226832]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 74480]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-11-11 1858144]
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;c:\program files\ashampoo\ashampoo antispyware 2\AntiSpyWareService.exe [2009-11-14 749912]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe [2008-11-11 208616]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
R3 L6TPortGX;Service - Line 6 TonePort GX;c:\windows\system32\drivers\L6TPortGX.sys [2008-11-12 532992]
S2 0314981258117785mcinstcleanup;McAfee Application Installer Cleanup (0314981258117785);c:\docume~1\allybo~1\locals~1\temp\0314981258117785mcinst.exe c:\progra~1\common~1\mcafee\installer\cleanup.ini -cleanup -nolog -service --> c:\docume~1\allybo~1\locals~1\temp\0314981258117785mcinst.exe c:\progra~1\common~1\mcafee\installer\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c9df87da5fd5a4;Google Update Service (gupdate1c9df87da5fd5a4); [x]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\anti trojan elite\atepmon.sys --> c:\program files\anti trojan elite\ATEPMon.sys [?]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\allybo~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\allybo~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4.tmp --> c:\windows\system32\4.tmp [?]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2008-11-17 3768]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
=============== Created Last 30 ================
2009-11-14 20:07 3,968 a------- c:\windows\system32\drivers\AvgArCln.sys
2009-11-14 02:37 <DIR> --d----- c:\program files\Ashampoo
2009-11-13 19:49 <DIR> -cd-h--- c:\windows\ie8
2009-11-13 19:29 218,624 a------- c:\windows\system32\uxtheme.uxtender
2009-11-13 09:23 2,021,790 a------- c:\windows\system32\37dB3.mht
2009-11-13 09:16 <DIR> --d----- c:\program files\common files\McAfee
2009-11-12 17:13 27,612 a------- c:\windows\syscall.dat
2009-11-12 17:13 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{E8DD7A4A-3EE8-4019-898E-952A32C3B613}
2009-11-12 17:13 <DIR> --d----- c:\program files\AntiLogger
2009-11-12 01:40 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-11-12 01:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-11-12 01:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-11-12 01:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-11-12 01:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA
2009-11-11 23:26 <DIR> --d----- c:\program files\common files\DivX Shared
2009-11-11 21:26 <DIR> --d----- c:\docume~1\allybo~1\applic~1\FreeFixer
2009-11-11 21:21 <DIR> --d----- c:\program files\Bazooka Scanner
2009-11-11 20:24 28,552 a------- c:\windows\system32\drivers\pavboot.sys
2009-11-11 20:24 <DIR> --d----- c:\program files\Panda Security
2009-11-11 19:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\F-Secure
2009-11-11 10:05 7,571,533 a------- c:\windows\REGBK00.ZIP
2009-11-11 10:05 <DIR> a-d----- c:\windows\VDLL.DLL
2009-11-11 10:05 <DIR> a-d----- c:\windows\system32\runouce.exe
2009-11-11 10:05 <DIR> a-d----- c:\windows\RUNDL132.EXE
2009-11-11 10:05 <DIR> a-d----- c:\windows\logo1_.exe
2009-11-11 10:05 <DIR> a-d----- c:\windows\logo_1.exe
2009-11-11 10:04 28 a------- c:\windows\Lic.xxx
2009-11-11 10:03 632,064 a------- c:\windows\system32\msvcr80.dll
2009-11-11 10:03 554,240 a------- c:\windows\system32\msvcp80.dll
2009-11-11 10:03 34,048 a------- c:\windows\system32\eEmpty.exe
2009-11-11 10:03 522 a------- c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-11-11 10:03 146,432 a------- c:\windows\REGEDIT.COM
2009-11-11 10:03 146,432 a------- c:\windows\R.COM
2009-11-11 10:03 135,680 a------- c:\windows\system32\TASKMGR.COM
2009-11-11 10:03 135,680 a------- c:\windows\system32\T.COM
2009-11-11 10:03 <DIR> --d----- c:\program files\common files\MicroWorld
2009-11-11 10:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MicroWorld
2009-11-11 07:49 <DIR> --d----- c:\windows\ERUNT
2009-11-11 06:57 <DIR> --d----- c:\program files\NukeNabber
2009-11-11 04:50 <DIR> --d----- c:\program files\a-squared Free
2009-11-11 04:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-11-11 03:57 664 a------- c:\windows\system32\d3d9caps.dat
2009-11-08 19:02 <DIR> --d----- c:\program files\RegSeeker
2009-11-06 23:43 73,728 a------- c:\windows\system32\javacpl.cpl
2009-11-06 18:31 201,484 a------- c:\windows\system32\drivers\umss.sys
2009-11-06 18:31 18,401 a------- c:\windows\system32\drivers\umsspdr.pdr
2009-11-06 02:15 93,360 a------- c:\windows\system32\drivers\SBREDrv.sys
2009-11-06 01:05 <DIR> --d----- c:\program files\Readon Technology
2009-11-06 00:50 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-11-05 20:53 499 a------- c:\windows\system32\%LocalXml%
2009-11-05 19:53 108,059 a------- c:\windows\system32\drivers\klin.dat
2009-11-05 19:53 95,259 a------- c:\windows\system32\drivers\klick.dat
2009-11-05 19:53 507,936 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-11-05 19:53 2,816 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-11-05 19:53 <DIR> --d----- c:\program files\Kaspersky Lab
2009-11-05 19:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-11-05 19:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-11-05 17:38 <DIR> --d----- c:\program files\NVIDIA Corporation
2009-11-05 17:35 701,440 a------- c:\windows\system32\cohelper.dll
2009-11-05 17:35 7,090 a------- c:\windows\system32\nvnrm.nvu
2009-11-05 17:35 485,920 a------- c:\windows\system32\nvunrm.exe
2009-11-05 13:17 <DIR> --d----- c:\program files\CCleaner
2009-10-30 23:38 <DIR> --d----- c:\docume~1\allybo~1\applic~1\uTorrent
2009-10-25 22:15 <DIR> --d----- c:\program files\ESET
2009-10-25 15:26 <DIR> --d----- c:\program files\Microsoft Bootvis
==================== Find3M ====================
2009-11-14 20:20 5,693,472 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-11-14 20:20 67,796 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-11-14 20:19 153,104 a------- c:\windows\system32\drivers\tmcomm.sys
2009-11-13 19:29 218,624 a------- c:\windows\system32\uxtheme.dll
2009-11-06 23:42 411,368 a------- c:\windows\system32\deploytk.dll
2009-11-05 20:12 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-09-25 16:42 129,784 -------- c:\windows\system32\pxafs.dll
2009-09-25 16:42 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-09-25 16:42 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-09-25 16:42 43,528 -------- c:\windows\system32\drivers\PxHelp20.sys
2009-09-25 16:42 9,464 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-09-25 16:42 9,336 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-09-25 16:41 90,112 a------- c:\windows\system32\dpl100.dll
2009-09-25 16:41 856,064 a------- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 856,064 a------- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 847,872 a------- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 843,776 a------- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 839,680 a------- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 696,320 a------- c:\windows\system32\DivX.dll
2009-09-11 14:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 08:08 916,480 a------- c:\windows\system32\wininet.dll
2009-08-28 18:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-05-29 20:51 87,608 a------- c:\docume~1\allybo~1\applic~1\inst.exe
2009-05-29 20:51 47,360 a------- c:\docume~1\allybo~1\applic~1\pcouffin.sys
============= FINISH: 20:43:21.90 ===============
I hope someone can help,many thanks!...almost forgot,this is my active scan text >;****************************************************************************
*********************************************************************************
**********************
ANALYSIS: 2009-11-14 20:02:04
PROTECTIONS: 1
MALWARE: 1
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Kaspersky Internet Security 8.0.0.506 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\dsi
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
Edited by Ally, 14 November 2009 - 03:32 PM.