malware took other my computer

**ken545** · 2011-05-08, 21:16

Not sure about the keyboard icon, did this happen prior to us fixing your computer after one of the fixes ?

Open up Internet Explorer and go to Tools > Manage addons and look thru there for BigSeekPro , click on it to highlight and select disable

Open up Firefox and go to Tools > Addons and do the same thing

Then do this

Backup Your Registry with ERUNT:

Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.

Note: to restore your registry, go to the backup folder and start ERDNT.exe

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:processes
killallprocesses

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/anyvideo2dvd/{72451267-22A7-4C23-9DCE-A7E772A37893}
IE - HKU\S-1-5-21-967964055-2490943435-3194060227-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/anyvideo2dvd/{72451267-22A7-4C23-9DCE-A7E772A37893}
FF - prefs.js..keyword.URL: "http://www.bigseekpro.com/search/toolbar/anyvideo2dvd/{5BC4B17D-66A1-4F00-BE33-AF17ECDA68F1}?q="
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
[2011-04-28 09:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Toolbar4
[2011-04-21 03:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\Toolbar4
[2011-04-21 03:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Any Video To DVD DB Toolbar


:Services

:Reg

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

**matson** · 2011-05-08, 22:29

I think the keyboard icon went away after one of the fixes...

I am doing the back up of the registry and the scan
the log are coming next

**matson** · 2011-05-08, 22:34

Ken545 I have a question:

I disable IE as my main internet browser. the problem is I can't find it anymore to go delete the add-on...
How and where can I find the ie icon to start internet explorer?

**matson** · 2011-05-08, 22:36

Bigssekpro is not installed in firefox add-ons.
I don't see it in the firefox add-ons.
I am a bit confuse

**matson** · 2011-05-08, 22:44

I just checked IE add-ons, I don't see bigseekpro there too.
I just realized that I have a program named "any video to DVD"
I think I never installed that program. it's really suspicious because I don't convert video to DVD.

I am running the scan, but what do I do about Bigseekpro?

**matson** · 2011-05-08, 22:54

here is the OTL log after the runfix with the code

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-967964055-2490943435-3194060227-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "http://www.bigseekpro.com/search/toolbar/anyvideo2dvd/{5BC4B17D-66A1-4F00-BE33-AF17ECDA68F1}?q=" removed from keyword.URL
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{338B4DFE-2E2C-4338-9E41-E176D497299E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\NetworkService\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E} folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Toolbar4 folder moved successfully.
C:\Documents and Settings\NICOU\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files folder moved successfully.
C:\Documents and Settings\NICOU\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache folder moved successfully.
C:\Documents and Settings\NICOU\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E} folder moved successfully.
C:\Documents and Settings\NICOU\Application Data\Toolbar4 folder moved successfully.
C:\Program Files\Any Video To DVD DB Toolbar folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
Ethernet adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
C:\Documents and Settings\NICOU\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\NICOU\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
Ethernet adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : no-domain-set.bellcanada
IP Address. . . . . . . . . . . . : 192.168.2.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
C:\Documents and Settings\NICOU\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\NICOU\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\NICOU\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\NICOU\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 245894 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1259 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1513 bytes

User: NICOU
->Temp folder emptied: 1616 bytes
->Temporary Internet Files folder emptied: 76804 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 48086617 bytes
->Flash cache emptied: 582 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 103141376 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 907986 bytes

Total Files Cleaned = 145,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05082011_164823

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

**matson** · 2011-05-08, 23:00

New OTL log after reboot and fix

OTL logfile created on: 2011-05-08 16:56:16 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\NICOU\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35,01 Gb Total Space | 17,86 Gb Free Space | 51,01% Space Free | Partition Type: NTFS
Drive D: | 8,26 Gb Total Space | 1,25 Gb Free Space | 15,10% Space Free | Partition Type: FAT32
Drive F: | 19,53 Gb Total Space | 17,97 Gb Free Space | 91,98% Space Free | Partition Type: NTFS
Drive G: | 47,97 Gb Total Space | 13,82 Gb Free Space | 28,81% Space Free | Partition Type: NTFS

Computer Name: MOHICAN | User Name: NICOU | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\NICOU\Desktop\OTL.exe (OldTimer Tools)
PRC - F:\Programmes\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\Mctray.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe (Hewlett-Packard )
PRC - C:\Program Files\HPQ\shared\HpqToaster.exe ()
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\NICOU\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (StarWindServiceAE) -- F:\Programmes\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (MA_CMIDI_InstallerService) -- C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe ()
SRV - (MSSQL$SONY_MEDIAMGR) -- G:\Sony\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SONY_MEDIAMGR) -- G:\Sony\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWATI) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (MA_CMIDI) -- C:\WINDOWS\system32\drivers\ma_cmidi.sys (M-Audio)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (RDID1044) -- C:\WINDOWS\system32\drivers\rdwm1044.sys (Roland Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
DRV - (Cubase32) -- C:\WINDOWS\System32\drivers\Cubase32.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-04-29 02:18:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011-04-02 03:01:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\NICOU\Application Data\Mozilla\Extensions
[2011-04-28 23:43:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\NICOU\Application Data\Mozilla\Firefox\Profiles\mtc5e0vx.default\extensions
[2011-04-28 23:43:08 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\NICOU\Application Data\Mozilla\Firefox\Profiles\mtc5e0vx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011-04-21 13:39:04 | 000,002,382 | ---- | M] () -- C:\Documents and Settings\NICOU\Application Data\Mozilla\Firefox\Profiles\mtc5e0vx.default\searchplugins\search.xml
[2011-04-02 20:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-04-02 20:51:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011-04-02 20:51:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-04-29 02:18:39 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010-01-01 05:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011-05-08 16:48:53 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Blue Sonic.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Blue Sonic.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001-07-28 02:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-05-08 16:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Desktop\2011-05-08
[2011-05-08 16:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Desktop\Erunt
[2011-05-07 21:53:38 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\NICOU\Desktop\OTL.exe
[2011-05-07 21:52:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011-05-07 20:26:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011-05-07 15:29:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011-05-07 15:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011-05-07 15:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011-05-07 15:28:12 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011-05-07 15:28:12 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011-05-07 15:28:12 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011-05-07 15:28:12 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011-05-07 15:28:12 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011-05-07 15:28:12 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011-05-07 15:28:11 | 000,000,000 | ---D | C] -- C:\ce10f287d9ee23a3100d2f7320fdee
[2011-05-07 15:10:41 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\NICOU\Desktop\ATF-Cleaner.exe
[2011-05-06 16:15:17 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\NICOU\Desktop\aswMBR.exe
[2011-05-02 16:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011-05-02 16:28:44 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\NICOU\Desktop\esetsmartinstaller_enu.exe
[2011-05-02 16:07:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-04-29 20:45:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011-04-29 20:41:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011-04-29 20:41:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011-04-29 20:41:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011-04-29 20:41:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011-04-29 20:41:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-04-29 20:40:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-04-29 18:43:10 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\NICOU\Desktop\TDSSKiller.exe
[2011-04-29 14:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011-04-28 22:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011-04-28 22:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011-04-28 22:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011-04-28 22:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011-04-28 21:47:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\NICOU\Recent
[2011-04-28 17:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011-04-28 17:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011-04-28 09:05:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011-04-28 01:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011-04-28 00:43:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011-04-28 00:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011-04-21 03:22:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Local Settings\Application Data\Somoto
[2011-04-20 01:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Desktop\AVIAddXSubs
[2011-04-12 14:32:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NICOU\IECompatCache
[2011-04-12 01:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\OpenOffice.org
[2011-04-12 01:46:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.3
[2011-04-12 01:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2011-04-11 15:51:07 | 000,161,422 | R--- | C] (Roland Corporation) -- C:\WINDOWS\System32\drivers\rdwm1044.sys
[2011-04-11 15:51:07 | 000,081,920 | R--- | C] (Roland Corporation) -- C:\WINDOWS\System32\rdas1044.dll
[2011-04-11 15:51:06 | 000,229,376 | R--- | C] (Roland Corporation) -- C:\WINDOWS\System32\RDDP1044.DAT
[2011-04-11 15:51:05 | 000,051,644 | R--- | C] (Roland Corporation) -- C:\WINDOWS\System32\rddv1044.dll
[2011-04-11 15:09:54 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011-04-11 15:08:30 | 000,085,504 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\ma_cmidn.dll
[2011-04-11 15:08:29 | 000,021,888 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\drivers\ma_cmidi.sys
[2011-04-11 15:08:29 | 000,017,920 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\MA_CMIDI.DLL
[2011-04-11 15:08:29 | 000,014,176 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\MA_CMIDI.DRV
[2011-04-11 15:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\M-Audio MA_CMIDI
[2011-04-11 15:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio MA_CMIDI
[2011-04-11 06:04:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\AAY-Audio
[2011-04-11 06:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\D16 Group
[2011-04-11 05:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\Solid State Logic
[2011-04-11 05:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Solid State Logic
[2011-04-11 05:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Leslie Sanford
[2011-04-11 05:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PSPaudioware
[2011-04-11 05:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\G-Sonique
[2011-04-11 05:19:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\DubStation VST plug-in
[2011-04-11 05:16:48 | 000,765,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71d.dll
[2011-04-11 05:16:48 | 000,544,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71d.dll
[2011-04-11 05:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nomad Factory
[2011-04-11 05:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\My Documents\Nomad Factory
[2011-04-11 05:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Nomad Factory
[2011-04-11 05:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\SoundFonts.it GS-201 Tape Echo v1.0
[2011-04-11 04:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Spectral Design
[2011-04-11 04:35:09 | 000,011,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Cubase32.sys
[2011-04-11 04:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\WOK
[2011-04-11 04:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\discoDSP
[2011-04-11 04:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Steinberg
[2011-04-11 04:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bias
[2011-04-11 02:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\Blue Cat Audio
[2011-04-11 02:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\My Documents\KeyToSound Preferences
[2011-04-11 01:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\Daichi
[2011-04-10 21:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\FXpansion
[2011-04-10 21:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\FXpansion
[2011-04-10 18:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\JXPlugins
[2011-04-10 18:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\ReFX Junox2 VSTi v1.4
[2011-04-10 18:36:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sylenth1
[2011-04-10 17:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Local Settings\Application Data\Identities
[2011-04-10 05:28:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\EDIROL
[2011-04-10 05:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\DashSignature
[2011-04-10 05:19:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NICOU\PrivacIE
[2011-04-10 04:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\LinPlug Instruments
[2011-04-10 04:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Native Instruments FM7
[2011-04-10 03:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\Smartelectronix
[2011-04-10 03:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\My Documents\iZotope iDrum Content
[2011-04-10 01:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\AdmiralQuality
[2011-04-10 01:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\LUXONIX
[2011-04-10 01:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rob Papen Predator
[2011-04-10 01:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\GForce
[2011-04-10 01:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\GForce
[2011-04-10 00:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Timeworks
[2011-04-10 00:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Synapse
[2011-04-09 23:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\T-RackS 24
[2011-04-09 21:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\My Documents\Native Instruments
[2011-04-09 21:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Local Settings\Application Data\Native Instruments
[2011-04-09 21:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IK Multimedia
[2011-04-09 21:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IK Multimedia
[2011-04-09 21:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\InstallShield

========== Files - Modified Within 30 Days ==========

[2011-05-08 16:49:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-05-08 16:49:54 | 2145,636,352 | -HS- | M] () -- C:\hiberfil.sys
[2011-05-08 16:48:53 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011-05-08 16:26:53 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\erunt.zip
[2011-05-08 15:16:20 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\MBR.dat
[2011-05-08 14:12:07 | 000,459,522 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-05-08 14:12:07 | 000,079,146 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-05-07 21:53:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NICOU\Desktop\OTL.exe
[2011-05-07 20:18:01 | 004,343,224 | R--- | M] () -- C:\Documents and Settings\NICOU\Desktop\ComboFix.exe
[2011-05-07 15:35:17 | 001,569,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-05-07 15:15:46 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-05-07 15:10:43 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\NICOU\Desktop\ATF-Cleaner.exe
[2011-05-06 16:24:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-05-06 16:15:40 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\NICOU\Desktop\aswMBR.exe
[2011-05-02 16:28:47 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\NICOU\Desktop\esetsmartinstaller_enu.exe
[2011-04-30 16:22:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-04-29 22:46:32 | 000,011,142 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\Attach.zip
[2011-04-29 22:16:59 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\NICOU\defogger_reenable
[2011-04-29 22:12:32 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\2b4tegls.exe
[2011-04-29 22:11:54 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\dds.scr
[2011-04-29 22:11:26 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\Defogger.exe
[2011-04-29 20:45:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011-04-29 19:34:49 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\RKUnhookerLE.EXE
[2011-04-29 18:32:31 | 000,044,313 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\Lettre Yvon.pdf
[2011-04-29 18:32:12 | 000,015,475 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\Lettre Yvon.odt
[2011-04-29 13:24:53 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\NICOU\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-04-28 22:26:18 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\NICOU\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011-04-28 22:26:18 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\Spybot - Search & Destroy.lnk
[2011-04-28 18:25:11 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ihuhogewusuy.dat
[2011-04-28 17:20:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011-04-28 09:06:54 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\6AY3WTf.dat
[2011-04-28 00:21:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Xgihetiy.bin
[2011-04-28 00:20:39 | 000,157,184 | RHS- | M] () -- C:\WINDOWS\System32\MsPMSPU.dll
[2011-04-28 00:20:39 | 000,157,184 | RHS- | M] () -- C:\WINDOWS\System32\dispexv.dll
[2011-04-28 00:20:39 | 000,157,184 | RHS- | M] () -- C:\WINDOWS\System32\confmspl.dll
[2011-04-27 03:32:34 | 000,480,149 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\3l.pdf
[2011-04-20 01:08:27 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\NICOU\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-04-20 00:11:38 | 000,064,553 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\1.jpg
[2011-04-12 14:37:24 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011-04-12 01:46:20 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011-04-11 23:02:46 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss
[2011-04-11 23:02:46 | 000,000,016 | ---- | M] () -- C:\WINDOWS\msocreg32.dat
[2011-04-09 23:33:12 | 000,000,470 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\T-RackS 24.lnk
[2011-04-09 22:12:35 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2011-04-09 22:12:35 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2011-04-09 21:55:01 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2011-04-09 21:55:01 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2011-04-09 21:55:01 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth2.dll
[2011-04-09 21:55:01 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth1.dll

========== Files Created - No Company Name ==========

[2011-05-08 16:26:51 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\erunt.zip
[2011-05-07 20:17:16 | 004,343,224 | R--- | C] () -- C:\Documents and Settings\NICOU\Desktop\ComboFix.exe
[2011-05-07 15:10:28 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011-05-06 16:17:07 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\MBR.dat
[2011-04-29 22:46:32 | 000,011,142 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\Attach.zip
[2011-04-29 22:16:47 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\NICOU\defogger_reenable
[2011-04-29 22:12:21 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\2b4tegls.exe
[2011-04-29 22:11:54 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\dds.scr
[2011-04-29 22:11:26 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\Defogger.exe
[2011-04-29 20:45:20 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011-04-29 20:45:16 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011-04-29 20:41:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-04-29 20:41:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-04-29 20:41:53 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-04-29 20:41:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-04-29 20:41:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-04-29 19:34:49 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\RKUnhookerLE.EXE
[2011-04-29 18:32:30 | 000,044,313 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\Lettre Yvon.pdf
[2011-04-29 17:44:49 | 000,015,475 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\Lettre Yvon.odt
[2011-04-29 13:24:53 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\NICOU\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-04-28 22:26:18 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\NICOU\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011-04-28 22:26:18 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\Spybot - Search & Destroy.lnk
[2011-04-28 22:19:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-04-28 17:20:12 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011-04-28 09:06:54 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6AY3WTf.dat
[2011-04-28 00:21:56 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ihuhogewusuy.dat
[2011-04-28 00:21:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xgihetiy.bin
[2011-04-28 00:20:39 | 000,157,184 | RHS- | C] () -- C:\WINDOWS\System32\MsPMSPU.dll
[2011-04-28 00:20:39 | 000,157,184 | RHS- | C] () -- C:\WINDOWS\System32\dispexv.dll
[2011-04-28 00:20:39 | 000,157,184 | RHS- | C] () -- C:\WINDOWS\System32\confmspl.dll
[2011-04-27 03:32:34 | 000,480,149 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\3l.pdf
[2011-04-12 02:11:44 | 000,064,553 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\1.jpg
[2011-04-12 01:46:20 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011-04-11 15:51:08 | 000,038,401 | R--- | C] () -- C:\WINDOWS\System32\RdCi1044.dll
[2011-04-11 15:51:06 | 000,057,344 | R--- | C] () -- C:\WINDOWS\System32\RDCP1044.CPL
[2011-04-11 15:51:05 | 000,004,088 | R--- | C] () -- C:\WINDOWS\System32\Rd4t1044.DAT
[2011-04-11 15:08:29 | 000,007,282 | ---- | C] () -- C:\WINDOWS\System32\MA_CMIDI.VXD
[2011-04-11 04:42:37 | 000,129,024 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2011-04-11 04:35:09 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\wavlbsys.dll
[2011-04-10 18:36:12 | 000,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys
[2011-04-10 00:56:20 | 000,950,000 | ---- | C] () -- C:\WINDOWS\SH1001YAPA.dat
[2011-04-09 23:33:12 | 000,000,470 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\T-RackS 24.lnk
[2011-04-09 21:55:14 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\w3data.vss
[2011-04-09 21:55:14 | 000,000,016 | ---- | C] () -- C:\WINDOWS\msocreg32.dat
[2011-04-09 21:55:01 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2011-04-09 21:55:01 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011-04-09 21:55:01 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2011-04-09 21:55:01 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2011-04-09 21:55:01 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2011-04-09 21:55:01 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\ssprs.tgz
[2011-04-09 21:45:49 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\SampleTank 2.5.lnk
[2011-04-08 02:51:33 | 000,319,487 | ---- | C] () -- C:\WINDOWS\LOOP.exe
[2011-04-08 00:20:08 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\FDlg.dll
[2011-04-06 20:18:25 | 000,012,484 | -HS- | C] () -- C:\Documents and Settings\NICOU\Local Settings\Application Data\d370ib50k8d5s35bk41t72fyy28xc84
[2011-04-06 20:18:25 | 000,012,484 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\d370ib50k8d5s35bk41t72fyy28xc84
[2011-04-06 17:30:38 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2011-04-05 03:19:02 | 002,340,992 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011-04-05 03:19:02 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011-04-05 03:19:02 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011-04-05 03:19:02 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011-04-05 03:19:01 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011-04-04 19:42:04 | 000,018,782 | -HS- | C] () -- C:\Documents and Settings\NICOU\Local Settings\Application Data\t66lx23lpui6t55uvc8xwnfy34833kkwq
[2011-04-04 19:42:04 | 000,018,782 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t66lx23lpui6t55uvc8xwnfy34833kkwq
[2011-04-04 17:55:56 | 000,118,641 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2011-04-04 17:55:47 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2011-04-02 23:07:31 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\NICOU\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-04-02 03:01:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011-04-02 01:56:43 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\NICOU\Local Settings\Application Data\fusioncache.dat
[2011-04-02 00:49:14 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007-10-02 07:50:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\FxShared.dll
[2007-10-02 07:50:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\com.fxpansion.fxshared.dll
[2006-04-26 01:53:49 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006-04-26 01:53:49 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006-04-26 01:39:43 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006-04-26 01:19:13 | 000,087,275 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006-03-09 14:28:40 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat
[2005-12-02 07:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005-11-08 14:49:00 | 000,112,456 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004-08-07 10:16:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004-08-07 10:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004-08-07 10:10:30 | 000,459,522 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004-08-07 10:10:30 | 000,079,146 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004-08-07 10:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004-08-07 10:02:54 | 001,569,920 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004-08-07 09:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004-08-07 09:54:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004-08-04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004-08-04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004-08-04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004-08-04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004-08-04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004-08-04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-08-04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003-09-02 11:17:40 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2002-05-28 05:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002-05-28 05:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-07-07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

< End of report >

**ken545** · 2011-05-08, 22:38

I disable IE as my main internet browser. I dont think I am following you , I did not say to disable IE, just BigSeekPro in the addons tab

Just go ahead and run the OTL fix

Thread: malware took other my computer

Thread Tools

Display

Hybrid View

Tags for this Thread

Posting Permissions