Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

removing aleuron trojan

Started by paleoclimber , Jun 19 2011 11:05 PM

  • Please log in to reply

#1
paleoclimber
Posted 19 June 2011 - 11:05 PM

paleoclimber

    New Member

  • Member
  • Pip
  • 1 posts
I have been trying various anti-malware and anti-virus programs to remove a rather stubborn Alureon trojan. I have followed the guidlines you put forth for generating a log file. I would like any help that can be offered in removing this trojan from my computer. I have been experiencing system slow-down, pop ups, and redirected browser windows, if that helps. I have been running Microsoft Security Essentials, which has detected but not effectively removed or quarantined the trojan. I am also running Spybot Search and Destroy, which has not detected the trojan as of yet.

Thanks!


******* Here is the OTL.txt output:************

OTL logfile created on: 6/19/2011 11:51:05 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\David\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 58.13% Memory free
5.20 Gb Paging File | 4.08 Gb Available in Paging File | 78.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 23.37 Gb Free Space | 20.90% Space Free | Partition Type: NTFS

Computer Name: PALEOCLIMBER | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/19 23:50:50 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\David\Downloads\OTL.exe
PRC - [2011/05/02 15:06:45 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/08 14:24:02 | 003,600,184 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/29 20:01:28 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2006/11/29 19:44:36 | 000,054,288 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2005/05/20 19:41:42 | 000,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2004/02/20 16:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe


========== Modules (SafeList) ==========

MOD - [2011/06/19 23:50:50 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\David\Downloads\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/28 15:22:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005/05/20 19:41:42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)


========== Driver Services (SafeList) ==========

DRV - [2011/06/19 23:19:48 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C10CD206-480F-4E34-AFE8-ED8FE1F3C1BC}\MpKsl77601fd9.sys -- (MpKsl77601fd9)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/08/26 22:40:48 | 000,168,648 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\C771VSP.sys -- (C771VSP)
DRV - [2010/08/26 22:40:40 | 000,057,672 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\C771BUS.sys -- (C771BUS)
DRV - [2008/01/18 23:25:05 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/10/13 22:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/05/26 10:59:12 | 001,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sthda.sys -- (STHDA)
DRV - [2006/02/21 21:32:32 | 000,226,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/02/08 20:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006/02/03 02:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/01/31 21:35:28 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/12/29 02:28:08 | 000,055,680 | ---- | M] (Micro Vision Co.,Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mvc25U870.sys -- (Mvc25U870_VID_1262&PID_25FD)
DRV - [2005/12/14 20:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/11/24 16:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/11/21 17:06:02 | 000,009,216 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\shpf.sys -- (shpf)
DRV - [2005/11/11 18:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/10/18 19:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 19:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 19:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/17 11:43:00 | 000,241,408 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/08/01 19:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 21:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/01/06 16:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/22 15:31:00 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2002/08/20 21:59:32 | 000,071,961 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyPI.sys -- (SPI)
DRV - [2000/11/09 22:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 0E E6 D6 D9 03 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:3.12.2.100005
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {fa038e8f-d1d1-11db-9705-005056c00008}:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:6.2.2.1363
FF - prefs.js..extensions.enabledItems: {5c58152d-046f-4354-844d-c57d206a57bb}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/18 22:25:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/19 13:06:19 | 000,000,000 | ---D | M]

[2010/06/20 16:47:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2010/06/20 16:47:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/06/19 13:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\joj0f8dy.default\extensions
[2009/09/02 15:02:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\joj0f8dy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/13 10:25:20 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\joj0f8dy.default\extensions\{5c58152d-046f-4354-844d-c57d206a57bb}
[2010/01/30 20:30:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\joj0f8dy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/07 12:32:27 | 000,000,000 | ---D | M] (Steep and Cheap Watcher) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\joj0f8dy.default\extensions\{fa038e8f-d1d1-11db-9705-005056c00008}
[2010/01/09 14:25:53 | 000,000,000 | ---D | M] (Brociety Watcher) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\joj0f8dy.default\extensions\[email protected]
[2010/01/08 21:37:32 | 000,000,000 | ---D | M] (Tramdock Watcher) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\joj0f8dy.default\extensions\[email protected]
[2009/12/26 12:13:23 | 000,000,000 | ---D | M] ("Upromise TurboSaver") -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\joj0f8dy.default\extensions\[email protected]
[2011/03/25 11:45:52 | 000,002,568 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\joj0f8dy.default\searchplugins\askcom.xml
[2011/06/17 16:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/15 15:00:38 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/01 21:15:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/11 11:57:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/20 21:22:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/03/29 20:59:13 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2011/06/19 13:19:42 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

Hosts file not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [Switcher.exe] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macr...are/awswaxf.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\David\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\David\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{34972740-7f30-11e0-adae-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{34972740-7f30-11e0-adae-0013a93c028e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\TL-Bootstrap.exe
O33 - MountPoints2\{3712a083-7308-11de-94a9-0013a93c028e}\Shell\AutoRun\command - "" = F:\msnmesgr.exe[autorun]
O33 - MountPoints2\{3712a083-7308-11de-94a9-0013a93c028e}\Shell\open\command - "" = H:\winlog.exe
O33 - MountPoints2\{64c174ea-8587-11e0-a1a4-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{64c174ea-8587-11e0-a1a4-0013a93c028e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\TL-Bootstrap.exe
O33 - MountPoints2\{972cb28c-9f1c-11df-aba2-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{972cb28c-9f1c-11df-aba2-0013a93c028e}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{a5ad7508-6f56-11e0-b66f-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{a5ad7508-6f56-11e0-b66f-0013a93c028e}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{af464fde-7158-11de-b5b2-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{af464fde-7158-11de-b5b2-0013a93c028e}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{bf9ab648-82a2-11de-8db7-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{bf9ab648-82a2-11de-8db7-0013a93c028e}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{bf9ab657-82a2-11de-8db7-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{bf9ab657-82a2-11de-8db7-0013a93c028e}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{bf9ab65e-82a2-11de-8db7-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{bf9ab65e-82a2-11de-8db7-0013a93c028e}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{bf9ab666-82a2-11de-8db7-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{bf9ab666-82a2-11de-8db7-0013a93c028e}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{bf9ab7e4-82a2-11de-8db7-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{bf9ab7e4-82a2-11de-8db7-0013a93c028e}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{bf9ab807-82a2-11de-8db7-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{bf9ab807-82a2-11de-8db7-0013a93c028e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{bf9ab823-82a2-11de-8db7-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{bf9ab823-82a2-11de-8db7-0013a93c028e}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{bf9ab82b-82a2-11de-8db7-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{bf9ab82b-82a2-11de-8db7-0013a93c028e}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/19 22:55:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/19 14:17:55 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/06/19 14:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/06/19 14:17:48 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Notepad++
[2011/06/19 14:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2011/06/19 13:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/19 13:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2011/06/19 11:58:36 | 000,000,000 | ---D | C] -- C:\dca443b5c3b67f630aab319f73
[2011/06/19 11:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/06/18 22:31:09 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/06/18 16:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\Cockatrice
[2011/06/17 16:07:50 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/06/17 16:06:59 | 000,000,000 | ---D | C] -- C:\Users\David\FrostWire
[2011/06/17 16:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2011/06/17 15:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2011/05/26 22:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/05/23 19:27:31 | 000,168,648 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\C771VSP.sys
[2011/05/23 19:27:31 | 000,057,672 | ---- | C] (DEVGURU Co., LTD.) -- C:\Windows\System32\drivers\C771BUS.sys
[2011/05/23 19:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VerizonWireless
[2011/05/23 17:28:52 | 000,000,000 | ---D | C] -- C:\Temp
[2011/02/27 17:51:59 | 011,447,056 | ---- | C] (Mozy, Inc.) -- C:\ProgramData\Tempmozy-autoupdate-c0261ff8012aad585d55140a9b6ddcb9.exe
[2011/02/20 16:30:08 | 011,444,496 | ---- | C] (Mozy, Inc.) -- C:\ProgramData\Tempmozy-update-1f7fe3012a1778a4fc7c5075f2f61812.exe
[2011/01/23 16:41:52 | 011,336,456 | ---- | C] (Mozy, Inc.) -- C:\ProgramData\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe

========== Files - Modified Within 30 Days ==========

[2011/06/19 23:50:56 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BA9423DB-8056-4776-AE84-887F63AD39CB}.job
[2011/06/19 23:20:02 | 000,005,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/19 23:20:01 | 000,005,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/19 23:19:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/19 23:19:23 | 2673,975,296 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/19 23:18:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/19 23:06:48 | 000,001,109 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/19 23:06:48 | 000,001,085 | ---- | M] () -- C:\Users\David\Desktop\Spybot - Search & Destroy.lnk
[2011/06/19 15:32:59 | 000,003,900 | ---- | M] () -- C:\Windows\mozy.flt
[2011/06/19 15:32:59 | 000,003,294 | ---- | M] () -- C:\Windows\mozy.blk
[2011/06/19 13:21:19 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/06/19 13:20:50 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/19 13:20:50 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/19 13:14:14 | 000,000,776 | ---- | M] () -- C:\Windows\tasks\{D0EB6E0E-FB65-4309-82EE-B129069E6F4C}.job
[2011/06/19 13:06:19 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/06/19 12:08:52 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI

========== Files Created - No Company Name ==========

[2011/06/19 18:55:47 | 000,000,392 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{BA9423DB-8056-4776-AE84-887F63AD39CB}.job
[2011/06/19 13:21:19 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/06/19 13:20:33 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/19 13:14:14 | 000,000,776 | ---- | C] () -- C:\Windows\tasks\{D0EB6E0E-FB65-4309-82EE-B129069E6F4C}.job
[2011/06/19 12:08:52 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/07/08 22:42:14 | 000,003,060 | -HS- | C] () -- C:\ProgramData\1611333359
[2010/07/08 22:42:13 | 000,000,817 | ---- | C] () -- C:\ProgramData\811249343
[2010/05/07 22:34:55 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010/05/02 23:15:17 | 000,000,000 | ---- | C] () -- C:\Users\David\AppData\Local\prvlcl.dat
[2009/09/23 18:14:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/23 18:14:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/02/25 03:27:14 | 000,029,239 | ---- | C] () -- C:\Users\David\AppData\Roaming\UserTile.png
[2009/02/07 22:13:33 | 000,002,032 | ---- | C] () -- C:\Users\David\AppData\Local\d3d9caps.dat
[2009/01/29 10:46:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/22 02:35:02 | 000,018,432 | ---- | C] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/20 19:13:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/01/20 18:40:50 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 001,607,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,606,602 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/09/02 17:44:08 | 000,110,592 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2005/07/23 00:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2004/07/20 20:04:02 | 000,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll
[2004/01/15 17:43:28 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TBTMonUI.dll

========== LOP Check ==========

[2010/06/13 02:32:03 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Facebook
[2011/03/23 14:59:47 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\MEGA5_5110307
[2011/06/19 20:40:50 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Notepad++
[2010/07/13 12:45:34 | 000,000,000 | -HSD | M] -- C:\Users\David\AppData\Roaming\SystemProc
[2011/06/19 23:18:40 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/19 23:50:56 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BA9423DB-8056-4776-AE84-887F63AD39CB}.job
[2011/06/19 13:14:14 | 000,000,776 | ---- | M] () -- C:\Windows\Tasks\{D0EB6E0E-FB65-4309-82EE-B129069E6F4C}.job

========== Purity Check ==========



< End of report >





***********And here is the Extras.txt report************
OTL Extras logfile created on: 6/19/2011 11:51:05 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\David\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 58.13% Memory free
5.20 Gb Paging File | 4.08 Gb Available in Paging File | 78.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 23.37 Gb Free Space | 20.90% Space Free | Partition Type: NTFS

Computer Name: PALEOCLIMBER | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023BB993-58C0-4AB7-B6B2-4F0346642AAB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17B2C638-7EC4-4DAF-B7F6-474FD77FD230}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{32C355C5-7F50-4B36-A7AB-F4FCB32C8898}" = lport=139 | protocol=6 | dir=in | app=system |
"{33AB0669-B683-4C14-B503-B60B4FC4124D}" = rport=138 | protocol=17 | dir=out | app=system |
"{33DDC023-B3BA-4FA0-99DF-CF80C0E92962}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{375860C3-6994-43E7-A90F-78E6BE4D2718}" = rport=139 | protocol=6 | dir=out | app=system |
"{443200B2-36C5-4B24-BEC9-80AEAA686FD3}" = rport=137 | protocol=17 | dir=out | app=system |
"{44D993CB-B8FF-46DA-AC88-B44DBE3FC93D}" = lport=138 | protocol=17 | dir=in | app=system |
"{475F8FF5-19C4-4AC7-B32B-E5F628AE065A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{532177EC-1323-4751-9F7F-67D5E805DCE5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{7817E3E0-EE73-44A7-A68A-31742407DD8C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8CED282F-3D5F-49E5-8F45-F7303DCEE6D5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A21472FA-C36C-4B1A-B9F6-F5C48CE26E46}" = lport=445 | protocol=6 | dir=in | app=system |
"{A939E210-E266-43CB-8691-57B07B5E8DF9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E2C7E043-1E3A-491E-B013-BD52F76CE76F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EA094269-01DF-40B3-8EBC-FDA17A3AD8D9}" = lport=137 | protocol=17 | dir=in | app=system |
"{EE593E4E-AA49-43E2-906E-BEBB50253AD8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FA1CB502-CB9C-4D69-AF37-67F358562108}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0521B516-933B-465E-A8C6-0B31CB1755C0}" = protocol=1 | dir=out | [email protected],-28544 |
"{231C0018-8EFE-4795-8D50-001B3BF7F8A4}" = protocol=58 | dir=in | [email protected],-28545 |
"{3B0C8653-CC4E-4FEC-AE56-41C72585C804}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4BC7AC36-2C90-41B2-852E-CE69090411BB}" = protocol=1 | dir=in | [email protected],-28543 |
"{4D876FF5-CD30-4EB3-9AFF-CE1BB6268570}" = protocol=17 | dir=in | app=c:\users\david\music\limewire\limewire.exe |
"{501C0BEE-5A21-4ABD-A519-D13399216F94}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5230678F-2973-4E6E-A651-154EAB917670}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6F7DFEC1-2CA2-4628-ABD0-E6911A7E0B5F}" = protocol=6 | dir=in | app=c:\users\david\music\limewire\limewire.exe |
"{8726CDE8-8C15-4432-BA8F-F0EB2353F0E8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9DCADF9F-222E-4128-A461-FA7C4AAFAED6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AB5CB06E-BC49-48AC-A320-EB17A0465205}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AFAE26A6-5B0B-4C54-A67E-E6FFBC8549AD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B0E2B4E8-99A2-4047-B5ED-178C7703AF72}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F40A0DFD-BA06-4477-A9FD-E39A0935B116}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F521617A-6CBD-4549-857C-916DE703DF0E}" = protocol=58 | dir=out | [email protected],-28546 |
"TCP Query User{A6E6BAD2-B872-4CD0-B720-4D6D60385423}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C569941B-57A9-46FC-A79C-D25725E18B78}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{F0303F94-5CBC-4A58-B55A-439E7F41355E}C:\users\david\music\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\users\david\music\limewire\limewire.exe |
"UDP Query User{4D088BE0-6BB3-4748-A5F7-B413ACA78ACC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{EA92038F-CE65-40FC-BD12-9A3A7C0C0D08}C:\users\david\music\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\users\david\music\limewire\limewire.exe |
"UDP Query User{EF594F0A-C1A2-4642-BF48-02B5405BD20E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{10113A44-CBFF-4FF7-8A13-BD1EC4180C56}" = Protector Suite QL 5.6
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 22
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82808A16-D448-4FBF-9AE9-75AF3FC240DC}_is1" = MEGA5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F41F431-071E-5B44-2EEE-5C51173D6498}" = MozyHome
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{FC8BC9C6-7A6F-475E-848B-3FC3CA0BFE19}" = C771 USB Driver V1.0.11.0
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Bejeweled Deluxe 1.87" = Bejeweled Deluxe 1.87
"Bejeweled Twist 1.0" = Bejeweled Twist 1.0
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InterActual Player" = InterActual Player
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Notepad++" = Notepad++
"Populus" = Populus
"R for Windows 2.10.1_is1" = R for Windows 2.10.1
"Search Toolbar" = Search Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/21/2010 10:18:00 AM | Computer Name = paleoclimber | Source = VSS | ID = 8194
Description =

Error - 4/21/2010 10:20:02 AM | Computer Name = paleoclimber | Source = VSS | ID = 8194
Description =

Error - 4/24/2010 2:15:27 PM | Computer Name = paleoclimber | Source = Application Hang | ID = 1002
Description = The program Photoshop.exe version 10.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: a20 Start Time: 01cae3d9ce2ec8f1 Termination Time: 12

Error - 4/24/2010 3:28:03 PM | Computer Name = paleoclimber | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 4/25/2010 12:17:14 AM | Computer Name = paleoclimber | Source = Application Error | ID = 1000
Description = Faulting application Illustrator.exe, version 13.0.128.0, time stamp
0x45fa64db, faulting module Illustrator.exe, version 13.0.128.0, time stamp 0x45fa64db,
exception code 0xc0000005, fault offset 0x004b2850, process id 0x15d8, application
start time 0x01cae40ca19efc4c.

Error - 4/25/2010 1:00:04 PM | Computer Name = paleoclimber | Source = Application Hang | ID = 1002
Description = The program Photoshop.exe version 10.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 570 Start Time: 01cae498a18d58e3 Termination Time: 68

Error - 4/26/2010 11:11:17 AM | Computer Name = paleoclimber | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: dac Start Time: 01cae53dd9151d1e Termination Time: 0

Error - 4/26/2010 1:16:42 PM | Computer Name = paleoclimber | Source = Windows Search Service | ID = 3013
Description =

Error - 4/26/2010 11:38:34 PM | Computer Name = paleoclimber | Source = Windows Search Service | ID = 3013
Description =

Error - 4/30/2010 7:01:18 PM | Computer Name = paleoclimber | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 10/29/2009 11:45:03 PM | Computer Name = paleoclimber | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/16/2010 11:57:08 PM | Computer Name = paleoclimber | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 8/8/2010 7:08:55 PM | Computer Name = paleoclimber | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 864
seconds with 120 seconds of active time. This session ended with a crash.

Error - 10/20/2010 8:43:21 PM | Computer Name = paleoclimber | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22798
seconds with 8640 seconds of active time. This session ended with a crash.

Error - 10/24/2010 1:04:06 PM | Computer Name = paleoclimber | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 897
seconds with 660 seconds of active time. This session ended with a crash.

Error - 10/24/2010 1:23:56 PM | Computer Name = paleoclimber | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1169
seconds with 660 seconds of active time. This session ended with a crash.

Error - 10/24/2010 1:38:08 PM | Computer Name = paleoclimber | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 832
seconds with 540 seconds of active time. This session ended with a crash.

Error - 10/25/2010 10:38:39 PM | Computer Name = paleoclimber | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2248
seconds with 1680 seconds of active time. This session ended with a crash.

Error - 10/26/2010 2:07:03 PM | Computer Name = paleoclimber | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8208
seconds with 420 seconds of active time. This session ended with a crash.

Error - 10/26/2010 4:43:31 PM | Computer Name = paleoclimber | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9371
seconds with 960 seconds of active time. This session ended with a crash.

Error - 10/26/2010 5:12:54 PM | Computer Name = paleoclimber | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19442
seconds with 4560 seconds of active time. This session ended with a crash.

Error - 11/22/2010 2:36:04 AM | Computer Name = paleoclimber | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20704
seconds with 8700 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/19/2011 11:32:08 PM | Computer Name = paleoclimber | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147636949

Name:
Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_AlureonMbr

Detection
Origin: %%844 Detection Type: %%822 Detection Source: %%820 User: paleoclimber\David

Process
Name: Unknown Action: %%809 Action Status: To finish removing malware and other
potentially unwanted software, restart the computer. To see how to finish removing
malware and other potentially unwanted software, see the support article on the
Microsoft Security website. Error Code: 0x80070032 Error description: The request
is not supported. Signature Version: AV: 1.105.2325.0, AS: 1.105.2325.0, NIS: 9.196.0.0

Engine
Version: AM: 1.1.6903.0, NIS: 2.0.5854.0

Error - 6/19/2011 11:34:17 PM | Computer Name = paleoclimber | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 6/19/2011 11:34:54 PM | Computer Name = paleoclimber | Source = Service Control Manager | ID = 7000
Description =

Error - 6/19/2011 11:45:18 PM | Computer Name = paleoclimber | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147636949

Name:
Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_AlureonMbr

Detection
Origin: %%844 Detection Type: %%822 Detection Source: %%815 User: paleoclimber\David

Process
Name: Unknown Action: %%808 Action Status: To finish removing malware and other
potentially unwanted software, restart the computer. To see how to finish removing
malware and other potentially unwanted software, see the support article on the
Microsoft Security website. Error Code: 0x80070032 Error description: The request
is not supported. Signature Version: AV: 1.105.2325.0, AS: 1.105.2325.0, NIS: 9.196.0.0

Engine
Version: AM: 1.1.6903.0, NIS: 2.0.5854.0

Error - 6/19/2011 11:56:08 PM | Computer Name = paleoclimber | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147636949

Name:
Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_AlureonMbr

Detection
Origin: %%844 Detection Type: %%822 Detection Source: %%815 User: paleoclimber\David

Process
Name: Unknown Action: %%808 Action Status: To finish removing malware and other
potentially unwanted software, restart the computer. To see how to finish removing
malware and other potentially unwanted software, see the support article on the
Microsoft Security website. Error Code: 0x80070032 Error description: The request
is not supported. Signature Version: AV: 1.105.2325.0, AS: 1.105.2325.0, NIS: 9.196.0.0

Engine
Version: AM: 1.1.6903.0, NIS: 2.0.5854.0

Error - 6/19/2011 11:56:08 PM | Computer Name = paleoclimber | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147636949

Name:
Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_AlureonMbr

Detection
Origin: %%844 Detection Type: %%822 Detection Source: %%815 User: paleoclimber\David

Process
Name: Unknown Action: %%809 Action Status: To finish removing malware and other
potentially unwanted software, restart the computer. To see how to finish removing
malware and other potentially unwanted software, see the support article on the
Microsoft Security website. Error Code: 0x80070032 Error description: The request
is not supported. Signature Version: AV: 1.105.2325.0, AS: 1.105.2325.0, NIS: 9.196.0.0

Engine
Version: AM: 1.1.6903.0, NIS: 2.0.5854.0

Error - 6/20/2011 12:07:31 AM | Computer Name = paleoclimber | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147636949

Name:
Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_AlureonMbr

Detection
Origin: %%844 Detection Type: %%822 Detection Source: %%815 User: paleoclimber\David

Process
Name: Unknown Action: %%808 Action Status: To finish removing malware and other
potentially unwanted software, restart the computer. To see how to finish removing
malware and other potentially unwanted software, see the support article on the
Microsoft Security website. Error Code: 0x80070032 Error description: The request
is not supported. Signature Version: AV: 1.105.2325.0, AS: 1.105.2325.0, NIS: 9.196.0.0

Engine
Version: AM: 1.1.6903.0, NIS: 2.0.5854.0

Error - 6/20/2011 12:07:31 AM | Computer Name = paleoclimber | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147636949

Name:
Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_AlureonMbr

Detection
Origin: %%844 Detection Type: %%822 Detection Source: %%815 User: paleoclimber\David

Process
Name: Unknown Action: %%809 Action Status: To finish removing malware and other
potentially unwanted software, restart the computer. To see how to finish removing
malware and other potentially unwanted software, see the support article on the
Microsoft Security website. Error Code: 0x80070032 Error description: The request
is not supported. Signature Version: AV: 1.105.2325.0, AS: 1.105.2325.0, NIS: 9.196.0.0

Engine
Version: AM: 1.1.6903.0, NIS: 2.0.5854.0

Error - 6/20/2011 12:20:14 AM | Computer Name = paleoclimber | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 6/20/2011 12:21:08 AM | Computer Name = paleoclimber | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

Advertisements

#2
RKinner
Posted 20 June 2011 - 08:35 PM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


Uninstall
Ask Toolbar (If you still have)
Frostwire (If you still have)
Search Toolbar
Java™ 6 Update 22

Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {5c58152d-046f-4354-844d-c57d206a57bb}:1.0
[2010/07/13 10:25:20 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\joj0f8dy.default\extensions\{5c58152d-046f-4354-844d-c57d206a57bb}
[2010/06/01 21:15:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/11 11:57:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/20 21:22:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Switcher.exe] File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O33 - MountPoints2\{34972740-7f30-11e0-adae-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{34972740-7f30-11e0-adae-0013a93c028e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\TL-Bootstrap.exe
O33 - MountPoints2\{3712a083-7308-11de-94a9-0013a93c028e}\Shell\AutoRun\command - "" = F:\msnmesgr.exe[autorun]
O33 - MountPoints2\{3712a083-7308-11de-94a9-0013a93c028e}\Shell\open\command - "" = H:\winlog.exe
O33 - MountPoints2\{64c174ea-8587-11e0-a1a4-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{64c174ea-8587-11e0-a1a4-0013a93c028e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\TL-Bootstrap.exe
O33 - MountPoints2\{972cb28c-9f1c-11df-aba2-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{972cb28c-9f1c-11df-aba2-0013a93c028e}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{a5ad7508-6f56-11e0-b66f-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{a5ad7508-6f56-11e0-b66f-0013a93c028e}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{af464fde-7158-11de-b5b2-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{af464fde-7158-11de-b5b2-0013a93c028e}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{bf9ab648-82a2-11de-8db7-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{bf9ab648-82a2-11de-8db7-0013a93c028e}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{bf9ab657-82a2-11de-8db7-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{bf9ab657-82a2-11de-8db7-0013a93c028e}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{bf9ab65e-82a2-11de-8db7-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{bf9ab65e-82a2-11de-8db7-0013a93c028e}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{bf9ab666-82a2-11de-8db7-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{bf9ab666-82a2-11de-8db7-0013a93c028e}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{bf9ab7e4-82a2-11de-8db7-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{bf9ab7e4-82a2-11de-8db7-0013a93c028e}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{bf9ab807-82a2-11de-8db7-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{bf9ab807-82a2-11de-8db7-0013a93c028e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{bf9ab823-82a2-11de-8db7-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{bf9ab823-82a2-11de-8db7-0013a93c028e}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{bf9ab82b-82a2-11de-8db7-0013a93c028e}\Shell - "" = AutoRun
O33 - MountPoints2\{bf9ab82b-82a2-11de-8db7-0013a93c028e}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
[2010/07/08 22:42:14 | 000,003,060 | -HS- | C] () -- C:\ProgramData\1611333359
[2010/07/08 22:42:13 | 000,000,817 | ---- | C] () -- C:\ProgramData\811249343
[2011/06/19 13:14:14 | 000,000,776 | ---- | C] () -- C:\Windows\tasks\{D0EB6E0E-FB65-4309-82EE-B129069E6F4C}.job
[2010/07/13 12:45:34 | 000,000,000 | -HSD | M] -- C:\Users\David\AppData\Roaming\SystemProc

:Commands
[purity]
[emptytemp]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

You must first uninstall AVG before running Combofix then download and run the AVG removal tool.
http://download.avg....6_2011_1322.exe

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP