after checking in google, That bigseekpro thing get installed after installation of the add-on IMTOO in firefox. the thing is I did not install any of them...
so I am being used!!!! big time...
after checking in google, That bigseekpro thing get installed after installation of the add-on IMTOO in firefox. the thing is I did not install any of them...
so I am being used!!!! big time...
Not sure about the keyboard icon, did this happen prior to us fixing your computer after one of the fixes ?
Open up Internet Explorer and go to Tools > Manage addons and look thru there for BigSeekPro , click on it to highlight and select disable
Open up Firefox and go to Tools > Addons and do the same thing
Then do this
Backup Your Registry with ERUNT:
Note: to restore your registry, go to the backup folder and start ERDNT.exe
- Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip- Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
- Inside the new folder, double-click ERUNT.exe to start the program
- OK all the prompts to back up your registry to the default location.
Open OTL.exe
- Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
Code::processes killallprocesses :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/anyvideo2dvd/{72451267-22A7-4C23-9DCE-A7E772A37893} IE - HKU\S-1-5-21-967964055-2490943435-3194060227-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/anyvideo2dvd/{72451267-22A7-4C23-9DCE-A7E772A37893} FF - prefs.js..keyword.URL: "http://www.bigseekpro.com/search/toolbar/anyvideo2dvd/{5BC4B17D-66A1-4F00-BE33-AF17ECDA68F1}?q=" O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found. O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06) [2011-04-28 09:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Toolbar4 [2011-04-21 03:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\Toolbar4 [2011-04-21 03:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Any Video To DVD DB Toolbar :Services :Reg :Files ipconfig /release /c ipconfig /renew /c ipconfig /flushdns /c :Commands [purity] [resethosts] [emptytemp] [start explorer] [Reboot]- Then click the Run Fix button at the top. <--Not run Scan
- Let the program run unhindered, reboot when it is done
- Then post the results of the log it produces.
- Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
I think the keyboard icon went away after one of the fixes...
I am doing the back up of the registry and the scan
the log are coming next
Ken545 I have a question:
I disable IE as my main internet browser. the problem is I can't find it anymore to go delete the add-on...
How and where can I find the ie icon to start internet explorer?
Bigssekpro is not installed in firefox add-ons.
I don't see it in the firefox add-ons.
I am a bit confuse
I disable IE as my main internet browser. I dont think I am following you , I did not say to disable IE, just BigSeekPro in the addons tab
Just go ahead and run the OTL fix
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
I just checked IE add-ons, I don't see bigseekpro there too.
I just realized that I have a program named "any video to DVD"
I think I never installed that program. it's really suspicious because I don't convert video to DVD.
I am running the scan, but what do I do about Bigseekpro?
here is the OTL log after the runfix with the code
All processes killed
========== PROCESSES ==========
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-967964055-2490943435-3194060227-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "http://www.bigseekpro.com/search/toolbar/anyvideo2dvd/{5BC4B17D-66A1-4F00-BE33-AF17ECDA68F1}?q=" removed from keyword.URL
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{338B4DFE-2E2C-4338-9E41-E176D497299E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\NetworkService\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E} folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Toolbar4 folder moved successfully.
C:\Documents and Settings\NICOU\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files folder moved successfully.
C:\Documents and Settings\NICOU\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache folder moved successfully.
C:\Documents and Settings\NICOU\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E} folder moved successfully.
C:\Documents and Settings\NICOU\Application Data\Toolbar4 folder moved successfully.
C:\Program Files\Any Video To DVD DB Toolbar folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
Ethernet adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
C:\Documents and Settings\NICOU\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\NICOU\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
Ethernet adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : no-domain-set.bellcanada
IP Address. . . . . . . . . . . . : 192.168.2.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
C:\Documents and Settings\NICOU\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\NICOU\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\NICOU\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\NICOU\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 245894 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1259 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1513 bytes
User: NICOU
->Temp folder emptied: 1616 bytes
->Temporary Internet Files folder emptied: 76804 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 48086617 bytes
->Flash cache emptied: 582 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 103141376 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 907986 bytes
Total Files Cleaned = 145,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 05082011_164823
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
New OTL log after reboot and fix
OTL logfile created on: 2011-05-08 16:56:16 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\NICOU\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35,01 Gb Total Space | 17,86 Gb Free Space | 51,01% Space Free | Partition Type: NTFS
Drive D: | 8,26 Gb Total Space | 1,25 Gb Free Space | 15,10% Space Free | Partition Type: FAT32
Drive F: | 19,53 Gb Total Space | 17,97 Gb Free Space | 91,98% Space Free | Partition Type: NTFS
Drive G: | 47,97 Gb Total Space | 13,82 Gb Free Space | 28,81% Space Free | Partition Type: NTFS
Computer Name: MOHICAN | User Name: NICOU | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\NICOU\Desktop\OTL.exe (OldTimer Tools)
PRC - F:\Programmes\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\Mctray.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe (Hewlett-Packard )
PRC - C:\Program Files\HPQ\shared\HpqToaster.exe ()
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe ()
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\NICOU\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (StarWindServiceAE) -- F:\Programmes\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (MA_CMIDI_InstallerService) -- C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe ()
SRV - (MSSQL$SONY_MEDIAMGR) -- G:\Sony\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SONY_MEDIAMGR) -- G:\Sony\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWATI) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (MA_CMIDI) -- C:\WINDOWS\system32\drivers\ma_cmidi.sys (M-Audio)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (RDID1044) -- C:\WINDOWS\system32\drivers\rdwm1044.sys (Roland Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
DRV - (Cubase32) -- C:\WINDOWS\System32\drivers\Cubase32.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-04-29 02:18:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011-04-02 03:01:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\NICOU\Application Data\Mozilla\Extensions
[2011-04-28 23:43:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\NICOU\Application Data\Mozilla\Firefox\Profiles\mtc5e0vx.default\extensions
[2011-04-28 23:43:08 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\NICOU\Application Data\Mozilla\Firefox\Profiles\mtc5e0vx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011-04-21 13:39:04 | 000,002,382 | ---- | M] () -- C:\Documents and Settings\NICOU\Application Data\Mozilla\Firefox\Profiles\mtc5e0vx.default\searchplugins\search.xml
[2011-04-02 20:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-04-02 20:51:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011-04-02 20:51:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-04-29 02:18:39 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010-01-01 05:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011-05-08 16:48:53 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Blue Sonic.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Blue Sonic.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001-07-28 02:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011-05-08 16:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Desktop\2011-05-08
[2011-05-08 16:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Desktop\Erunt
[2011-05-07 21:53:38 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\NICOU\Desktop\OTL.exe
[2011-05-07 21:52:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011-05-07 20:26:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011-05-07 15:29:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011-05-07 15:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011-05-07 15:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011-05-07 15:28:12 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011-05-07 15:28:12 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011-05-07 15:28:12 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011-05-07 15:28:12 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011-05-07 15:28:12 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011-05-07 15:28:12 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011-05-07 15:28:11 | 000,000,000 | ---D | C] -- C:\ce10f287d9ee23a3100d2f7320fdee
[2011-05-07 15:10:41 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\NICOU\Desktop\ATF-Cleaner.exe
[2011-05-06 16:15:17 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\NICOU\Desktop\aswMBR.exe
[2011-05-02 16:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011-05-02 16:28:44 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\NICOU\Desktop\esetsmartinstaller_enu.exe
[2011-05-02 16:07:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-04-29 20:45:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011-04-29 20:41:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011-04-29 20:41:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011-04-29 20:41:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011-04-29 20:41:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011-04-29 20:41:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-04-29 20:40:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-04-29 18:43:10 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\NICOU\Desktop\TDSSKiller.exe
[2011-04-29 14:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011-04-28 22:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011-04-28 22:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011-04-28 22:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011-04-28 22:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011-04-28 21:47:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\NICOU\Recent
[2011-04-28 17:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011-04-28 17:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011-04-28 09:05:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011-04-28 01:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011-04-28 00:43:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011-04-28 00:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011-04-21 03:22:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Local Settings\Application Data\Somoto
[2011-04-20 01:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Desktop\AVIAddXSubs
[2011-04-12 14:32:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NICOU\IECompatCache
[2011-04-12 01:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\OpenOffice.org
[2011-04-12 01:46:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.3
[2011-04-12 01:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2011-04-11 15:51:07 | 000,161,422 | R--- | C] (Roland Corporation) -- C:\WINDOWS\System32\drivers\rdwm1044.sys
[2011-04-11 15:51:07 | 000,081,920 | R--- | C] (Roland Corporation) -- C:\WINDOWS\System32\rdas1044.dll
[2011-04-11 15:51:06 | 000,229,376 | R--- | C] (Roland Corporation) -- C:\WINDOWS\System32\RDDP1044.DAT
[2011-04-11 15:51:05 | 000,051,644 | R--- | C] (Roland Corporation) -- C:\WINDOWS\System32\rddv1044.dll
[2011-04-11 15:09:54 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011-04-11 15:08:30 | 000,085,504 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\ma_cmidn.dll
[2011-04-11 15:08:29 | 000,021,888 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\drivers\ma_cmidi.sys
[2011-04-11 15:08:29 | 000,017,920 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\MA_CMIDI.DLL
[2011-04-11 15:08:29 | 000,014,176 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\MA_CMIDI.DRV
[2011-04-11 15:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\M-Audio MA_CMIDI
[2011-04-11 15:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio MA_CMIDI
[2011-04-11 06:04:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\AAY-Audio
[2011-04-11 06:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\D16 Group
[2011-04-11 05:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\Solid State Logic
[2011-04-11 05:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Solid State Logic
[2011-04-11 05:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Leslie Sanford
[2011-04-11 05:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PSPaudioware
[2011-04-11 05:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\G-Sonique
[2011-04-11 05:19:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\DubStation VST plug-in
[2011-04-11 05:16:48 | 000,765,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71d.dll
[2011-04-11 05:16:48 | 000,544,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71d.dll
[2011-04-11 05:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nomad Factory
[2011-04-11 05:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\My Documents\Nomad Factory
[2011-04-11 05:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Nomad Factory
[2011-04-11 05:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\SoundFonts.it GS-201 Tape Echo v1.0
[2011-04-11 04:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Spectral Design
[2011-04-11 04:35:09 | 000,011,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Cubase32.sys
[2011-04-11 04:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\WOK
[2011-04-11 04:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\discoDSP
[2011-04-11 04:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Steinberg
[2011-04-11 04:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bias
[2011-04-11 02:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\Blue Cat Audio
[2011-04-11 02:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\My Documents\KeyToSound Preferences
[2011-04-11 01:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\Daichi
[2011-04-10 21:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\FXpansion
[2011-04-10 21:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\FXpansion
[2011-04-10 18:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\JXPlugins
[2011-04-10 18:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\ReFX Junox2 VSTi v1.4
[2011-04-10 18:36:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sylenth1
[2011-04-10 17:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Local Settings\Application Data\Identities
[2011-04-10 05:28:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\EDIROL
[2011-04-10 05:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\DashSignature
[2011-04-10 05:19:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NICOU\PrivacIE
[2011-04-10 04:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\LinPlug Instruments
[2011-04-10 04:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Native Instruments FM7
[2011-04-10 03:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\Smartelectronix
[2011-04-10 03:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\My Documents\iZotope iDrum Content
[2011-04-10 01:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\AdmiralQuality
[2011-04-10 01:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\LUXONIX
[2011-04-10 01:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rob Papen Predator
[2011-04-10 01:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\GForce
[2011-04-10 01:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\GForce
[2011-04-10 00:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Timeworks
[2011-04-10 00:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Synapse
[2011-04-09 23:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\T-RackS 24
[2011-04-09 21:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\My Documents\Native Instruments
[2011-04-09 21:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Local Settings\Application Data\Native Instruments
[2011-04-09 21:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IK Multimedia
[2011-04-09 21:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IK Multimedia
[2011-04-09 21:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\InstallShield
========== Files - Modified Within 30 Days ==========
[2011-05-08 16:49:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-05-08 16:49:54 | 2145,636,352 | -HS- | M] () -- C:\hiberfil.sys
[2011-05-08 16:48:53 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011-05-08 16:26:53 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\erunt.zip
[2011-05-08 15:16:20 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\MBR.dat
[2011-05-08 14:12:07 | 000,459,522 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-05-08 14:12:07 | 000,079,146 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-05-07 21:53:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NICOU\Desktop\OTL.exe
[2011-05-07 20:18:01 | 004,343,224 | R--- | M] () -- C:\Documents and Settings\NICOU\Desktop\ComboFix.exe
[2011-05-07 15:35:17 | 001,569,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-05-07 15:15:46 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-05-07 15:10:43 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\NICOU\Desktop\ATF-Cleaner.exe
[2011-05-06 16:24:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-05-06 16:15:40 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\NICOU\Desktop\aswMBR.exe
[2011-05-02 16:28:47 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\NICOU\Desktop\esetsmartinstaller_enu.exe
[2011-04-30 16:22:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-04-29 22:46:32 | 000,011,142 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\Attach.zip
[2011-04-29 22:16:59 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\NICOU\defogger_reenable
[2011-04-29 22:12:32 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\2b4tegls.exe
[2011-04-29 22:11:54 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\dds.scr
[2011-04-29 22:11:26 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\Defogger.exe
[2011-04-29 20:45:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011-04-29 19:34:49 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\RKUnhookerLE.EXE
[2011-04-29 18:32:31 | 000,044,313 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\Lettre Yvon.pdf
[2011-04-29 18:32:12 | 000,015,475 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\Lettre Yvon.odt
[2011-04-29 13:24:53 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\NICOU\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-04-28 22:26:18 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\NICOU\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011-04-28 22:26:18 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\Spybot - Search & Destroy.lnk
[2011-04-28 18:25:11 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ihuhogewusuy.dat
[2011-04-28 17:20:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011-04-28 09:06:54 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\6AY3WTf.dat
[2011-04-28 00:21:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Xgihetiy.bin
[2011-04-28 00:20:39 | 000,157,184 | RHS- | M] () -- C:\WINDOWS\System32\MsPMSPU.dll
[2011-04-28 00:20:39 | 000,157,184 | RHS- | M] () -- C:\WINDOWS\System32\dispexv.dll
[2011-04-28 00:20:39 | 000,157,184 | RHS- | M] () -- C:\WINDOWS\System32\confmspl.dll
[2011-04-27 03:32:34 | 000,480,149 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\3l.pdf
[2011-04-20 01:08:27 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\NICOU\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-04-20 00:11:38 | 000,064,553 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\1.jpg
[2011-04-12 14:37:24 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011-04-12 01:46:20 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011-04-11 23:02:46 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss
[2011-04-11 23:02:46 | 000,000,016 | ---- | M] () -- C:\WINDOWS\msocreg32.dat
[2011-04-09 23:33:12 | 000,000,470 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\T-RackS 24.lnk
[2011-04-09 22:12:35 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2011-04-09 22:12:35 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2011-04-09 21:55:01 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2011-04-09 21:55:01 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2011-04-09 21:55:01 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth2.dll
[2011-04-09 21:55:01 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth1.dll
========== Files Created - No Company Name ==========
[2011-05-08 16:26:51 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\erunt.zip
[2011-05-07 20:17:16 | 004,343,224 | R--- | C] () -- C:\Documents and Settings\NICOU\Desktop\ComboFix.exe
[2011-05-07 15:10:28 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011-05-06 16:17:07 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\MBR.dat
[2011-04-29 22:46:32 | 000,011,142 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\Attach.zip
[2011-04-29 22:16:47 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\NICOU\defogger_reenable
[2011-04-29 22:12:21 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\2b4tegls.exe
[2011-04-29 22:11:54 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\dds.scr
[2011-04-29 22:11:26 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\Defogger.exe
[2011-04-29 20:45:20 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011-04-29 20:45:16 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011-04-29 20:41:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-04-29 20:41:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-04-29 20:41:53 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-04-29 20:41:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-04-29 20:41:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-04-29 19:34:49 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\RKUnhookerLE.EXE
[2011-04-29 18:32:30 | 000,044,313 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\Lettre Yvon.pdf
[2011-04-29 17:44:49 | 000,015,475 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\Lettre Yvon.odt
[2011-04-29 13:24:53 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\NICOU\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-04-28 22:26:18 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\NICOU\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011-04-28 22:26:18 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\Spybot - Search & Destroy.lnk
[2011-04-28 22:19:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-04-28 17:20:12 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011-04-28 09:06:54 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6AY3WTf.dat
[2011-04-28 00:21:56 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ihuhogewusuy.dat
[2011-04-28 00:21:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xgihetiy.bin
[2011-04-28 00:20:39 | 000,157,184 | RHS- | C] () -- C:\WINDOWS\System32\MsPMSPU.dll
[2011-04-28 00:20:39 | 000,157,184 | RHS- | C] () -- C:\WINDOWS\System32\dispexv.dll
[2011-04-28 00:20:39 | 000,157,184 | RHS- | C] () -- C:\WINDOWS\System32\confmspl.dll
[2011-04-27 03:32:34 | 000,480,149 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\3l.pdf
[2011-04-12 02:11:44 | 000,064,553 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\1.jpg
[2011-04-12 01:46:20 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011-04-11 15:51:08 | 000,038,401 | R--- | C] () -- C:\WINDOWS\System32\RdCi1044.dll
[2011-04-11 15:51:06 | 000,057,344 | R--- | C] () -- C:\WINDOWS\System32\RDCP1044.CPL
[2011-04-11 15:51:05 | 000,004,088 | R--- | C] () -- C:\WINDOWS\System32\Rd4t1044.DAT
[2011-04-11 15:08:29 | 000,007,282 | ---- | C] () -- C:\WINDOWS\System32\MA_CMIDI.VXD
[2011-04-11 04:42:37 | 000,129,024 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2011-04-11 04:35:09 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\wavlbsys.dll
[2011-04-10 18:36:12 | 000,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys
[2011-04-10 00:56:20 | 000,950,000 | ---- | C] () -- C:\WINDOWS\SH1001YAPA.dat
[2011-04-09 23:33:12 | 000,000,470 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\T-RackS 24.lnk
[2011-04-09 21:55:14 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\w3data.vss
[2011-04-09 21:55:14 | 000,000,016 | ---- | C] () -- C:\WINDOWS\msocreg32.dat
[2011-04-09 21:55:01 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2011-04-09 21:55:01 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011-04-09 21:55:01 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2011-04-09 21:55:01 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2011-04-09 21:55:01 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2011-04-09 21:55:01 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\ssprs.tgz
[2011-04-09 21:45:49 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\SampleTank 2.5.lnk
[2011-04-08 02:51:33 | 000,319,487 | ---- | C] () -- C:\WINDOWS\LOOP.exe
[2011-04-08 00:20:08 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\FDlg.dll
[2011-04-06 20:18:25 | 000,012,484 | -HS- | C] () -- C:\Documents and Settings\NICOU\Local Settings\Application Data\d370ib50k8d5s35bk41t72fyy28xc84
[2011-04-06 20:18:25 | 000,012,484 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\d370ib50k8d5s35bk41t72fyy28xc84
[2011-04-06 17:30:38 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2011-04-05 03:19:02 | 002,340,992 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011-04-05 03:19:02 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011-04-05 03:19:02 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011-04-05 03:19:02 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011-04-05 03:19:01 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011-04-04 19:42:04 | 000,018,782 | -HS- | C] () -- C:\Documents and Settings\NICOU\Local Settings\Application Data\t66lx23lpui6t55uvc8xwnfy34833kkwq
[2011-04-04 19:42:04 | 000,018,782 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t66lx23lpui6t55uvc8xwnfy34833kkwq
[2011-04-04 17:55:56 | 000,118,641 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2011-04-04 17:55:47 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2011-04-02 23:07:31 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\NICOU\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-04-02 03:01:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011-04-02 01:56:43 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\NICOU\Local Settings\Application Data\fusioncache.dat
[2011-04-02 00:49:14 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007-10-02 07:50:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\FxShared.dll
[2007-10-02 07:50:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\com.fxpansion.fxshared.dll
[2006-04-26 01:53:49 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006-04-26 01:53:49 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006-04-26 01:39:43 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006-04-26 01:19:13 | 000,087,275 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006-03-09 14:28:40 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat
[2005-12-02 07:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005-11-08 14:49:00 | 000,112,456 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004-08-07 10:16:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004-08-07 10:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004-08-07 10:10:30 | 000,459,522 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004-08-07 10:10:30 | 000,079,146 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004-08-07 10:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004-08-07 10:02:54 | 001,569,920 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004-08-07 09:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004-08-07 09:54:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004-08-04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004-08-04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004-08-04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004-08-04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004-08-04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004-08-04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-08-04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003-09-02 11:17:40 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2002-05-28 05:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002-05-28 05:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-07-07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
< End of report >
Matson,
Your logs look fine. Let me tell you, when you first posted your computer was very seriously infected with a nasty nasty nasty rootkit, infections like this are not to be taken lightly. Sometimes when removing this garbage it may effect some other things.
Why dont you go to Add Remove Programs in the Control Panel and uninstall the software for your keyboard and then use the set up disk that came with it and reinstall it. If you have problems with this let me know and I can direct you to a good windows forum that can help you.
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Please make sure you include the following items in your next post:
- Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan- Click the
button.
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on
to download the ESET Smart Installer. Save it to your desktop.
- Double click on the
icon on your desktop.
- Check
- Click the
button.
- Accept any security warnings from your browser.
- Check
- Make sure that the option "Remove found threats" is Unchecked
- Push the Start button.
- ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.- When the scan completes, push
- Push
, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.- Push the
button.
- Push
The log that was produced after running ESET Online Scanner.
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
