Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

google search result hijacked

Started by dzhouston , Mar 31 2009 09:36 AM

  • Please log in to reply

#1
dzhouston
Posted 31 March 2009 - 09:36 AM

dzhouston

    New Member

  • Member
  • Pip
  • 1 posts
Hi

I am a new user here. When I search on Google, the results return correctly, but when I click on the link, it takes me to some other sites. This happens on both Firefox and IE. I have followed cleaning guide here http://www.geekstogo...uide-t2852.html, and also run full scan using Symantec antivirus, no problems found.

any help will be appreciated.

here is the log from Rooter
****************************************************************************************************
***********
Microsoft Windows XP Professional (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:20002 Mo/Free:2984 Mo)
D:\ [Fixed] - NTFS - (Total:37220 Mo/Free:2817 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
S:\ [Network] (Total:635893 Mo/Free:2184 Mo)
T:\ [Network] (Total:635893 Mo/Free:2184 Mo)
U:\ [Network] (Total:635893 Mo/Free:1583 Mo)
W:\ [Network] (Total:635893 Mo/Free:1583 Mo)
X:\ [Network] (Total:204805 Mo/Free:1933 Mo)
Y:\ [Network] (Total:635893 Mo/Free:1583 Mo)

2009-03-31|10:10

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Cisco Systems\CSAgent\bin\CSAControl.exe
---------- C:\Program Files\Cisco Systems\CSAgent\bin\leventmgr.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
---------- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\SCardSvr.exe
---------- C:\WINDOWS\system32\crypserv.exe
---------- C:\Program Files\Symantec AntiVirus\DefWatch.exe
---------- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
---------- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
---------- C:\marimba\tuner\Tuner.exe
---------- C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
---------- C:\marimba\tuner\lib\jre\bin\java.exe
---------- C:\Program Files\Symantec AntiVirus\SavRoam.exe
---------- C:\WINDOWS\system32\tcpsvcs.exe
---------- C:\WINDOWS\System32\snmp.exe
---------- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
---------- C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
---------- C:\Program Files\DellTPad\Apoint.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\hkcmd.exe
---------- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
---------- C:\WINDOWS\system32\igfxpers.exe
---------- C:\WINDOWS\system32\igfxsrvc.exe
---------- C:\Program Files\DellTPad\ApMsgFwd.exe
---------- C:\WINDOWS\stsystra.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
---------- C:\Program Files\DellTPad\Apntex.exe
---------- C:\Program Files\DellTPad\HidFind.exe
---------- C:\PROGRA~1\SYMANT~1\VPTray.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
---------- C:\Program Files\UPHClean\uphclean.exe
---------- C:\Program Files\UltraMon\UltraMon.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Microsoft Office Communicator\Communicator.exe
---------- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
---------- C:\Program Files\Cisco Systems\CSAgent\bin\okclient.exe
---------- C:\Program Files\UltraMon\UltraMonTaskbar.exe
---------- C:\Program Files\Dropbox\Dropbox.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - 2009-03-31|10:11
*********************************************************************************************

here is the log from OTlistIt2
***************************************************************************************************
OTListIt logfile created on: 2009-03-31 10:12:25 - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = D:\sysinternals\malware
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

1.99 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.51% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 3057 6114;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 2.91 Gb Free Space | 14.92% Space Free | Partition Type: NTFS
Drive D: | 36.35 Gb Total Space | 10.75 Gb Free Space | 29.58% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive S: | 620.99 Gb Total Space | 14.13 Gb Free Space | 2.28% Space Free | Partition Type: NTFS
Drive T: | 620.99 Gb Total Space | 14.13 Gb Free Space | 2.28% Space Free | Partition Type: NTFS
Drive U: | 620.99 Gb Total Space | 281.56 Gb Free Space | 45.34% Space Free | Partition Type: NTFS
Drive W: | 620.99 Gb Total Space | 281.56 Gb Free Space | 45.34% Space Free | Partition Type: NTFS
Drive X: | 200.01 Gb Total Space | 137.89 Gb Free Space | 68.94% Space Free | Partition Type: NTFS
Drive Y: | 620.99 Gb Total Space | 281.56 Gb Free Space | 45.34% Space Free | Partition Type: NTFS

Computer Name: PEPWUL26009
Current User Name: dzhang2
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Cisco Systems\CSAgent\bin\CSAControl.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Cisco Systems\CSAgent\bin\leventmgr.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\crypserv.exe (CrypKey (Canada) Ltd.)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()
PRC - C:\marimba\tuner\Tuner.exe (BMC Software, Inc.)
PRC - C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe (Web Meeting)
PRC - C:\marimba\tuner\lib\jre\bin\java.exe ()
PRC - C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
PRC - C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\snmp.exe (Microsoft Corporation)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (www.tortoisesvn.org)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe (SigmaTel, Inc.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\DellTPad\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\Program Files\UltraMon\UltraMon.exe (Realtime Soft)
PRC - C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
PRC - C:\Program Files\Cisco Systems\CSAgent\bin\okclient.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\UltraMon\UltraMonTaskbar.exe (Realtime Soft)
PRC - C:\Program Files\Dropbox\Dropbox.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - D:\sysinternals\malware\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Crypkey License [Auto | Running]) -- C:\WINDOWS\system32\crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (CSAgent [Auto | Running]) -- C:\Program Files\Cisco Systems\CSAgent\bin\CSAControl.exe (Cisco Systems, Inc.)
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (DWMRCS [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\DWRCS.EXE (DameWare Development LLC)
SRV - (ExtranetAccess [On_Demand | Stopped]) -- C:\Program Files\Nortel Networks\Extranet_serv.exe (Nortel Networks NA, Inc.)
SRV - (FreeAgentGoNext Service [Auto | Running]) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (LPDSVC [On_Demand | Stopped]) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (MSSQL$LABTRONICS [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$LABTRONICS\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (MySQL [Auto | Running]) -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()
SRV - (NICCONFIGSVC [Disabled | Stopped]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PepsiAgent [Auto | Running]) -- C:\marimba\tuner\Tuner.exe (BMC Software, Inc.)
SRV - (RDIConverterPrintHelper [Auto | Running]) -- C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe (Web Meeting)
SRV - (SavRoam [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (SimpTcp [Auto | Running]) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (SNMP [Auto | Running]) -- C:\WINDOWS\System32\snmp.exe (Microsoft Corporation)
SRV - (SPBBCSvc [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (SQLAgent$LABTRONICS [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$LABTRONICS\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (STacSV [Auto | Running]) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe (SigmaTel, Inc.)
SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (UPHClean [Auto | Running]) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
SRV - (WinVNC4 [On_Demand | Stopped]) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (WMConnectCDS [On_Demand | Stopped]) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (a320raid [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\a320raid.sys (Adaptec, Inc.)
DRV - (aac [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\aac.sys (Adaptec, Inc.)
DRV - (aarich [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aarich.sys (Adaptec, Inc.)
DRV - (adpu320 [Boot | Running]) -- C:\WINDOWS\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (bbcap [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bbcap.sys (Windows ® Codename Longhorn DDK provider)
DRV - (cercsr6 [Boot | Running]) -- C:\WINDOWS\system32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (csacenter [Boot | Running]) -- C:\WINDOWS\system32\drivers\csacentr.sys (Cisco Systems, Inc.)
DRV - (csafile [Boot | Running]) -- C:\WINDOWS\system32\drivers\csafile.sys (Cisco Systems, Inc.)
DRV - (csanet [Boot | Running]) -- C:\WINDOWS\system32\drivers\csanet.sys (Cisco Systems, Inc.)
DRV - (csareg [Boot | Running]) -- C:\WINDOWS\system32\drivers\csareg.sys (Cisco Systems, Inc.)
DRV - (csatdi [System | Running]) -- C:\WINDOWS\system32\drivers\csatdi.sys (Cisco Systems, Inc.)
DRV - (Eacfilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\eacfilt.sys (Nortel Networks)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (fasttx2k [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (guardian2 [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\oz776.sys (O2Micro)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (iaStor [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (IPSECEXT [Auto | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (IPSECSHM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Boot | Running]) -- C:\WINDOWS\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090330.002\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090330.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NETw4x32 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NETw4x32.sys (Intel Corporation)
DRV - (NetworkX [System | Running]) -- C:\WINDOWS\system32\ckldrv.sys ()
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (SAVRT [System | Running]) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL [System | Running]) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (Symmpi [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (UltraMonMirror [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys (Realtime Soft)
DRV - (UltraMonUtility [Auto | Running]) -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys (Realtime Soft)
DRV - (vmscsi [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\vmscsi.sys (VMware, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (WrqDft [System | Running]) -- C:\WINDOWS\System32\drivers\Wrqdft.sys (WRQ, Inc.)
DRV - (WrqSDL [System | Running]) -- C:\WINDOWS\System32\drivers\Wrqsdl.sys (WRQ, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pepsicopvt.co...tal/site/qtgpvt
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://pepsicopvt.co...al/site/qtgpvt"
FF - prefs.js..extensions.enabledItems: {F1912163-1710-45CA-99D1-9BE6A2206515}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.0b7
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.0.104
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-03-11 18:57:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-03-05 20:57:24 | 00,000,000 | ---D | M]

[2008-08-26 19:57:59 | 00,000,000 | ---D | M] -- D:\Documents and Settings\dzhang2\Application Data\mozilla\Extensions
[2008-08-26 19:57:59 | 00,000,000 | ---D | M] -- D:\Documents and Settings\dzhang2\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-03-31 09:49:16 | 00,000,000 | ---D | M] -- D:\Documents and Settings\dzhang2\Application Data\mozilla\Firefox\Profiles\r4vx4gsk.default\extensions
[2008-10-24 08:35:34 | 00,000,000 | ---D | M] -- D:\Documents and Settings\dzhang2\Application Data\mozilla\Firefox\Profiles\r4vx4gsk.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2009-01-03 23:21:56 | 00,000,000 | ---D | M] -- D:\Documents and Settings\dzhang2\Application Data\mozilla\Firefox\Profiles\r4vx4gsk.default\extensions\[email protected]
[2009-03-31 08:26:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-03-05 20:57:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-03-27 23:49:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{F1912163-1710-45CA-99D1-9BE6A2206515}
[2009-03-05 20:57:16 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-03-05 20:57:16 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008-08-26 19:57:43 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008-08-26 19:57:43 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008-08-26 19:57:43 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008-11-14 20:43:52 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008-08-26 19:57:43 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008-08-26 19:57:43 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008-08-26 19:57:43 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (304392 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 10485 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5E377B5A-4A8F-41B0-BB6B-1B45758DC188} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {6B56F974-6E4A-4575-ADB2-40BFB61F8BE8} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {7D37177B-AD3D-4326-A0C6-02810ABDBA3C} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {87B88E8B-CF63-425A-92B9-A2D018FD5915} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {9033da4a-1726-495f-9123-a1e2dcd00bdb} - Reg Error: Key error. File not found
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O2 - BHO: (no name) - AutorunsDisabled - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" (Seagate LLC)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Business Objects\JRE\bin\jusched.exe ()
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto (Realtime Soft)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (Microsoft Corporation)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2008-01-16 22:13:41 | 00,000,000 | -H-D | M]
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Security Agent.lnk = C:\Program Files\Cisco Systems\CSAgent\bin\okclient.exe (Cisco Systems, Inc.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: D:\Documents and Settings\dzhang2\Start Menu\Programs\Startup\Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = Restricted Access
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = THIS SYSTEM AND ALL RELATED INFORMATION ACCESSED THEREBY IS THE PROPERTY OF PEPSICO,INC.,AND IS FOR THE SOLE USE OF THOSE PERSONS EXPRESSLY AUTHORIZED BY PEPSICO. CONTINUED USE OF THIS SYSTEM IMPLIES CONSENT TO MONITORING AND AN UNDERSTANDING THAT RECORDING AND/OR DISCLOSURE OF ANY DATA ON THE SYSTEM MAY OCCUR AT PEPSICO'S DISCRETION.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll (Microsoft Corporation)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - c:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pep.cert ([corp] * in Trusted sites)
O15 - HKCU\..Trusted Domains: pep.dev ([corp] * in Trusted sites)
O15 - HKCU\..Trusted Domains: pep.eng ([corp] * in Trusted sites)
O15 - HKCU\..Trusted Domains: pep.pvt ([corp] * in Trusted sites)
O15 - HKCU\..Trusted Domains: pep.temp ([corp] * in Trusted sites)
O15 - HKCU\..Trusted Domains: pep.tst ([corp] * in Trusted sites)
O15 - HKCU\..Trusted Sites: windowsupdate.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} https://pepsi.on.int...ICWMInstall.cab (ICWMInstallObj Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {8E145863-20D8-4DA2-93C3-EA1F80C09896} http://ideweb.corp.p...Cab/IDjCI07.CAB (IDjCI07.ctlClientInstall)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.pep.pvt
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - c:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (csauser.dll) - C:\WINDOWS\system32\csauser.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - D:\AutoApp [2007-11-20 18:38:53 | 00,000,000 | ---D | M] - [ NTFS ]
O32 - Autorun File - S:\autorun.inf () - [ NTFS ]
O33 - MountPoints2\{0c599524-eafe-11dc-b67a-001c2303f40e}\Shell\AutoRun\command - "" = F:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{0c599524-eafe-11dc-b67a-001c2303f40e}\Shell\Flip Video for PC\command - "" = F:\system\viewer\FlipVideoforPC.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009-03-31 10:10:15 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009-03-31 09:54:07 | 00,000,535 | ---- | C] () -- D:\DOCUME~1\dzhang2\Desktop\NTREGOPT.lnk
[2009-03-31 09:54:07 | 00,000,522 | ---- | C] () -- D:\DOCUME~1\dzhang2\Desktop\ERUNT.lnk
[2009-03-31 09:54:06 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009-03-31 09:50:50 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009-03-30 22:17:11 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009-03-30 22:17:11 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009-03-30 22:17:11 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009-03-30 22:17:11 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009-03-30 22:17:11 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009-03-30 22:17:11 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009-03-30 22:17:11 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009-03-30 22:17:11 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009-03-30 22:17:10 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009-03-30 17:06:02 | 00,000,000 | ---D | C] -- D:\Documents and Settings\dzhang2\Application Data\Malwarebytes
[2009-03-30 17:06:00 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-03-30 17:06:00 | 00,000,586 | ---- | C] () -- D:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009-03-30 17:05:58 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-03-30 17:05:57 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009-03-30 17:05:57 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-03-30 16:46:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009-03-30 16:45:54 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009-03-30 16:19:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009-03-30 11:39:58 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- D:\DOCUME~1\dzhang2\Desktop\setup-spybotsd162.exe
[2009-03-27 22:48:10 | 00,000,600 | ---- | C] () -- D:\DOCUME~1\ALLUSE~1\Desktop\SMPlayer.lnk
[2009-03-27 22:48:05 | 00,000,000 | ---D | C] -- C:\Program Files\SMPlayer
[2009-03-26 14:36:12 | 00,000,489 | ---- | C] () -- D:\DOCUME~1\dzhang2\Desktop\RubyMine 784.lnk
[2009-03-23 13:10:15 | 00,000,000 | ---D | C] -- D:\Documents and Settings\dzhang2\Local Settings\Application Data\Axialis
[2009-03-20 10:58:10 | 00,000,600 | ---- | C] () -- D:\Documents and Settings\dzhang2\Application Data\winscp.rnd
[2009-03-20 10:58:08 | 00,000,532 | ---- | C] () -- D:\DOCUME~1\dzhang2\Desktop\WinSCP.lnk
[2009-03-20 10:58:07 | 00,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2009-03-17 21:14:04 | 00,000,634 | ---- | C] () -- D:\DOCUME~1\ALLUSE~1\Desktop\Notepad++.lnk
[2009-03-15 11:20:28 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Blueberry
[2009-03-12 14:40:12 | 00,000,000 | ---D | C] -- d:\personal\dzhang2\Camtasia Studio
[2009-03-12 14:30:59 | 00,107,864 | ---- | C] (TechSmith Corporation) -- C:\WINDOWS\System32\tsccvid.dll
[2009-03-12 14:30:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2009-03-12 14:30:49 | 00,000,761 | ---- | C] () -- D:\DOCUME~1\ALLUSE~1\Desktop\Camtasia Studio 6.lnk
[2009-03-12 14:30:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2009-03-12 14:30:17 | 00,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2009-03-10 17:29:00 | 00,004,952 | ---- | C] () -- C:\WINDOWS\System32\CmpnyDftEnglish.swf
[2009-03-10 17:28:26 | 00,005,318 | ---- | C] () -- C:\WINDOWS\System32\CmpnyDftFrench.swf
[2009-03-10 17:25:02 | 00,005,068 | ---- | C] () -- C:\WINDOWS\System32\CmpnyDftSpanish.swf
[2009-03-06 15:07:28 | 00,000,031 | ---- | C] () -- C:\WINDOWS\System32\bbcap.err
[2009-03-06 12:36:00 | 00,000,000 | ---D | C] -- D:\Documents and Settings\dzhang2\Application Data\Blueberry
[2009-03-06 12:35:55 | 00,000,000 | ---D | C] -- d:\personal\dzhang2\BB FlashBack Movies
[2009-03-06 12:35:24 | 00,030,720 | ---- | C] (Blueberry Consultants Ltd.) -- C:\WINDOWS\System32\bbcap.dll
[2009-03-06 12:35:24 | 00,004,608 | ---- | C] (Blueberry Consultants Ltd.) -- C:\WINDOWS\System32\bbchlp.dll
[2009-03-06 12:35:24 | 00,004,096 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\bbcap.sys
[2009-03-06 12:35:20 | 00,000,000 | ---D | C] -- D:\Documents and Settings\dzhang2\Application Data\LogSys
[2009-03-06 12:35:18 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\LogSys
[2009-03-06 12:35:14 | 00,000,723 | ---- | C] () -- D:\DOCUME~1\ALLUSE~1\Desktop\BB FlashBack Express 2 Recorder.lnk
[2009-03-06 12:35:14 | 00,000,717 | ---- | C] () -- D:\DOCUME~1\ALLUSE~1\Desktop\BB FlashBack Express 2 Player.lnk
[2009-03-06 12:35:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Blueberry Software
[2009-03-06 12:35:11 | 00,000,000 | ---D | C] -- C:\Program Files\Blueberry Software
[2009-03-06 12:34:58 | 00,000,000 | -H-D | C] -- D:\Documents and Settings\All Users\Application Data\{AC4FF13C-02A0-469C-B21C-716CC01D699C}
[2009-03-04 09:54:51 | 00,000,000 | R--D | C] -- d:\personal\dzhang2\My Wallpapers
[2009-03-04 09:54:51 | 00,000,000 | ---D | C] -- D:\Documents and Settings\dzhang2\Application Data\Realtime Soft
[2009-03-04 09:54:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Realtime Soft
[2009-03-04 09:54:20 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Realtime Soft
[2009-03-04 09:54:20 | 00,000,000 | ---D | C] -- C:\Program Files\UltraMon

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009-03-31 10:03:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-03-31 10:02:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-03-31 10:02:39 | 21,371,16672 | -HS- | M] () -- C:\hiberfil.sys
[2009-03-31 10:01:39 | 34,782,704 | -H-- | M] () -- D:\Documents and Settings\dzhang2\Local Settings\Application Data\IconCache.db
[2009-03-31 09:54:07 | 00,000,535 | ---- | M] () -- D:\DOCUME~1\dzhang2\Desktop\NTREGOPT.lnk
[2009-03-31 09:54:07 | 00,000,522 | ---- | M] () -- D:\DOCUME~1\dzhang2\Desktop\ERUNT.lnk
[2009-03-31 09:48:14 | 10,036,35712 | ---- | M] () -- d:\personal\dzhang2\archive.pst
[2009-03-31 08:33:12 | 00,019,601 | ---- | M] () -- C:\WINDOWS\System32\TCTX.HLP
[2009-03-31 08:33:12 | 00,019,601 | ---- | M] () -- C:\WINDOWS\System32\TCSTORE.HLP
[2009-03-31 08:33:12 | 00,019,601 | ---- | M] () -- C:\WINDOWS\System32\TCNOTES.HLP
[2009-03-31 08:33:12 | 00,019,601 | ---- | M] () -- C:\WINDOWS\System32\TCFREE.HLP
[2009-03-31 08:33:12 | 00,019,601 | ---- | M] () -- C:\WINDOWS\System32\TCFAX.HLP
[2009-03-31 08:33:12 | 00,019,601 | ---- | M] () -- C:\WINDOWS\System32\TC.HLP
[2009-03-31 08:33:12 | 00,015,724 | ---- | M] () -- C:\WINDOWS\System32\PageADT.hlp
[2009-03-31 08:33:12 | 00,000,308 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2009-03-31 08:33:11 | 00,019,601 | ---- | M] () -- C:\WINDOWS\System32\TCSMS.HLP
[2009-03-31 08:19:50 | 00,504,212 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-03-31 08:19:50 | 00,424,118 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-03-31 08:19:50 | 00,072,208 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-03-30 22:23:16 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-03-30 20:30:00 | 00,000,444 | ---- | M] () -- C:\WINDOWS\tasks\SyncBackSE default.job
[2009-03-30 19:43:41 | 00,000,031 | ---- | M] () -- C:\WINDOWS\System32\bbcap.err
[2009-03-30 17:06:00 | 00,000,586 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009-03-30 16:20:13 | 00,000,593 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-03-30 16:20:13 | 00,000,282 | RHS- | M] () -- C:\boot.ini
[2009-03-30 11:54:01 | 00,304,392 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009-03-30 11:45:39 | 00,000,817 | ---- | M] () -- D:\DOCUME~1\dzhang2\Desktop\Spybot - Search & Destroy.lnk
[2009-03-30 11:44:06 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- D:\DOCUME~1\dzhang2\Desktop\setup-spybotsd162.exe
[2009-03-30 11:30:00 | 00,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Temporary File Cleanup.job
[2009-03-30 10:33:55 | 00,002,599 | ---- | M] () -- C:\WINDOWS\SC3USER.INI
[2009-03-30 08:19:59 | 00,002,399 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\Desktop\Outlook 2003.lnk
[2009-03-29 09:32:33 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-03-27 22:48:10 | 00,000,600 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\Desktop\SMPlayer.lnk
[2009-03-26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-03-26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-03-26 14:36:12 | 00,000,489 | ---- | M] () -- D:\DOCUME~1\dzhang2\Desktop\RubyMine 784.lnk
[2009-03-26 12:30:00 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Clean Manager 60606.job
[2009-03-26 09:06:50 | 00,000,600 | ---- | M] () -- D:\Documents and Settings\dzhang2\Local Settings\Application Data\PUTTY.RND
[2009-03-20 21:36:11 | 00,000,600 | ---- | M] () -- D:\Documents and Settings\dzhang2\Application Data\winscp.rnd
[2009-03-20 10:58:08 | 00,000,532 | ---- | M] () -- D:\DOCUME~1\dzhang2\Desktop\WinSCP.lnk
[2009-03-17 21:14:04 | 00,000,634 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\Desktop\Notepad++.lnk
[2009-03-12 14:38:03 | 00,170,496 | ---- | M] () -- D:\Documents and Settings\dzhang2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-03-12 14:30:50 | 00,000,761 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\Desktop\Camtasia Studio 6.lnk
[2009-03-10 17:29:00 | 00,004,952 | ---- | M] () -- C:\WINDOWS\System32\CmpnyDftEnglish.swf
[2009-03-10 17:28:26 | 00,005,318 | ---- | M] () -- C:\WINDOWS\System32\CmpnyDftFrench.swf
[2009-03-10 17:25:02 | 00,005,068 | ---- | M] () -- C:\WINDOWS\System32\CmpnyDftSpanish.swf
[2009-03-06 12:35:24 | 00,030,720 | ---- | M] (Blueberry Consultants Ltd.) -- C:\WINDOWS\System32\bbcap.dll
[2009-03-06 12:35:24 | 00,004,608 | ---- | M] (Blueberry Consultants Ltd.) -- C:\WINDOWS\System32\bbchlp.dll
[2009-03-06 12:35:24 | 00,004,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\bbcap.sys
[2009-03-06 12:35:14 | 00,000,723 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\Desktop\BB FlashBack Express 2 Recorder.lnk
[2009-03-06 12:35:14 | 00,000,717 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\Desktop\BB FlashBack Express 2 Player.lnk
< End of report >
****************************************************************************************************
***********************

here is the extras log from OTListIt2

****************************************************************************************************
***********************
OTListIt Extras logfile created on: 2009-03-31 10:12:25 - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = D:\sysinternals\malware
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

1.99 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.51% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 3057 6114;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 2.91 Gb Free Space | 14.92% Space Free | Partition Type: NTFS
Drive D: | 36.35 Gb Total Space | 10.75 Gb Free Space | 29.58% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive S: | 620.99 Gb Total Space | 14.13 Gb Free Space | 2.28% Space Free | Partition Type: NTFS
Drive T: | 620.99 Gb Total Space | 14.13 Gb Free Space | 2.28% Space Free | Partition Type: NTFS
Drive U: | 620.99 Gb Total Space | 281.56 Gb Free Space | 45.34% Space Free | Partition Type: NTFS
Drive W: | 620.99 Gb Total Space | 281.56 Gb Free Space | 45.34% Space Free | Partition Type: NTFS
Drive X: | 200.01 Gb Total Space | 137.89 Gb Free Space | 68.94% Space Free | Partition Type: NTFS
Drive Y: | 620.99 Gb Total Space | 281.56 Gb Free Space | 45.34% Space Free | Partition Type: NTFS

Computer Name: PEPWUL26009
Current User Name: dzhang2
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\notepad.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AllAlertsDisabled" = 1
"TermService" = 1
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\WINDOWS\system32\config\systemprofile\Application Data\psvr32.exe:*:Enabled:WinSvrHost32 ()
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\minisvr4.exe:*:Enabled:WinSvrHost32 ()
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\zchMiB.exe:*:Enabled:Windows Time Synchronization ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01926AB0-99A0-42F9-9968-1F6F8914A571}" = ProductVision 5.0 - Client
"{046F95D3-64BE-43DC-BBD8-9A8643CE0AAD}" = Crystal RDC Wrapper for WinLIMS
"{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}" = Tencent QQ2009
"{0D03EFEA-83F9-4654-BBFB-C3C7C15DEFBA}" = RS232_TCPIP Collectors
"{121634B0-2F4A-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{185CD549-B86D-4455-BAD1-6791A6B6B97C}" = SF Suite LL4.0 - SimpleParser
"{2243978E-2019-4890-A199-9229107F56FD}" = Brother HL-2040
"{2956C23F-2C34-47F8-8C52-7FF5FA0D6AE5}" = SF Suite LL4.0 - Toolbar
"{343D8DE3-AE1F-431A-830C-B66352E8CA12}" = OZ776 SCR Driver V1.1.3.9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B04DD68-4DF9-4C5E-951D-68D3A93A3D0A}" = XnetPR
"{5666835F-FAB9-11D4-8F7F-009027B31343}" = eMAINT Lan
"{5844C935-106A-435D-969A-98C7508F982D}" = BB FlashBack 2 Express
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"{7505DE9C-4E85-4636-82F0-50F38077B900}" = Crystal Reports XI
"{753210FE-C93A-4C5E-BDCA-157D0844C107}" = ActivePerlEE 5.8.6 Build 812.1
"{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}" = Symantec AntiVirus
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{886E284F-ED78-4149-9007-9C5CF69A52B9}" = Camtasia Studio 6
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901A0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{903A0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Standard 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{94FE0F65-26F1-4AAF-A772-1B6484564DAE}" = InterCall Web Meeting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4D6CABA-53D6-C453-9148-C06C22BA8E31}" = Pepsi_Agent
"{AB6FFA58-F491-11D3-8951-000000015415}" = iPassConnect
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AD3621F9-517E-4084-BBF4-59BC11C2DE5F}" = WRQ Reflection Multi-Host, Standard 12.0.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BE5AD430-9E0C-4243-AB3F-593835869855}" = Microsoft Office Communicator 2005
"{BF755CD9-E185-498A-AAFB-E9F8470AB1CC}" = User Profile Hive Cleanup Service
"{C1F8CD3F-4D1E-434A-8644-EFF203192731}" = LimsLink Special Function Suite Version 4.0
"{C2CDE75C-CA51-4335-9C13-84C00E6093A5}" = Windows Media Player Enterprise Deployment
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C5DC4801-D809-42E3-B7D4-9AE1589BF3D9}" = WRQ Reflection X 12.0.6
"{C6B1CC52-CE41-4458-95D0-445A230E7693}" = Symantec Enterprise Vault HTTP-only Outlook Add-In
"{C785B0B2-E901-4077-A17E-3B2AA4808C87}" = LimsLink 4.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D3770FAE-F95B-4A9E-8674-DAC8EA5E18B9}" = PepsiCo Offline VPN Help Tool 1.2.0
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"{DBACBFE4-F79E-4AFB-A7C3-463555B8446B}" = MySQL Server 5.0
"{DE499746-67B9-11D4-97CE-0050DA10E5AE}" = Cisco Security Agent
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (LABTRONICS)
"{E67FF1A2-23C1-4102-84E9-42115F77AD32}" = UltraMon
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client
"{F0031F3E-36D6-4BC7-8912-75E8A9787550}" = Travel Schedule
"{F4BBA950-56F0-4335-8D93-EE64BFF593A0}" = TortoiseSVN 1.4.5.10425 (32 bit)
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Any Password_is1" = Any Password 1.44
"BB FlashBack 2 Express" = BB FlashBack 2 Express
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"CollabNet Subversion Client" = CollabNet Subversion Client 1.5.5
"Command Prompt Here" = Command Prompt Here
"ÐÂÀËUC" = ÐÂÀËUC 2008BETA
"Dropbox" = Dropbox
"DYMO Label Software" = DYMO Label Software
"DYMO Label Software SDK" = DYMO Label Software SDK
"eRoom 7" = eRoom 7
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader" = Foxit Reader
"Git_is1" = Git 1.6.1-preview20081227
"HDMI" = Intel® Graphics Media Accelerator Driver
"InfraRecorder" = InfraRecorder
"InstallShield_{0D03EFEA-83F9-4654-BBFB-C3C7C15DEFBA}" = RS232_TCPIP Collectors
"InstallShield_{185CD549-B86D-4455-BAD1-6791A6B6B97C}" = SF Suite LL4.0 - SimpleParser
"InstallShield_{2956C23F-2C34-47F8-8C52-7FF5FA0D6AE5}" = SF Suite LL4.0 - Toolbar
"InstallShield_{3B04DD68-4DF9-4C5E-951D-68D3A93A3D0A}" = Xnet Local Print Extension
"InstallShield_{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"InstallShield_{C1F8CD3F-4D1E-434A-8644-EFF203192731}" = LimsLink Special Function Suite Version 4.0
"InstallShield_{C785B0B2-E901-4077-A17E-3B2AA4808C87}" = LimsLink 4.0
"InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.8.0 Full
"Liping Ma Overseas Chinese_is1" = Grade2 version 5
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Math 2" = Math 2
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft SQL Server 2000" = Microsoft SQL Server 2000
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"Notepad++" = Notepad++
"RealPlayer 6.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.2
"Ruby-186-25" = Ruby-186-25
"RubyMine 784" = RubyMine 784
"SMPlayer" = SMPlayer 0.6.7
"SyncBackSE_is1" = SyncBackSE
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.1.8
"WMCSetup" = Windows Media Connect
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009-03-29 10:34:20 | Computer Name = PEPWUL26009 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2009-03-29 18:34:20 | Computer Name = PEPWUL26009 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2009-03-30 02:34:20 | Computer Name = PEPWUL26009 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2009-03-30 20:44:09 | Computer Name = PEPWUL26009 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2009-03-30 20:44:10 | Computer Name = PEPWUL26009 | Source = UserInit | ID = 1000
Description = Could not execute the following script MarimbaCheck.vbs. The system
cannot find the file specified. .

Error - 2009-03-30 20:44:10 | Computer Name = PEPWUL26009 | Source = UserInit | ID = 1000
Description = Could not execute the following script Add_RoleChildDomainAdmins.cmd.
The system cannot find the file specified. .

Error - 2009-03-30 20:44:10 | Computer Name = PEPWUL26009 | Source = UserInit | ID = 1000
Description = Could not execute the following script WorkstationSettings.cmd. The
system cannot find the file specified. .

Error - 2009-03-30 20:44:10 | Computer Name = PEPWUL26009 | Source = UserInit | ID = 1000
Description = Could not execute the following script laptop_pvt.cmd. The system
cannot find the file specified. .

Error - 2009-03-30 20:45:10 | Computer Name = PEPWUL26009 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2009-03-30 20:49:48 | Computer Name = PEPWUL26009 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

[ System Events ]
Error - 2009-03-30 22:31:42 | Computer Name = PEPWUL26009 | Source = Service Control Manager | ID = 7034
Description = The SavRoam service terminated unexpectedly. It has done this 1 time(s).

Error - 2009-03-30 23:02:47 | Computer Name = PEPWUL26009 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec AntiVirus service.

Error - 2009-03-30 23:03:17 | Computer Name = PEPWUL26009 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec AntiVirus service.

Error - 2009-03-30 23:10:18 | Computer Name = PEPWUL26009 | Source = Service Control Manager | ID = 7031
Description = The Symantec AntiVirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 10000 milliseconds:
Restart the service.

Error - 2009-03-30 23:16:09 | Computer Name = PEPWUL26009 | Source = Service Control Manager | ID = 7031
Description = The Symantec AntiVirus service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 10000 milliseconds:
Restart the service.

Error - 2009-03-30 23:16:26 | Computer Name = PEPWUL26009 | Source = Service Control Manager | ID = 7034
Description = The Symantec AntiVirus service terminated unexpectedly. It has done
this 3 time(s).

Error - 2009-03-31 09:15:42 | Computer Name = PEPWUL26009 | Source = Service Control Manager | ID = 7000
Description = The Nortel Extranet Access Protocol service failed to start due to
the following error: %%2

Error - 2009-03-31 09:15:42 | Computer Name = PEPWUL26009 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2147500053

Error - 2009-03-31 11:05:00 | Computer Name = PEPWUL26009 | Source = Service Control Manager | ID = 7000
Description = The Nortel Extranet Access Protocol service failed to start due to
the following error: %%2

Error - 2009-03-31 11:05:00 | Computer Name = PEPWUL26009 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2147500053


< End of report >
****************************************************************************************************
**************
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP