Solved Infected With Alerion Virus.

JDorritie · 2010/07/04

Just as a little added information if you need it, the bing.zugo search issue was one of the symptoms of the virus I got when it first infected my computer. It seems to be the only one left, as far as I can tell.

OTL.txt part 1/2

OTL logfile created on: 7/4/2010 3:58:25 PM - Run 3
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\James Dorritie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49.64 Gb Total Space | 30.05 Gb Free Space | 60.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JIMMY
Current User Name: James Dorritie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/04 04:40:57 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Dorritie\Desktop\OTL.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/22 17:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/21 15:18:50 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/24 09:55:22 | 001,732,960 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2009/07/29 10:43:34 | 000,163,840 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009/07/29 10:42:32 | 000,221,184 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2009/07/29 10:42:28 | 000,098,304 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009/07/29 10:40:40 | 000,425,984 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/07/08 20:28:42 | 000,365,872 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2008/10/20 11:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2008/09/25 01:47:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2008/08/08 15:37:04 | 000,041,248 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2008/07/11 10:48:00 | 000,260,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
PRC - [2008/06/13 17:42:54 | 000,779,576 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2008/06/13 17:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2008/05/14 16:42:30 | 001,155,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2008/05/14 16:32:28 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2008/05/14 16:25:12 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/05/14 16:21:16 | 000,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2008/05/14 16:09:34 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2008/04/25 16:38:34 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/24 14:41:22 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008/03/24 10:15:04 | 000,068,464 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/11/19 16:00:38 | 000,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/11/19 15:40:08 | 001,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/11/19 15:35:46 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/01/30 13:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006/11/01 22:15:50 | 000,537,480 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcfcoms.exe
PRC - [2006/07/04 04:05:00 | 000,225,280 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
PRC - [2006/06/29 22:57:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/11/01 19:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

========== Modules (SafeList) ==========

MOD - [2010/07/04 04:40:57 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Dorritie\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/24 09:55:22 | 001,732,960 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2009/07/29 10:42:32 | 000,221,184 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009/07/29 10:42:28 | 000,098,304 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/10/20 11:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/09/25 01:47:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2008/08/08 15:37:04 | 000,041,248 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2008/07/11 10:48:00 | 000,260,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/06/13 17:42:54 | 000,779,576 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2008/06/13 17:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2008/05/14 16:42:30 | 001,155,072 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2008/05/14 16:32:28 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2008/05/14 16:25:12 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/05/14 16:21:16 | 000,037,416 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007/11/19 16:00:38 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007/11/19 15:40:08 | 001,183,744 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2007/11/19 15:35:46 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2007/01/30 13:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006/11/01 22:15:50 | 000,537,480 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dlcfcoms.exe -- (dlcf_device)
SRV - [2006/06/29 22:57:50 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/11/01 19:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)

========== Driver Services (SafeList) ==========

DRV - [2010/06/07 13:15:12 | 000,013,696 | ---- | M] (Skyhook Wireless) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wpsnuio.sys -- (Wpsnuio)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/04/22 17:17:40 | 000,244,784 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/12/10 15:48:40 | 000,041,504 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV - [2009/07/24 16:05:24 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/07/21 21:45:30 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2009/07/21 21:45:30 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008/10/23 18:39:33 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2008/10/23 18:38:55 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/10/01 22:51:23 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/09/25 01:47:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2008/08/08 15:36:26 | 000,023,720 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2008/07/31 04:01:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2008/07/22 15:33:02 | 000,319,000 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/05/14 16:21:16 | 000,114,728 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2008/05/14 16:21:16 | 000,019,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2008/05/12 22:14:16 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2008/05/09 05:50:48 | 000,046,144 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/04/24 09:56:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/22 16:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/02/15 13:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/11/27 00:37:00 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/11/20 17:39:56 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/11/01 17:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 17:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 17:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/10/12 17:30:46 | 000,252,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007/09/03 22:44:20 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/08/14 16:46:36 | 000,010,896 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp2) SMI Helper Driver (smihlp2)
DRV - [2007/08/14 16:25:52 | 000,047,376 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/11/06 18:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/10/02 02:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/10/02 02:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006/06/20 12:56:48 | 000,178,688 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005/12/06 15:20:48 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL)
DRV - [2005/12/05 04:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/11/01 18:55:22 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/11/01 18:53:14 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/11/01 18:51:34 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005/11/01 18:51:06 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/11/01 18:48:00 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/05/17 11:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2004/08/04 09:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/08/04 02:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/07/29 10:00:00 | 000,007,140 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2001/12/19 11:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\VCdRom.sys -- (vcdrom)
DRV - [2001/08/17 18:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 18:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 18:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 18:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 18:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 17:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 17:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 17:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 17:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 17:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 17:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 17:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 17:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 17:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 17:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 16:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 14:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2000/06/01 16:29:54 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/ "
FF - prefs.js..extensions.enabledItems: aboutme@test.mozilla.com:0.4.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.27
FF - prefs.js..extensions.enabledItems: grwatcher@ajnasz.hu:1.2.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..keyword.URL: "http://bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-79-0-1qruk&q= "

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/21 15:19:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/27 22:57:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/01 17:37:42 | 000,000,000 | ---D | M]

[2008/03/03 16:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\Mozilla\Extensions
[2010/07/04 04:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\Mozilla\Firefox\Profiles\dqp8cqt8.default\extensions
[2010/07/04 04:00:47 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\James Dorritie\Application Data\Mozilla\Firefox\Profiles\dqp8cqt8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/06/20 19:45:31 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\James Dorritie\Application Data\Mozilla\Firefox\Profiles\dqp8cqt8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/07/03 01:45:41 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\James Dorritie\Application Data\Mozilla\Firefox\Profiles\dqp8cqt8.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/06/28 19:23:53 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\James Dorritie\Application Data\Mozilla\Firefox\Profiles\dqp8cqt8.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/05/14 00:32:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\James Dorritie\Application Data\Mozilla\Firefox\Profiles\dqp8cqt8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/14 00:32:17 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\James Dorritie\Application Data\Mozilla\Firefox\Profiles\dqp8cqt8.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/05/31 01:15:59 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\James Dorritie\Application Data\Mozilla\Firefox\Profiles\dqp8cqt8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/05/14 00:32:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\James Dorritie\Application Data\Mozilla\Firefox\Profiles\dqp8cqt8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/09/14 21:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\Mozilla\Firefox\Profiles\dqp8cqt8.default\extensions\aboutme@test.mozilla.com
[2009/11/11 16:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\Mozilla\Firefox\Profiles\dqp8cqt8.default\extensions\firefox@tvunetworks.com
[2010/06/04 19:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\Mozilla\Firefox\Profiles\dqp8cqt8.default\extensions\grwatcher@ajnasz.hu
[2009/01/15 01:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\Mozilla\Firefox\Profiles\dqp8cqt8.default\extensions\translator@dontfollowme(2).net
[2010/05/03 22:59:22 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\James Dorritie\Application Data\Mozilla\Firefox\Profiles\dqp8cqt8.default\searchplugins\amazon-search-suggestions.xml
[2010/05/08 14:06:02 | 000,000,445 | ---- | M] () -- C:\Documents and Settings\James Dorritie\Application Data\Mozilla\Firefox\Profiles\dqp8cqt8.default\searchplugins\b-ref-search.xml
[2010/06/23 07:14:49 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\James Dorritie\Application Data\Mozilla\Firefox\Profiles\dqp8cqt8.default\searchplugins\bing-zugo.xml
[2008/06/24 12:08:28 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\James Dorritie\Application Data\Mozilla\Firefox\Profiles\dqp8cqt8.default\searchplugins\imdb.xml
[2008/06/23 01:39:40 | 000,001,959 | ---- | M] () -- C:\Documents and Settings\James Dorritie\Application Data\Mozilla\Firefox\Profiles\dqp8cqt8.default\searchplugins\lastfm.xml
[2007/10/24 16:48:03 | 000,002,006 | ---- | M] () -- C:\Documents and Settings\James Dorritie\Application Data\Mozilla\Firefox\Profiles\dqp8cqt8.default\searchplugins\urban-dictionary.xml
[2008/06/23 11:28:28 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\James Dorritie\Application Data\Mozilla\Firefox\Profiles\dqp8cqt8.default\searchplugins\wikipedia-en.xml
[2007/05/28 23:35:13 | 000,002,105 | ---- | M] () -- C:\Documents and Settings\James Dorritie\Application Data\Mozilla\Firefox\Profiles\dqp8cqt8.default\searchplugins\youtube-video-search.xml
[2010/07/04 04:01:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/01 17:37:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/01 17:37:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/05/11 17:41:00 | 000,200,704 | ---- | M] (Ancestry.com) -- C:\Program Files\Mozilla Firefox\plugins\npImgCtl.dll
[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/02/26 18:27:46 | 001,212,416 | ---- | M] (cedelia) -- C:\Program Files\Mozilla Firefox\plugins\NPStreamPlug.dll

O1 HOSTS File: ([2010/07/04 14:39:57 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digsby.lnk = C:\Program Files\Digsby\digsby.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
O24 - Desktop WallPaper: C:\Documents and Settings\James Dorritie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\James Dorritie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/22 06:50:02 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

JDorritie · 2010/07/04

OTL.txt Part 2/2

========== Files/Folders - Created Within 90 Days ==========

[2010/07/04 14:39:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/04 04:40:29 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\James Dorritie\Desktop\OTL.exe
[2010/07/03 02:28:05 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/07/03 02:27:30 | 000,165,160 | ---- | C] (Synaptics Incorporated) -- C:\WINDOWS\System32\SynTPAPI.dll
[2010/07/03 02:27:27 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\WINDOWS\System32\SynTPCo4.dll
[2010/07/03 02:27:26 | 000,244,784 | ---- | C] (Synaptics Incorporated) -- C:\WINDOWS\System32\drivers\SynTP.sys
[2010/07/03 02:27:26 | 000,173,352 | ---- | C] (Synaptics Incorporated) -- C:\WINDOWS\System32\SynCOM.dll
[2010/07/03 02:27:22 | 000,210,216 | ---- | C] (Synaptics Incorporated) -- C:\WINDOWS\System32\SynCtrl.dll
[2010/07/03 02:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Dorritie\Local Settings\Application Data\Zynga
[2010/07/01 17:54:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/01 17:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/06/28 22:47:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/28 22:47:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/28 22:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/28 19:14:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GoodSync
[2010/06/28 19:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Dorritie\Application Data\GoodSync
[2010/06/28 18:04:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/06/28 18:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Dorritie\My Documents\My RoboForm Data
[2010/06/28 04:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Dorritie\Local Settings\Application Data\PCHealth
[2010/06/28 03:44:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit
[2010/06/28 03:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Zynga
[2010/06/28 02:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/28 02:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/27 20:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Dorritie\Local Settings\Application Data\Apple Computer
[2010/06/24 18:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Dorritie\Local Settings\Application Data\cache
[2010/06/24 18:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Dorritie\Local Settings\Application Data\FullTiltPoker
[2010/06/24 11:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Dorritie\Local Settings\Application Data\Adobe
[2010/06/23 23:23:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Dorritie\Local Settings\Application Data\Conduit
[2010/06/23 23:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Dorritie\Local Settings\Application Data\Mozilla
[2010/06/23 00:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/22 23:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\CrazyPixels
[2010/06/22 23:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Dorritie\Application Data\ManyCam
[2010/06/20 19:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/06/20 19:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Zynga
[2010/06/07 13:15:12 | 000,013,696 | ---- | C] (Skyhook Wireless) -- C:\WINDOWS\System32\drivers\wpsnuio.sys
[2010/06/07 13:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\Skyhook Wireless
[2010/06/07 13:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Boingo
[2010/06/07 13:15:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GoBoingo
[2010/05/31 00:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Dorritie\Application Data\vlc
[2010/05/04 02:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Medieval Software
[2010/05/04 02:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Medieval Software
[2010/05/04 02:15:31 | 000,217,088 | ---- | C] (Medieval Software) -- C:\WINDOWS\System32\BlueCiucc.dll
[2010/04/18 22:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2006/10/11 18:01:40 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpmui.dll
[2006/10/11 17:59:56 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfserv.dll
[2006/10/11 17:54:10 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomm.dll
[2006/10/11 17:52:34 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcflmpm.dll
[2006/10/11 17:51:16 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfiesc.dll
[2006/10/11 17:48:58 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpplc.dll
[2006/10/11 17:48:14 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomc.dll
[2006/10/11 17:47:42 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfprox.dll
[2006/10/11 17:41:42 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfinpa.dll
[2006/10/11 17:41:04 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfusb1.dll
[2006/10/11 17:37:14 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfhbn3.dll

========== Files - Modified Within 90 Days ==========

[2010/07/04 16:10:23 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/07/04 15:58:10 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3599169923-3658683049-1803797758-1005.job
[2010/07/04 15:58:09 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3599169923-3658683049-1803797758-1005.job
[2010/07/04 14:47:03 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/04 14:43:00 | 000,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010/07/04 14:41:35 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/04 14:41:14 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2010/07/04 14:41:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/04 14:41:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/04 14:41:09 | 1600,573,440 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/04 14:40:11 | 011,796,480 | ---- | M] () -- C:\Documents and Settings\James Dorritie\ntuser.dat
[2010/07/04 14:40:11 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\James Dorritie\ntuser.ini
[2010/07/04 14:39:57 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/04 04:40:57 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Dorritie\Desktop\OTL.exe
[2010/07/03 02:29:10 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/07/03 02:29:05 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/07/03 00:45:43 | 000,090,744 | ---- | M] () -- C:\Documents and Settings\James Dorritie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/03 00:44:57 | 000,336,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/30 23:07:16 | 000,000,260 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/30 12:33:08 | 001,809,896 | ---- | M] () -- C:\Documents and Settings\James Dorritie\Desktop\Photo0645.jpg
[2010/06/30 12:33:08 | 001,603,064 | ---- | M] () -- C:\Documents and Settings\James Dorritie\Desktop\Photo0644.jpg
[2010/06/28 20:16:39 | 000,002,548 | ---- | M] () -- C:\config.xml
[2010/06/28 20:16:38 | 000,054,022 | ---- | M] () -- C:\WINDOWS\System32\RW_AppData.dat
[2010/06/28 20:16:38 | 000,014,032 | ---- | M] () -- C:\WINDOWS\System32\RW_FileType.dat
[2010/06/28 20:16:38 | 000,000,348 | ---- | M] () -- C:\WINDOWS\System32\RW_FileFlag.dat
[2010/06/28 20:16:38 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\RW_{44214736-91A9-11DB-A2E8-806D6172696F}.dat
[2010/06/27 22:12:43 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\James Dorritie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/24 21:45:40 | 000,095,224 | ---- | M] () -- C:\Documents and Settings\James Dorritie\Desktop\0624001057.jpg
[2010/06/24 21:45:40 | 000,064,415 | ---- | M] () -- C:\Documents and Settings\James Dorritie\Desktop\0624001045.jpg
[2010/06/24 00:09:34 | 004,871,478 | ---- | M] () -- C:\Documents and Settings\James Dorritie\Desktop\Video 2.wmv
[2010/06/24 00:09:24 | 003,862,782 | ---- | M] () -- C:\Documents and Settings\James Dorritie\Desktop\Video 3.wmv
[2010/06/23 03:04:01 | 000,507,514 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 03:04:01 | 000,445,472 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 03:04:01 | 000,072,824 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/22 01:42:35 | 000,000,050 | ---- | M] () -- C:\Documents and Settings\James Dorritie\Application Data\twittertmpwin.jpx
[2010/06/22 01:42:01 | 000,000,005 | ---- | M] () -- C:\Documents and Settings\James Dorritie\Application Data\myspacetmpwin.jpx
[2010/06/15 18:00:37 | 091,129,818 | ---- | M] () -- C:\Documents and Settings\James Dorritie\Desktop\67760.flv
[2010/06/09 03:26:34 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/09 03:24:50 | 000,000,708 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/07 13:15:12 | 000,013,696 | ---- | M] (Skyhook Wireless) -- C:\WINDOWS\System32\drivers\wpsnuio.sys
[2010/06/06 18:30:12 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\James Dorritie\Desktop\James Dorritie Resume.doc
[2010/05/31 21:58:23 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\James Dorritie\Desktop\James Dorritie Cover Letter.doc
[2010/05/29 20:10:33 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\James Dorritie\My Documents\example coverletter.doc
[2010/05/16 13:47:38 | 015,613,701 | ---- | M] () -- C:\Documents and Settings\James Dorritie\Desktop\LOST_616_audio_podcast_86afa0aa-338f-4c33-b030-8c83e06af538_2963901.mp3
[2010/05/04 02:15:31 | 000,217,088 | ---- | M] (Medieval Software) -- C:\WINDOWS\System32\BlueCiucc.dll
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/26 01:34:21 | 000,000,154 | ---- | M] () -- C:\WINDOWS\matlab.ini
[2010/04/22 17:17:40 | 000,244,784 | ---- | M] (Synaptics Incorporated) -- C:\WINDOWS\System32\drivers\SynTP.sys
[2010/04/22 17:16:14 | 000,120,104 | ---- | M] (Synaptics Incorporated) -- C:\WINDOWS\System32\SynTPCo4.dll
[2010/04/22 17:16:12 | 000,165,160 | ---- | M] (Synaptics Incorporated) -- C:\WINDOWS\System32\SynTPAPI.dll
[2010/04/22 17:16:10 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\WINDOWS\System32\SynCtrl.dll
[2010/04/22 17:16:08 | 000,173,352 | ---- | M] (Synaptics Incorporated) -- C:\WINDOWS\System32\SynCOM.dll
[2010/04/16 15:38:11 | 000,074,364 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/13 18:48:08 | 000,042,971 | ---- | M] () -- C:\Documents and Settings\James Dorritie\Desktop\TaxReturn.pdf

========== Files Created - No Company Name ==========

[2010/07/03 02:29:10 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/07/03 02:29:05 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/06/30 15:56:54 | 1600,573,440 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/30 15:33:44 | 001,809,896 | ---- | C] () -- C:\Documents and Settings\James Dorritie\Desktop\Photo0645.jpg
[2010/06/30 15:33:44 | 001,603,064 | ---- | C] () -- C:\Documents and Settings\James Dorritie\Desktop\Photo0644.jpg
[2010/06/30 15:27:53 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3599169923-3658683049-1803797758-1005.job
[2010/06/28 22:49:16 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/28 20:16:39 | 000,002,548 | ---- | C] () -- C:\config.xml
[2010/06/28 20:16:38 | 000,054,022 | ---- | C] () -- C:\WINDOWS\System32\RW_AppData.dat
[2010/06/28 20:16:38 | 000,014,032 | ---- | C] () -- C:\WINDOWS\System32\RW_FileType.dat
[2010/06/28 20:16:38 | 000,000,348 | ---- | C] () -- C:\WINDOWS\System32\RW_FileFlag.dat
[2010/06/28 20:16:38 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{44214736-91A9-11DB-A2E8-806D6172696F}.dat
[2010/06/27 22:05:01 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\James Dorritie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/24 21:45:39 | 000,064,415 | ---- | C] () -- C:\Documents and Settings\James Dorritie\Desktop\0624001045.jpg
[2010/06/24 21:45:31 | 000,095,224 | ---- | C] () -- C:\Documents and Settings\James Dorritie\Desktop\0624001057.jpg
[2010/06/24 00:09:27 | 004,871,478 | ---- | C] () -- C:\Documents and Settings\James Dorritie\Desktop\Video 2.wmv
[2010/06/24 00:09:16 | 003,862,782 | ---- | C] () -- C:\Documents and Settings\James Dorritie\Desktop\Video 3.wmv
[2010/06/23 03:21:24 | 000,894,464 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/22 01:42:01 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\James Dorritie\Application Data\myspacetmpwin.jpx
[2010/06/22 01:41:53 | 000,000,050 | ---- | C] () -- C:\Documents and Settings\James Dorritie\Application Data\twittertmpwin.jpx
[2010/06/15 18:00:37 | 091,129,818 | ---- | C] () -- C:\Documents and Settings\James Dorritie\Desktop\67760.flv
[2010/05/29 20:18:27 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\James Dorritie\Desktop\James Dorritie Cover Letter.doc
[2010/05/29 19:48:29 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\James Dorritie\My Documents\example coverletter.doc
[2010/05/22 18:53:03 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\James Dorritie\Desktop\James Dorritie Resume.doc
[2010/05/16 13:47:15 | 015,613,701 | ---- | C] () -- C:\Documents and Settings\James Dorritie\Desktop\LOST_616_audio_podcast_86afa0aa-338f-4c33-b030-8c83e06af538_2963901.mp3
[2010/04/13 18:48:05 | 000,042,971 | ---- | C] () -- C:\Documents and Settings\James Dorritie\Desktop\TaxReturn.pdf
[2010/02/09 12:19:35 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/17 22:21:26 | 000,006,850 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2009/03/17 22:21:26 | 000,005,633 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2009/03/17 22:21:26 | 000,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2009/01/18 01:18:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2008/08/23 23:51:54 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2008/04/28 03:31:33 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008/04/28 03:31:32 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/04/28 00:59:29 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2008/04/27 12:19:08 | 000,000,067 | ---- | C] () -- C:\WINDOWS\My Video Converter.INI
[2008/04/13 06:02:50 | 000,000,815 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2008/04/06 23:22:10 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/02/06 23:02:09 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2008/02/06 22:52:17 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4860.dll
[2008/01/04 15:13:58 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2007/12/08 01:45:30 | 000,139,008 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2007/09/01 17:58:15 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\winitn.dll
[2007/08/06 00:50:12 | 000,000,709 | ---- | C] () -- C:\WINDOWS\mp3rmconverter.ini
[2007/07/26 04:10:26 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/06/22 00:01:22 | 000,006,365 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/05/21 01:17:36 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/05/21 01:17:36 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/05/21 01:17:36 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/05/21 01:17:36 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/05/07 05:42:45 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/02/09 22:33:24 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/01/30 18:21:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Graphing Calculator Viewer.INI
[2007/01/29 12:36:32 | 000,025,269 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2007/01/11 17:50:07 | 000,000,154 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2006/12/27 15:27:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/12/25 20:17:04 | 000,000,629 | ---- | C] () -- C:\WINDOWS\RMAC.ini
[2006/12/23 09:29:44 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/22 07:03:24 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/12/22 07:00:35 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2006/12/22 07:00:35 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2006/12/22 06:58:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2006/12/22 06:56:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/12/22 06:39:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/22 06:39:09 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2006/12/22 06:29:47 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/12/22 06:29:21 | 000,000,722 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/22 06:17:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2006/12/22 06:17:20 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006/12/22 06:04:20 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/28 10:31:44 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcfcoin.dll
[2006/10/20 13:42:24 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsr.dll
[2006/10/20 13:42:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcfcur.dll
[2006/10/20 13:41:46 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcfjswr.dll
[2006/10/20 13:37:22 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsb.dll
[2006/10/20 13:37:16 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcfcub.dll
[2006/10/20 13:37:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcfcu.dll
[2006/10/20 13:36:54 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\dlcfins.dll
[2006/10/20 13:35:36 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\dlcfutil.dll
[2006/09/06 05:27:08 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcfcfg.dll
[2006/05/16 02:25:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/11/16 10:15:04 | 000,164,112 | ---- | C] () -- C:\WINDOWS\System32\awmpi.dll
[2005/11/01 18:59:16 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/08/18 06:26:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcfvs.dll
[2005/06/29 04:58:02 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/02/17 07:31:58 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/02/17 07:31:58 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/02/17 07:31:58 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2004/08/09 15:03:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/11/13 14:28:02 | 000,012,570 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2003/11/13 14:28:02 | 000,012,570 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2003/07/29 10:00:00 | 000,007,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/06 14:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 19:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 19:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/05/16 02:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 21:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/02/09 20:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2008/10/01 17:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\farstone
[2010/06/07 13:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBoingo
[2010/06/28 19:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
[2008/08/27 05:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2008/05/18 21:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2008/05/06 12:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMonkey
[2010/05/04 02:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Medieval Software
[2008/01/29 22:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/11/11 02:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/02/06 23:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2007/11/30 07:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2010/06/28 18:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/06/22 23:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/07 00:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2008/03/24 20:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\.gaim
[2009/12/30 00:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\.purple
[2008/08/10 04:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\.Tribler
[2007/01/18 21:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\acccore
[2007/01/18 21:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\Aim
[2008/08/24 04:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\Avaya
[2007/04/10 15:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\BitTorrent
[2008/07/11 00:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\BWMeterPro
[2007/09/02 16:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\COWON
[2010/02/09 20:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\FlashGet
[2009/10/02 16:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\FreeFLVConverter
[2010/02/09 10:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\FrostWire
[2007/06/29 15:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\GetRightToGo
[2010/07/03 02:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\GoodSync
[2008/10/08 19:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\GrabPro
[2009/09/22 00:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\gtk-2.0
[2006/12/22 06:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\IBM
[2007/10/13 10:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\Image Zone Express
[2006/12/24 03:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\InterVideo
[2007/01/20 23:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\Leadertech
[2008/01/18 02:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\LEAPS
[2008/08/23 23:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\Lenovo
[2010/06/22 23:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\ManyCam
[2010/02/09 10:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\Pamela
[2008/01/18 02:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\Pegasys Inc
[2010/02/09 10:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\Trillian
[2008/04/06 23:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\True Sword
[2009/09/18 01:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/11/13 14:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/02/08 17:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\UDRuler
[2008/10/23 17:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\Uniblue
[2010/06/27 22:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\uTorrent
[2006/12/31 17:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\WebRenderer
[2007/02/09 22:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Dorritie\Application Data\WhenU
[2010/07/04 14:47:03 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/07/04 16:10:23 | 000,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========

< End of report >

broni · 2010/07/04

There is a chance, one of your add-ons may have something to do with your problem.
Let's try to reset that setting manually.
In Firefox address bar type in:
about:config
Press Enter.
New tab will open.
In "Filter" bar copy/paste this:
keyword.URL
Now, you should see just one entry below, "keyword.URL" listed under "Preference Name" column.
Right click on "keyword.URL" and click "Reset ".
It should now have Google value listed.
If so, restart Firefox and see, if the setting holds.

JDorritie · 2010/07/04

I think you're right about it being some sort of Firefox infection. I did as you instructed and upon restarting Firefox the address bar search had changed back to bing.zugo. I'll give you the full address of the value if you like:

http://bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-79-0-1qruk&q=

broni · 2010/07/04

In Firefox, go Tool>Add-ons and disable all add-ons.
Restart Firefox.
Now, repeat action from my post #43 and see how it goes.

JDorritie · 2010/07/04

That time the bing.zugo toolbar did not return. That must be the problem. Next step?

broni · 2010/07/04

Now, you'll have to investigate.
Re-enable 1 add-on.
Restart FF.
No zugo?
If so, re-enable 2nd add-on.
Restart FF.
Check for zugo.....and so on, until you'll find the culprit.

JDorritie · 2010/07/04

That's pretty much what I thought. I'll start doing that. Thank you!

broni · 2010/07/04

Let me know. I'm curious regarding the culprit.

JDorritie · 2010/07/04

Will do. I have no idea what it could be, since I recognize all of my add-ons.

broni · 2010/07/04

Keep working...LOL

JDorritie · 2010/07/04

Okay, it is the Zynga Toolbar add-on, which I use for a Facebook game. This is surprising because I'd used the toolbar for a while without this issue cropping up. Either a later version was infected or the virus I'd had infected that add-on.

broni · 2010/07/04

This is what I suggest.
Uninstall Zynga Toolbar and try fresh installation (if you really, really need it).
During installation, watch carefully every installation page.
It may be trying to sneak something in.

In any case, you know what the culprit is and you know what to do

I'll mark this thread as "Resolved ".
Good luck and stay safe

JDorritie · 2010/07/04

Thank you for all the help! I have to say, I was one more frustration away from simply buying a new computer. You saved me a few hundred dollars. Thanks again! I'll uninstall and re-install and see what happens.

broni · 2010/07/04

You saved me a few hundred dollars
Click to expand...

I take 10% tip
Just kidding......

JDorritie · 2010/07/04

The issue has been completely resolved!

broni · 2010/07/04

Log in or Sign up

Solved Infected With Alerion Virus.

JDorritie Inactive Thread Starter

JDorritie Inactive Thread Starter

broni Moderator Malware Analyst

JDorritie Inactive Thread Starter

broni Moderator Malware Analyst

JDorritie Inactive Thread Starter

broni Moderator Malware Analyst

JDorritie Inactive Thread Starter

broni Moderator Malware Analyst

JDorritie Inactive Thread Starter

broni Moderator Malware Analyst

JDorritie Inactive Thread Starter

broni Moderator Malware Analyst

JDorritie Inactive Thread Starter

broni Moderator Malware Analyst

JDorritie Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Infected With Alerion Virus.

JDorritie Inactive Thread Starter

JDorritie Inactive Thread Starter

broni Moderator Malware Analyst

JDorritie Inactive Thread Starter

broni Moderator Malware Analyst

JDorritie Inactive Thread Starter

broni Moderator Malware Analyst

JDorritie Inactive Thread Starter

broni Moderator Malware Analyst

JDorritie Inactive Thread Starter

broni Moderator Malware Analyst

JDorritie Inactive Thread Starter

broni Moderator Malware Analyst

JDorritie Inactive Thread Starter

broni Moderator Malware Analyst

JDorritie Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches