[Solved] LiveMessenger fails to connect, suspecting malware

mbeaulie · May 29, 2011

OTL Extras logfile created on: 2011-05-29 09:25:22 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Marc\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

1,98 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 68,54% Memory free
4,76 Gb Paging File | 4,21 Gb Available in Paging File | 88,42% Paging File free
Paging file location(s): H:\pagefile.sys 3000 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 5,76 Gb Free Space | 11,79% Space Free | Partition Type: NTFS
Drive E: | 184,05 Gb Total Space | 6,64 Gb Free Space | 3,61% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 9,54 Gb Free Space | 2,05% Space Free | Partition Type: NTFS
Drive G: | 1397,26 Gb Total Space | 1221,22 Gb Free Space | 87,40% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 4,65 Gb Free Space | 1,00% Space Free | Partition Type: NTFS

Computer Name: MARC-62EE38E9F8 | User Name: Marc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1202660629-1563985344-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Games\FS2002\fs2002.exe" = C:\Program Files\Microsoft Games\FS2002\fs2002.exe:*:Enabled:Module de Microsoft Flight Simulator -- (Microsoft Corporation)
"C:\Program Files\Java\jre1.5.0_11\bin\java.exe" = C:\Program Files\Java\jre1.5.0_11\bin\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"E:\Palm\Hotsync.exe" = E:\Palm\Hotsync.exe:*:Enabled:HotSync® Manager Application -- (PalmSource, Inc)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*isabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Java\jre1.6.0_03\bin\java.exe" = C:\Program Files\Java\jre1.6.0_03\bin\java.exe:*isabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"E:\Program Files\TmNationsForever\TmForever.exe" = E:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"E:\Program Files\32nd America's Cup\VskAC32.exe" = E:\Program Files\32nd America's Cup\VskAC32.exe:*:Enabled:VskAC32 -- ()
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"E:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe" = E:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"E:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe" = E:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"E:\Program Files\Sid Meier's Railroads!\RailRoads.exe" = E:\Program Files\Sid Meier's Railroads!\RailRoads.exe:*:Enabled:Sid Meier's Railroads! -- (Firaxis Games, Inc)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*isabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\TmUnitedForever\TmForever.exe" = C:\Program Files\TmUnitedForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\Program Files\Hasbro Interactive\Monopoly\Monopoly.exe" = C:\Program Files\Hasbro Interactive\Monopoly\Monopoly.exe:*:Enabled:Monopoly -- (Hasbro Interactive)
"E:\Program Files\gnucash\bin\gnucash-bin.exe" = E:\Program Files\gnucash\bin\gnucash-bin.exe:*:Enabled:GnuCash Free Finance Manager -- ()
"E:\Program Files\gnucash\bin\gconfd-2.exe" = E:\Program Files\gnucash\bin\gconfd-2.exe:*:Enabled:GConf Settings Manager -- ()
"C:\Program Files\TightVNC\tvnserver.exe" = C:\Program Files\TightVNC\tvnserver.exe:*:Enabled:TightVNC Server -- (GlavSoft LLC.)
"C:\Program Files\TightVNC\vncviewer.exe" = C:\Program Files\TightVNC\vncviewer.exe:*:Enabled:TightVNC Viewer -- (TightVNC Group)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabledersonal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230E8DDC-FB78-4F9F-8461-22ED20DBC3BA}" = AVG 2011
"{240D4AC7-F7BC-4B51-898E-E4CB86485ECE}" = Intel Audio Studio 2.0
"{266517E6-D866-439D-919C-B8B1A52E6080}" = OpenOffice.org 3.2
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}" = Soap 3.0 Toolkit
"{2CBE667E-1193-47DC-852E-2CB4747C12E3}" = Blazing Angels Squadrons of WWII
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DCA6119-DBCF-4AB4-808C-C5214C50D2F6}" = Intel(R) Desktop Utilities
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
"{44E1DE63-C8FA-4C70-B4AA-0C49A947ACDE}" = Sid Meier's Railroads!
"{451BB54C-8B23-4455-8BDC-14FC7D43E056}" = MSXML4SP2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{55B1E4FA-F2E0-45DF-9B36-0B30A7949984}" = NWZ-S540 WALKMAN Guide
"{58297B27-7503-46BF-8179-692DE403A991}" = Diskeeper Home Edition
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74C3F338-EC1A-4F9E-85A1-7A08C36A2EA4}" = Robots
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Utilitaire de sauvegarde Windows
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7CAB59FF-432E-4973-A2A0-6E7B5C893AA5}" = ImpotExpert Updater 2009
"{8215DC5E-FDF8-4C8D-A2AC-1A0B1D6F3D3D}" = D-Link DGE-530T
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{839011A6-DF28-4E21-00AE-83482775212B}" = NBA LIVE 07
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{859FE21B-F622-4347-B8A0-4478D7971937}" = ImpotExpert 2010
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F549E9-85D0-4F12-8747-259F6C224E61}" = ImpotExpert Updater 2010
"{9799BD05-5F89-484C-008E-F50592F53440}" = Harry Potter et la Coupe de Feu™
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96D3ED0-E7B3-41F6-8BB5-F3C63D80901D}" = SplashPhoto
"{AB4862FB-0396-4E75-A523-850577EBFC73}" = Security Advisor
"{AC76BA86-7AD7-1036-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Français
"{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}" = Palm
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B62D7BE7-9D17-4F5C-8DD2-368B002EDFEC}" = Race Driver 3 Singleplayer Demo
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BABA6734-23CF-42AC-9E4C-EA2C7C80AA4E}" = AVG 2011
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E5}" = Need for Speed™ SHIFT Démo
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BF79156F-2C18-4C83-8800-FC7460A1E204}" = D-Link DFE530TX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{C5A8DF48-580B-44D3-B2B2-E965A9368F28}" = LEGO® Harry Potter™: Years 1-4
"{C9AAF970-4E7E-4C98-AD67-09C74379D345}" = Harry Potter et les Reliques de la Mort™ - Première Partie
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E085FD28-F22C-4D41-00A1-F0751BF8EFC1}" = Need for Speed™ Most Wanted PC Demo
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E8EF15A2-A7E2-4D63-B4E6-98D00123A2E7}" = ImpotExpert 2009
"{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"{EB807EB6-5179-48B7-98D4-7B4934A57A81}" = Documents To Go
"{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}" = Sid Meier's Railroads!
"{EEEFE7A9-293E-4F5F-A114-81731A9C3826}" = Intel(R) Network Connections 14.2.100.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3DGroove" = 3D Groove Playback Engine
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2007
"8461-7759-5462-8226" = Vuze
"AC3Filter" = AC3Filter (remove only)
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"After Burner 3D" = After Burner 3D
"AsUninst.exe" = Anvil Studio
"AVG" = AVG 2011
"Azureus" = Azureus
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon RAW Codec" = Canon RAW Codec
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"conduitEngine" = Conduit Engine
"Crazy Frog Racer" = Crazy Frog Racer 1.0
"Creative Media Lite" = Creative Media Lite
"Creative Removable Disk Manager" = Gestionnaire de disques amovible Creative
"CSCLIB" = Canon Camera Support Core Library
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DPP" = Canon Utilities Digital Photo Professional 3.7
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 7_is1" = DVDFab 7.0.7.0 (08/06/2010)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint" = Easy-WebPrint
"EOS Utility" = Canon Utilities EOS Utility
"ffdshow" = ffdshow (remove only)
"Flight Simulator 8.0" = Microsoft Flight Simulator 2002
"FormatFactory" = FormatFactory 2.45
"Fraps" = Fraps
"Garfield 2" = Garfield 2
"Glary Utilities_is1" = Glary Utilities 2.33.0.1158
"GnuCash_is1" = GnuCash 2.2.9
"Guitarpad_is1" = Guitarpad 2.0
"HD Tune_is1" = HD Tune 2.55
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3DCA6119-DBCF-4AB4-808C-C5214C50D2F6}" = Intel(R) Desktop Utilities
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{8215DC5E-FDF8-4C8D-A2AC-1A0B1D6F3D3D}" = D-Link DGE-530T
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{BF79156F-2C18-4C83-8800-FC7460A1E204}" = D-Link DFE530TX
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"Jetfighter 2015" = Jetfighter 2015 (remove only)
"KaraFun_is1" = KaraFun 1.18
"Loco Mania" = Loco Mania 1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mario Forever" = Mario Forever 4.0
"MetaFrame Presentation Server Web Client for Win32" = Client Web MetaFrame Presentation Server pour Win32
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monopoly" = Monopoly
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 4.0.1 (x86 fr)" = Mozilla Firefox 4.0.1 (x86 fr)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MP3 Player Recovery Tool_is1" = MP3 Player Recovery Tool
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.1
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Need For Extreme 3D_is1" = Need For Extreme 3D
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NTREGOPT_is1" = NTREGOPT 1.1j
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PitchPerfect" = PitchPerfect Uninstall
"Plane9" = Plane9 v1.5
"Pocket Tunes" = Pocket Tunes 3.1.8
"PosterPrint" = PosterPrint 2.3
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Programme de gestion Camera de Logitech®
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"rayman2" = rayman2
"RAYMANM" = RAYMANM
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"RollerCoaster Tycoon Setup" = Roll
"Snood 4_is1" = Snood 4
"sp6" = Logitech SetPoint 6.22
"SpeedFan" = SpeedFan (remove only)
"Stuart Little 2 PC" = Stuart Little 2 PC
"SystemRequirementsLab" = System Requirements Lab
"TightVNC" = TightVNC 2.0.2
"TmNationsForever_is1" = TmNationsForever
"TmUnitedForever_is1" = TmUnitedForever Update 2010-03-15
"Torino 2006_0001" = Torino 2006
"UnHackMe_is1" = UnHackMe 4.70 release
"Vim 7.0" = Vim 7.0 (self-installing)
"VN_VUIns_Rhine_D-Link" = D-Link PCI Fast Ethernet Adapter
"VskAC32_is1" = 32nd America's Cup 0.2.0.0
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media*11
"Windows XP Service" = Windows XP Service Pack*3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = WinRAR archiver
"WinStars 2.0_is1" = WinStars 2.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZENStonePlusUG" = Guide de l'utilisateur Creative ZEN Stone Plus
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1202660629-1563985344-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Reader for Palm OS" = Adobe Reader for Palm OS, 3.05
"UnityWebPlayer" = Unity Web Player
"Vuze Launcher" = Vuze Launcher
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2011-05-26 12:07:51 | Computer Name = MARC-62EE38E9F8 | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 800401FE à partir de la ligne 44
de d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 2011-05-26 12:07:52 | Computer Name = MARC-62EE38E9F8 | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 800401FE à partir de la ligne 44
de d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 2011-05-26 12:09:36 | Computer Name = MARC-62EE38E9F8 | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 800401FE à partir de la ligne 44
de d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 2011-05-26 12:09:37 | Computer Name = MARC-62EE38E9F8 | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 800401FE à partir de la ligne 44
de d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 2011-05-26 12:14:50 | Computer Name = MARC-62EE38E9F8 | Source = ESENT | ID = 484
Description = wlcomm (4044) Une tentative de retrait du dossier "C:\Documents and
Settings\Marc\Local Settings\Application Data\Microsoft\Windows Live Contacts\{a8ddfec3-ef1d-4484-a734-719655f27a5e}\DBStore\Backup\temp\"
a échoué en indiquant l'erreur système 3 (0x00000003) : "Le chemin d'accès spécifié
est introuvable. ". L'opération de retrait de dossier échouera en indiquant l'erreur
-1023 (0xfffffc01).

Error - 2011-05-26 12:14:56 | Computer Name = MARC-62EE38E9F8 | Source = ESENT | ID = 484
Description = wlcomm (4044) Une tentative de retrait du dossier "C:\Documents and
Settings\Marc\Local Settings\Application Data\Microsoft\Windows Live Contacts\{a8ddfec3-ef1d-4484-a734-719655f27a5e}\DBStore\Backup\temp\"
a échoué en indiquant l'erreur système 3 (0x00000003) : "Le chemin d'accès spécifié
est introuvable. ". L'opération de retrait de dossier échouera en indiquant l'erreur
-1023 (0xfffffc01).

Error - 2011-05-26 16:03:31 | Computer Name = MARC-62EE38E9F8 | Source = PerfNet | ID = 2004
Description = Impossible d'ouvrir le Service serveur. Les données de performance
du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
0.

Error - 2011-05-27 06:25:51 | Computer Name = MARC-62EE38E9F8 | Source = PerfNet | ID = 2004
Description = Impossible d'ouvrir le Service serveur. Les données de performance
du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
0.

Error - 2011-05-28 00:00:28 | Computer Name = MARC-62EE38E9F8 | Source = PerfNet | ID = 2004
Description = Impossible d'ouvrir le Service serveur. Les données de performance
du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
0.

Error - 2011-05-28 01:09:35 | Computer Name = MARC-62EE38E9F8 | Source = PerfNet | ID = 2004
Description = Impossible d'ouvrir le Service serveur. Les données de performance
du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
0.

[ System Events ]
Error - 2011-05-26 21:41:23 | Computer Name = MARC-62EE38E9F8 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur*: %%126

Error - 2011-05-26 21:41:23 | Computer Name = MARC-62EE38E9F8 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur*: %%126

Error - 2011-05-26 21:41:23 | Computer Name = MARC-62EE38E9F8 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur*: %%126

Error - 2011-05-26 21:41:23 | Computer Name = MARC-62EE38E9F8 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur*: %%126

Error - 2011-05-26 21:41:23 | Computer Name = MARC-62EE38E9F8 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur*: %%126

Error - 2011-05-26 21:41:23 | Computer Name = MARC-62EE38E9F8 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur*: %%126

Error - 2011-05-26 21:41:23 | Computer Name = MARC-62EE38E9F8 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur*: %%126

Error - 2011-05-26 21:41:23 | Computer Name = MARC-62EE38E9F8 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur*: %%126

Error - 2011-05-26 21:41:23 | Computer Name = MARC-62EE38E9F8 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur*: %%126

Error - 2011-05-28 00:10:06 | Computer Name = MARC-62EE38E9F8 | Source = Service Control Manager | ID = 7034
Description = Le service SecuROM User Access Service (V7) s'est terminé de façon
inattendue pour la 1ème fois.

< End of report >

Broni · May 29, 2011

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

====================================================================

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1563985344-725345543-1004\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O15 - HKU\S-1-5-21-1202660629-1563985344-725345543-1004\..Trusted Domains: ketsujin.com ([fighterace] https in Trusted sites)
O15 - HKU\S-1-5-21-1202660629-1563985344-725345543-1004\..Trusted Domains: ketsujin.com ([primary] https in Trusted sites)
O15 - HKU\S-1-5-21-1202660629-1563985344-725345543-1004\..Trusted Domains: ketsujin.com ([update] https in Trusted sites)
O15 - HKU\S-1-5-21-1202660629-1563985344-725345543-1004\..Trusted Domains: ketsujin.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1202660629-1563985344-725345543-1004\..Trusted Domains: stormofaces.com ([www] https in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/Driver...sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] 
@Alternate Data Stream - 489 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

mbeaulie · May 29, 2011

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-1202660629-1563985344-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
Registry key HKEY_USERS\S-1-5-21-1202660629-1563985344-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ketsujin.com\fighterace\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1202660629-1563985344-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ketsujin.com\primary\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1202660629-1563985344-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ketsujin.com\update\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1202660629-1563985344-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ketsujin.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1202660629-1563985344-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\stormofaces.com\www\ deleted successfully.
Starting removal of ActiveX control {00000055-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\fhg.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000055-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP folder deleted successfully.
C:\WINDOWS\NV1886584.TMP\nv3d.chm deleted successfully.
C:\WINDOWS\NV1886584.TMP\nvcpl.chm deleted successfully.
C:\WINDOWS\NV1886584.TMP\nvdsp.chm deleted successfully.
C:\WINDOWS\NV1886584.TMP\nvmob.chm deleted successfully.
C:\WINDOWS\NV1886584.TMP folder deleted successfully.
C:\WINDOWS\NV19081000.TMP\nv3d.chm deleted successfully.
C:\WINDOWS\NV19081000.TMP\nvcpl.chm deleted successfully.
C:\WINDOWS\NV19081000.TMP\nvdsp.chm deleted successfully.
C:\WINDOWS\NV19081000.TMP\nvmob.chm deleted successfully.
C:\WINDOWS\NV19081000.TMP folder deleted successfully.
C:\WINDOWS\NV32401640.TMP\nv3d.chm deleted successfully.
C:\WINDOWS\NV32401640.TMP\nvcpl.chm deleted successfully.
C:\WINDOWS\NV32401640.TMP\nvdsp.chm deleted successfully.
C:\WINDOWS\NV32401640.TMP\nvmob.chm deleted successfully.
C:\WINDOWS\NV32401640.TMP folder deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3d.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3dara.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3dchs.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3dcht.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3dcsy.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3ddan.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3ddeu.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3dell.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3deng.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3desm.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3desn.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3dfin.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3dfra.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3dheb.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3dhun.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3dita.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3djpn.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3dkor.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3dnld.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3dnor.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3dplk.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3dptb.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3dptg.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3drus.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3dsky.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3dslv.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3dsve.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3dtha.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nv3dtrk.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcpl.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcplara.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcplchs.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcplcht.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcplcsy.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcpldan.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcpldeu.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcplell.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcpleng.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcplesm.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcplesn.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcplfin.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcplfra.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcplheb.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcplhun.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcplita.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcpljpn.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcplkor.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcplnld.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcplnor.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcplplk.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcplptb.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcplptg.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcplrus.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcplsky.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcplslv.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcplsve.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcpltha.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvcpltrk.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdsp.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdspara.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdspchs.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdspcht.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdspcsy.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdspdan.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdspdeu.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdspell.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdspeng.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdspesm.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdspesn.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdspfin.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdspfra.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdspheb.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdsphun.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdspita.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdspjpn.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdspkor.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdspnld.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdspnor.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdspplk.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdspptb.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdspptg.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdsprus.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdspsky.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdspslv.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdspsve.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdsptha.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvdsptrk.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmob.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobara.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobchs.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobcht.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobcsy.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobdan.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobdeu.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobell.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobeng.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobesm.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobesn.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobfin.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobfra.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobheb.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobhun.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobita.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobjpn.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobkor.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobnld.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobnor.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobplk.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobptb.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobptg.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobrus.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobsky.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobslv.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobsve.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobtha.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP\nvmobtrk.chm deleted successfully.
C:\WINDOWS\NV37203884.TMP folder deleted successfully.
C:\WINDOWS\NV37883824.TMP\nv3d.chm deleted successfully.
C:\WINDOWS\NV37883824.TMP\nvcpl.chm deleted successfully.
C:\WINDOWS\NV37883824.TMP\nvdsp.chm deleted successfully.
C:\WINDOWS\NV37883824.TMP\nvmob.chm deleted successfully.
C:\WINDOWS\NV37883824.TMP folder deleted successfully.
C:\WINDOWS\SET25.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Genevieve
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 263321 bytes
->FireFox cache emptied: 88580568 bytes
->Flash cache emptied: 15882 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 112094 bytes

User: Marc
->Temp folder emptied: 416626 bytes
->Temporary Internet Files folder emptied: 4212779 bytes
->Java cache emptied: 9079401 bytes
->FireFox cache emptied: 409445049 bytes
->Flash cache emptied: 120047 bytes

User: Marianne
->Temp folder emptied: 816 bytes
->Temporary Internet Files folder emptied: 64699 bytes
->Java cache emptied: 1571857 bytes
->FireFox cache emptied: 453363114 bytes
->Flash cache emptied: 103885 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Sylvie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 15512587 bytes
->FireFox cache emptied: 43143386 bytes
->Flash cache emptied: 706 bytes

User: Xavier
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 26071504 bytes
->FireFox cache emptied: 155947260 bytes
->Flash cache emptied: 2377263 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17140 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1*155,00 mb

[EMPTYFLASH]

User: Administrateur

User: All Users

User: Default User

User: Genevieve
->Flash cache emptied: 0 bytes

User: LocalService

User: Marc
->Flash cache emptied: 0 bytes

User: Marianne
->Flash cache emptied: 0 bytes

User: NetworkService

User: Sylvie
->Flash cache emptied: 0 bytes

User: Xavier
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 05292011_201756

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

mbeaulie · May 29, 2011

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
AVG 2011
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java(TM) 6 Update 24
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.3.181.14
Adobe Reader X (10.0.1) - Français
Mozilla Firefox (x86 fr..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

Broni · May 29, 2011

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

....and Eset...

mbeaulie · May 29, 2011

Sorry about skipping the Java part... Ran it and it crashed the first time around. Ran it a second time and it did not find anything to clean so I assume it crashed after doing it's job. Should I rerun the parts that were supposed to be AFTER it?

ESet running now...

Marc

Broni · May 29, 2011

You can post fresh SecurityCheck log and we'll see what happened.

mbeaulie · May 30, 2011

C:\System Volume Information\_restore{3A14DA4E-0831-4971-A57E-F84E26567476}\RP1695\A0271837.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{3A14DA4E-0831-4971-A57E-F84E26567476}\RP1695\A0271838.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{3A14DA4E-0831-4971-A57E-F84E26567476}\RP1695\A0271839.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{3A14DA4E-0831-4971-A57E-F84E26567476}\RP1695\A0271840.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{3A14DA4E-0831-4971-A57E-F84E26567476}\RP1695\A0271841.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{3A14DA4E-0831-4971-A57E-F84E26567476}\RP1695\A0271842.rbf Win32/RegistryBooster application
E:\Documents de Marc\Téléchargements\registrybooster.exe Win32/RegistryBooster application
E:\Mes documents\Téléchargements\setup.exe a variant of Win32/Adware.ErrorRepair application

Broni · May 30, 2011

Were you able to fix Java?

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL

:Services

:Reg

:Files
E:\Documents de Marc\Téléchargements\registrybooster.exe 
E:\Mes documents\Téléchargements\setup.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
====================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

mbeaulie · May 31, 2011

The java cleanup did work fine, and I now have the latest...

OTL logs:
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
E:\Documents de Marc\Téléchargements\registrybooster.exe moved successfully.
E:\Mes documents\Téléchargements\setup.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Genevieve
->Temp folder emptied: 3400 bytes
->Temporary Internet Files folder emptied: 105813 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 40843413 bytes
->Flash cache emptied: 877 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Marc
->Temp folder emptied: 11874848 bytes
->Temporary Internet Files folder emptied: 7353240 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 69018034 bytes
->Flash cache emptied: 790 bytes

User: Marianne
->Temp folder emptied: 954 bytes
->Temporary Internet Files folder emptied: 61975 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Sylvie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Xavier
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 123,00 mb

[EMPTYFLASH]

User: Administrateur

User: All Users

User: Default User

User: Genevieve
->Flash cache emptied: 0 bytes

User: LocalService

User: Marc
->Flash cache emptied: 0 bytes

User: Marianne
->Flash cache emptied: 0 bytes

User: NetworkService

User: Sylvie
->Flash cache emptied: 0 bytes

User: Xavier
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 05312011_005558

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

mbeaulie · May 31, 2011

Restore point removal log:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Genevieve
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Marc
->Temp folder emptied: 577052 bytes
->Temporary Internet Files folder emptied: 61975 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 9944330 bytes
->Flash cache emptied: 790 bytes

User: Marianne
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Sylvie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Xavier
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 10,00 mb

[EMPTYFLASH]

User: Administrateur

User: All Users

User: Default User

User: Genevieve
->Flash cache emptied: 0 bytes

User: LocalService

User: Marc
->Flash cache emptied: 0 bytes

User: Marianne
->Flash cache emptied: 0 bytes

User: NetworkService

User: Sylvie
->Flash cache emptied: 0 bytes

User: Xavier
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.23.0 log created on 05312011_010149

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

mbeaulie · May 31, 2011

OK, cleaned the restore points, uninstalled the tools and installed the programs to check S/W versions.(and updated or removed some packages... some I cannot for lack of $$$ or conflicts with other apps.)

Also had another chat with the kids about PC online security and protecting personal info and themselves.

MSN is still broken, for some accounts, but at least I now have cleared the malware possibility!

Thanks you very much for your dedication to helping me and others!

Marc

Broni · May 31, 2011

You're very welcome

Good luck and stay safe

mbeaulie · Jun 2, 2011

Just a quick update: When I tried to update my NVidia driver, the install kept failling.

I traced it to permission problems in the registry. I fixed those permission issues through some subinacl commands and drivers installed fine after that.

MSN also started working OK on all accounts so I assume the bad permissions were causing the MSN issues too!

Happy now!

Thanks!

Marc

Broni · Jun 2, 2011

Great news

TechSpot

[Solved] LiveMessenger fails to connect, suspecting malware

mbeaulie Newcomer, in training

Broni Malware Annihilator

mbeaulie Newcomer, in training

mbeaulie Newcomer, in training

Broni Malware Annihilator

mbeaulie Newcomer, in training

Broni Malware Annihilator

mbeaulie Newcomer, in training

Broni Malware Annihilator

mbeaulie Newcomer, in training

mbeaulie Newcomer, in training

mbeaulie Newcomer, in training

Broni Malware Annihilator

mbeaulie Newcomer, in training

Broni Malware Annihilator