Members

Blog Posts

pfqepooa

Posted by Donald on April 19, 2024 at 11:16pm 0 Comments

https://start.me/p/5kkqRr/read-online-boucle-dor https://whoxaghyngub.storeinfo.jp/posts/53015276 https://whoxaghyngub.storeinfo.jp/posts/53015257 https://baskadia.com/post/6wkm6… Continue

wxpkuszx

Posted by Gustavo on April 19, 2024 at 11:16pm 0 Comments

https://start.me/p/9ood58/download-pdf-epub-the-complete-alien-collectio https://sysseveknete.theblog.me/posts/53015229 https://ogalugewhalu.themedia.jp/posts/53015271… Continue

tvqlkbrc

Posted by Nicholas on April 19, 2024 at 11:16pm 0 Comments

https://enizebahyxif.shopinfo.jp/posts/53015300 https://webhitlist.com/profiles/blogs/uropylpo https://twitter.com/StittWendy48762/status/1781521261010554960… Continue

tmztbqnf

Posted by George on April 19, 2024 at 11:13pm 0 Comments

http://taylorhicks.ning.com/photo/albums/lzkwtdjk https://iwiwajogekne.themedia.jp/posts/53015221 https://open.firstory.me/story/clv7iqxnp05jd01wtcw2m6dw2… Continue

Top Content 

1 Specialist Removal Firm in Bangalore Will Make Sure of Painless Relocation

Specialist Removal Firm in Bangalore Will Make Sure of Painless Relocation
2 Most Beneficial Tips for Making Residential Shifting Easier

Most Beneficial Tips for Making Residential Shifting Easier
3 Support in School

Support in School
4 How to Combine SEO with Content Marketing

How to Combine SEO with Content Marketing
5 Time to Snap 8% off old school runescape cheap gold with code RSHFD8 from Rsorder for Gower Trailer& Father's day 6.18-6.20

Time to Snap 8% off old school runescape cheap gold with code RSHFD8 from Rsorder for Gower Trailer& Father's day 6.18-6.20

heaven and hell the devil you know download

 

heaven and hell the devil you know download


Name: heaven and hell the devil you know download
Category: Free
Published: halanlasist1983
Language: English

 


 


 

 

 

 

 

 

 


 


 


 


 


 


 


 


 


 


 


 


 


 


 


 


 


 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.54 Gb Total Space | 72.84 Gb Free Space | 65.31% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded.
PRC - [2010/02/26 12:23:55 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\OTL.exe PRC - [2010/01/15 20:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2007/07/06 13:02:26 | 000,561,152 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe PRC - [2004/08/03 23:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe.
Computer Name: FOUNDATION1-LT Current User Name: Scott.Edgelow NOT logged in as Administrator.
CREATERESTOREPOINT Error starting restore point: The function was called in safe mode. Error closing restore point: The sequence number is invalid.
Error - 12/3/2009 9:30:28 AM | Computer Name = FOUNDATION1-LT | Source = Userenv | >Description = Windows cannot obtain the domain controller name for your computer network. (A socket operation was attempted to an unreachable host. ). Group Policy processing aborted.
[2010/02/26 15:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott.Edgelow.CORP\Application Data\Mozilla\Extensions [2010/02/26 16:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott.Edgelow.CORP\Application Data\Mozilla\Firefox\Profiles\t2csswre.default\extensions [2010/02/26 16:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott.Edgelow.CORP\Application Data\Mozilla\Firefox\Profiles\t2csswre.default\extensions\[email protected] [2010/02/26 15:30:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ ] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.) "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- File not found "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- File not found "C:\Program Files\Common Files\AOL\1165448889\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1165448889\EE\AOLServiceHost.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found "C:\Program Files\Paltalk Messenger\paltalk.exe" = C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:Paltalk 9.0 -- (AVM Software Inc.) "C:\Program Files\Refined Elliott Trader\rtdm\RETDM.exe" = C:\Program Files\Refined Elliott Trader\rtdm\RETDM.exe:*:Enabled:Refined Elliott Trader Data Manager -- (Elliottician PL) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation) "C:\Program Files\Outlook Express\Paltalk Messenger\paltalk.exe" = C:\Program Files\Outlook Express\Paltalk Messenger\paltalk.exe:*:Enabled:Paltalk 9.1 -- (AVM Software Inc.) "C:\Program Files\InterV >"C:\Program Files\TOSHIBA\SoftIPT\SoftIPT.exe" = C:\Program Files\TOSHIBA\SoftIPT\SoftIPT.exe:*:Enabled:TOSHIBA SoftIPT -- () "C:\Program Files\eSignal\winros.exe" = C:\Program Files\eSignal\winros.exe:*:Enabled:eSignal Data Manager -- (eSignal) "C:\Documents and Settings\Scott.Edgelow.CORP\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Scott.Edgelow.CORP\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.) "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.54 Gb Total Space | 72.84 Gb Free Space | 65.31% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded.
O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DriveLetterAccess) - - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (no name) - - No CLSID value found. O2 - BHO: (no name) - - No CLSID value found. O2 - BHO: (Browsing Protection Class) - - C:\Program Files\Shaw Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (&Google) - - c:\program files\google\googletoolbar3.dll File not found O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - - C:\Program Files\Shaw Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - - C:\Program Files\Windows Live Toolbar\msntb.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - - c:\program files\google\googletoolbar3.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - - C:\Program Files\Windows Live Toolbar\msntb.dll File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\agrsmmsg.exe (Agere Systems) O4 - HKLM..\Run: [CFSServ.exe] File not found O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Shaw Secure\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [HornetMonitor] C:\Program Files\Common Files\Hornet\MntrHrnt.exe File not found O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SplitView] C:\Program Files\SplitView 2007\SplitScr.exe () O4 - HKLM..\Run: [Synchronization Manager] C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TFncKy] File not found O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA) O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Scott.Edgelow.CORP\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.) O4 - HKCU..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKCU..\Run: [SplitScreen] C:\Program Files\SplitView 2007\SplitScr.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.) O4 - Startup: C:\Documents and Settings\Scott.Edgelow.CORP\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui (Microsoft Corporation) O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.) O9 - Extra Button: PalTalk - - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O16 - DPF: http://apps.corel.co. IEGetPlugin.ocx (get_atlcom Class) O16 - DPF: http://www.update.mi. b?1193950252692 (WUWebControl Class) O16 - DPF: http://download.sp.f. /fslauncher.cab (F-Secure Online Scanner Launcher) O16 - DPF: http://download.macr. ash/swflash.cab (Shockwave Flash Object) O16 - DPF: https://elliottician. bex/ieatgpc.cab (GpcContainer Class) O16 - DPF: https://secure.logme. trl.cab?lmi=100 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.omeganet.ca O18 - Protocol\Handler\livecall - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA.
Files Infected: C:\Program Files\noadware.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.FOUNDATION1-LT\Local Settings\Temp\wxlony.dll (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Scott.Edgelow.CORP\Local Settings\Temp\wxlony.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
[ System Events ] Error - 8/28/2008 11:52:51 PM | Computer Name = FOUNDATION1-LT | Source = VETMONNT | >Description =
Error - 8/28/2008 11:52:51 PM | Computer Name = FOUNDATION1-LT | Source = VETMONNT | >Description =
Error - 8/28/2008 11:52:51 PM | Computer Name = FOUNDATION1-LT | Source = VETMONNT | >Description =
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Shaw Secure\NRS\[email protected] [2010/01/13 09:16:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/26 15:30:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/26 15:30:46 | 000,000,000 | ---D | M]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GoToMeeting" = GoToMeeting 4.0.0.320.
2/26/2010 3:57:50 PM mbam-log-2010-02-26 (15-57-50).txt.
Error - 12/3/2009 9:30:27 AM | Computer Name = FOUNDATION1-LT | Source = Userenv | >Description = Windows cannot obtain the domain controller name for your computer network. (A socket operation was attempted to an unreachable host. ). Group Policy processing aborted.
Error - 8/28/2008 11:52:51 PM | Computer Name = FOUNDATION1-LT | Source = VETMONNT | >Description =
Error - 8/28/2008 11:52:51 PM | Computer Name = FOUNDATION1-LT | Source = VETMONNT | >Description =
========== Files - Modified Within 14 Days ==========
Error - 12/2/2009 8:40:36 PM | Computer Name = FOUNDATION1-LT | Source = AutoEnrollment | >Description = Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c. ferrer:source?> IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0.
Scan type: Quick Scan Objects scanned: 182800 Time elapsed: 21 minute(s), 50 second(s)
OTL Extras logfile created on: 2/27/2010 10:25:00 AM - Run 1 OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Scott.Edgelow.CORP\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy.
[2099/01/01 12:00:00 | 000,000,000 | --SD | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My Webs [2099/01/01 12:00:00 | 000,000,000 | --SD | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My Web Sites [2099/01/01 12:00:00 | 000,000,000 | --SD | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My Shapes [2099/01/01 12:00:00 | 000,000,000 | R--D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My Videos [2099/01/01 12:00:00 | 000,000,000 | R--D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My Pictures [2099/01/01 12:00:00 | 000,000,000 | R--D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My Music [2099/01/01 12:00:00 | 000,000,000 | R--D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Copy of My Videos [2099/01/01 12:00:00 | 000,000,000 | -HSD | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\RECYCLER [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\worx [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\WoodStalk Biocomposites Inc [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\WebEx [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\VIDEO_TS [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Updater5 [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\trade [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\stu [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\SP [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Shaun's Folder [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\scott [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\ROC [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Rapport [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\qx [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Prosper [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\PPT Viewer [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\PowerPoint [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Peru [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\panama [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My Skype Received Files [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My Skype Pictures [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My Skype Content [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My Received Files [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My Notebook [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My Meetings [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My eBooks [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\mutual [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Mikogo [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Leprechaun [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Kaz [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\JBC [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\InterVideo [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\India [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\IJM [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\ICM [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\ICCC Canada [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\IBFX [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\heli [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\french patent [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Foundation [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\FONDESIF [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Esther [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\elliott [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Downloads [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\CRA [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Copy of My Skype Received Files [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Copy of My Skype Pictures [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Copy of My Notebook [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\chad [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\bolivia [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\BOD [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\blackberry [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\biosynergy [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\biofuel [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Bendking [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\bell capital [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\avanti [2010/02/26 18:31:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2010/02/26 16:17:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/02/26 16:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010/02/26 15:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott.Edgelow.CORP\Local Settings\Application Data\Mozilla [2010/02/26 15:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott.Edgelow.CORP\Application Data\Mozilla [2010/02/26 15:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010/02/26 12:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott.Edgelow.CORP\Application Data\Malwarebytes [2010/02/26 12:33:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/02/26 12:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/02/26 12:33:37 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/02/26 12:33:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/02/26 12:30:14 | 000,196,806 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\mbam-setup.exe [2010/02/26 12:23:53 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\OTL.exe [2010/02/26 12:21:42 | 000,243,390 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\erunt_setup.exe [2010/02/26 12:16:48 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\TFC.exe [2009/11/27 06:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2009/11/23 18:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2009/10/12 19:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure [2009/05/13 08:15:09 | 005,670,736 | ---- | C] (MetaQuotes Software Corp.) -- C:\Program Files\mt4.exe [2009/04/30 19:29:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2008/08/23 17:07:23 | 016,168,440 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_8_138a1332.exe [2008/08/23 16:29:51 | 015,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd160.exe [2008/08/23 16:21:05 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HJTInstall.exe [2007/11/26 19:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth [2007/11/06 09:40:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2007/11/05 21:55:00 | 123,228,376 | ---- | C] (InterVideo) -- C:\Program Files\WinDVD8Platinum.exe [2007/09/25 15:50:16 | 001,308,216 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HiJackThis_v2.exe [2007/09/25 15:47:38 | 007,467,056 | ---- | C] (Safer Networking Ltd. ) -- C:\Program Files\spybotsd15.exe [2007/01/27 18:25:54 | 014,994,392 | ---- | C] (Macrovision Corporation) -- C:\Program Files\GoogleEarthWin.exe [2006/11/04 09:17:12 | 012,841,064 | ---- | C] (Skype Technologies S.A. ) -- C:\Program Files\SkypeSetup.exe [2006/10/31 21:29:45 | 001,951,432 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ppviewer.exe [2006/03/02 23:07:17 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll [2006/02/21 03:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2006/02/21 03:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [53 \\srv-ads-01\Scott.Edgelow$\My Documents\*.tmp files -> \\srv-ads-01\Scott.Edgelow$\My Documents\*.tmp -> ] [1 C:\Documents and Settings\Scott.Edgelow.CORP\Application Data\*.tmp files -> C:\Documents and Settings\Scott.Edgelow.CORP\Application Data\*.tmp -> ]
Error - 8/28/2008 11:52:51 PM | Computer Name = FOUNDATION1-LT | Source = VETMONNT | >Description =
========== Files/Folders - Created Within 14 Days ==========
FF - prefs.js..extensions.enabledItems: [email protected]:1.10 FF - prefs.js..extensions.enabledItems: [email protected]:1.00.
SRV - [2010/01/25 14:20:18 | 000,056,000 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe -- (FSORSPClient) SRV - [2009/11/23 17:59:35 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca6ca16ecfc4c8) Google Update Service (gupdate1ca6ca16ecfc4c8) SRV - [2009/10/29 14:25:20 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe -- (FSDFWD) SRV - [2009/08/05 08:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Program Files\Shaw Secure\Common\FSMA32.EXE -- (FSMA) SRV - [2009/08/05 08:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter) SRV - [2008/09/06 11:12:11 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103) SRV - [2007/07/06 13:02:26 | 000,561,152 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice) SRV - [2007/02/07 14:25:53 | 000,138,168 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2007/01/19 11:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc) SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2006/02/21 03:32:22 | 000,295,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\termsrv32.dll -- (TermService) SRV - [2005/12/20 12:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV) SRV - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel® SRV - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel® SRV - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel® SRV - [2005/01/17 01:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2004/08/27 09:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service) SRV - [2003/07/28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
Current Boot Mode: SafeMode with Networking Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan.
Current Boot Mode: SafeMode with Networking Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan.
OTL logfile created on: 2/27/2010 10:25:00 AM - Run 1 OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Scott.Edgelow.CORP\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy.
Error - 8/28/2008 11:52:51 PM | Computer Name = FOUNDATION1-LT | Source = VETMONNT | >Description =
========== Last 10 Event Log Errors ==========
========== Authorized Applications List ==========
1,014.00 Mb Total Physical Memory | 668.00 Mb Available Physical Memory | 66.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 28.00% Paging File free Paging file location(s): c:\pagefile.sys 1524 1524 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services "2479:TCP" = 2479:TCP:*:Enabled:Services "3246:TCP" = 3246:TCP:*:Enabled:Services.
Folders Infected: (No malicious items detected)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] " " = TOSHIBA Speech System SR Engine(U.S.) Version1.0 " " = mLogView " " = FX AccuCharts " " = Popup Blocker (Windows Live Toolbar) " " = SoftIPT " " = Sonic DLA " " = TOSHIBA Assist " " = Tabbed Browsing (Windows Live Toolbar) " " = AutoUpdate " " = Google Toolbar for Internet Explorer " " = mProSafe " " = J2SE Runtime Environment 5.0 Update 4 " " = WebFldrs XP " " = Windows Live Toolbar Extension (Windows Live Toolbar) " " = Microsoft Report Viewer Redistributable 2005 " " = Google Earth " " = Interbank FX Trader 4 4.00 " " = mIWA " " = TOSHIBA Speech System TTS Engine(U.S.) Version1.0 " " = TIPCI " " = TOSHIBA SD Memory Card Format " " = Windows Live Sign-in Assistant " " = OneCare Advisor (Windows Live Toolbar) " " = Windows Live Messenger " " = TOSHIBA Zooming Utility " " = TOSHIBA Hotkey Utility " " = TOSHIBA TouchPad ON/Off Utility " " = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 " " = TOSHIBA Utilities " " = DivX Codec " " = SplitView 2007 " " = Windows Support Tools " " = Intel® Graphics Media Accelerator Driver " " = DivX Player " " = TOSHIBA Virtual Sound " " = mPfMgr " " = mHelp " " = Microsoft Office Professional Edition 2003 " " = Compatibility Pack for the 2007 Office system " " = Microsoft Office FrontPage 2003 " " = Microsoft Office Project Professional 2003 " " = Microsoft Office Visio Professional 2003 " " = Microsoft Office PowerPoint Viewer 2003 " " = mPfWiz " " = InterVideo WinDVD for TOSHIBA " " = Microsoft Office OneNote 2003 " " = mZConfig " " = Sonic RecordNow! " " = Smart Menus (Windows Live Toolbar) " " = mXML " " = DVD-RAM Driver " " = CD/DVD Drive Acoustic Silencer " " = Windows Defender " " = Microsoft .NET Framework 3.0 Service Pack 2 " " = Windows Live Outlook Toolbar (Windows Live Toolbar) " " = Microsoft Visual C++ 2005 Redistributable " " = TOSHIBA Controls " " = Google Update Helper " " = Microsoft Office Live Meeting 2007 " " = Adobe Reader 8.1.2 " " = RET Mastery Theory Exam " " = DivX Converter " " = Global Trading System Pro " " = USB to Serial Bridge Controller " _is1" = Spybot - Search & Destroy " " = DivX Web Player " " = Canon MP500 " " = Microsoft SOAP Toolkit 3.0 " " = TOSHIBA ConfigFree " " = Microsoft .NET Framework 2.0 Service Pack 2 " " = SD Secure Module " " = Microsoft .NET Framework 1.1 " " = Microsoft .NET Framework 3.5 SP1 " " = Bluetooth Stack for Windows by Toshiba " " = DivX Content Uploader " " = Skype™ 4.1 " " = Canon PhotoRecord " " = Windows Live Toolbar " " = eSignal " " = F-Secure PSC Prerequisites " " = Ad-Aware 2007 " " = mCore " " = Map Button (Windows Live Toolbar) " " = TOSHIBA Speech System Applications " " = QuickTime " " = mMHouse " " = Realtek High Definition Audio Driver " " = mDrWiFi " " = mWlsSafe "AC3Filter" = AC3Filter (remove only) "ActiveTouchMeetingClient" = WebEx "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Canon iP90 Setup Utility" = Canon iP90 Setup Utility "CANONBJ_Deinstall_CNMCP71.DLL" = Canon iP90 "CutePDF Writer Installation" = CutePDF Writer 2.7 "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox "Easy-WebPrint" = Easy-WebPrint "EB88B6218325D2AB47CFFBF7170236B60A6198FF" = Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0) "ERUNT_is1" = ERUNT 1.1j "eSignal" = eSignal 10.5 "F-Secure Product 444" = Shaw Secure "Global Trading System" = Global Trading System "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "HijackThis" = HijackThis 2.0.0 "ICM Live WinTrader" = ICM Live WinTrader (remove only) " >"ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_ " = Texas Instruments PCIxx21/x515/xx12 drivers. "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005 "Mozilla Firefox (3.6)" = Mozilla Firefox (3.6) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "MSTargetContextSubmenu" = Target Context Menu (Remove Only) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PalTalk8.2" = PaltalkScene "PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool "Power Saver" = TOSHIBA Power Saver "ProInst" = Intel® PROSet/Wireless Software "PROSet" = Intel® PRO Network Connections Drivers "RealPlayer 6.0" = RealPlayer Basic "Refined Elliott Trader" = Refined Elliott Trader 1.10.9 "RET Pro" = RET Pro 1.3.5 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TOSHIBA Software Modem" = TOSHIBA Software Modem "Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver "ViewpointMediaPlayer" = Viewpoint Media Player "WIC" = Windows Imaging Component "Windows Live Toolbar" = Windows Live Toolbar "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinZip" = WinZip "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Xv > ========== HKEY_CURRENT_USER Uninstall List ==========
Error - 12/3/2009 12:17:47 AM | Computer Name = FOUNDATION1-LT | Source = Application Error | >Description = Faulting application paltalk.exe, version 9.96.3439.0, faulting module mshtml.dll, version 8.0.6001.18852, fault address 0x0003d4d7.
Error - 12/3/2009 5:30:40 PM | Computer Name = FOUNDATION1-LT | Source = AutoEnrollment | >Description = Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed.
1,014.00 Mb Total Physical Memory | 668.00 Mb Available Physical Memory | 66.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 28.00% Paging File free Paging file location(s): c:\pagefile.sys 1524 1524 [binary data]
Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c002dc40 (Trojan.Vundo) -> Quarantined and deleted successfully.
[2010/02/27 10:22:09 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/02/27 08:43:15 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/02/27 08:22:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/02/27 06:42:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/02/27 06:42:36 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Scott.Edgelow.CORP\ntuser.ini [2010/02/27 06:42:35 | 008,912,896 | ---- | M] () -- C:\Documents and Settings\Scott.Edgelow.CORP\ntuser.dat [2010/02/27 06:41:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/02/26 16:17:28 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Scott.Edgelow.CORP\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2010/02/26 16:17:15 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\NTREGOPT.lnk [2010/02/26 16:17:15 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\ERUNT.lnk [2010/02/26 15:33:09 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/02/26 15:30:50 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/02/26 12:30:17 | 000,196,806 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\mbam-setup.exe [2010/02/26 12:23:55 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\OTL.exe [2010/02/26 12:22:47 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\gmer.zip [2010/02/26 12:21:46 | 000,243,390 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\erunt_setup.exe [2010/02/26 12:16:56 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\TFC.exe [2010/02/26 11:34:11 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2010/02/26 11:20:14 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/02/26 10:45:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm [2010/02/26 10:45:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2010/02/26 02:06:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm [2010/02/26 02:06:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm [2010/02/26 01:03:16 | 000,000,035 | ---- | M] () -- C:\WINDOWS\RET.INI [2010/02/26 00:46:42 | 000,002,927 | ---- | M] () -- C:\WINDOWS\WinRos.ini [2010/02/26 00:42:27 | 000,022,090 | ---- | M] () -- C:\WINDOWS\WinSig.ini [2010/02/26 00:18:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm [2010/02/26 00:18:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2010/02/25 23:51:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm [2010/02/25 23:51:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm [2010/02/25 23:30:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm [2010/02/25 23:30:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2010/02/24 01:21:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm [2010/02/24 01:21:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2010/02/22 07:02:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm [2010/02/22 07:02:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2010/02/19 09:34:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm [2010/02/19 09:34:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2010/02/18 06:42:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm [2010/02/18 06:42:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2010/02/16 06:42:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm [2010/02/16 06:42:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2010/02/14 22:28:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm [2010/02/14 22:28:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm [53 \\srv-ads-01\Scott.Edgelow$\My Documents\*.tmp files -> \\srv-ads-01\Scott.Edgelow$\My Documents\*.tmp -> ] [1 C:\Documents and Settings\Scott.Edgelow.CORP\Application Data\*.tmp files -> C:\Documents and Settings\Scott.Edgelow.CORP\Application Data\*.tmp -> ]
Malwarebytes' Anti-Malware 1.44 Database version: 3796 Windows 5.1.2600 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18702.
Registry Data Items Infected: (No malicious items detected)
Hi, I was on paltalk in a trading room when it struck. The following are copies as per the guide. I was unable to run GMER. Tried several times but kept locking up.
Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3.
Error - 8/28/2008 11:52:51 PM | Computer Name = FOUNDATION1-LT | Source = VETMONNT | >Description =
Error - 8/28/2008 11:52:51 PM | Computer Name = FOUNDATION1-LT | Source = VETMONNT | >Description =
Error - 8/28/2008 11:52:51 PM | Computer Name = FOUNDATION1-LT | Source = VETMONNT | >Description =
Error - 12/2/2009 12:40:17 PM | Computer Name = FOUNDATION1-LT | Source = Userenv | >Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
========== Files Created - No Company Name ==========
cjkvvr.exe [Closed]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverr >"FirewallOverr > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
Error - 12/3/2009 5:44:37 PM | Computer Name = FOUNDATION1-LT | Source = Userenv | >Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

[ Application Events ] Error - 12/2/2009 12:39:43 PM | Computer Name = FOUNDATION1-LT | Source = Userenv | >Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ \shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\ [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fce15a50.exe (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f215ea27d.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services "3246:TCP" = 3246:TCP:*:Enabled:Services "2479:TCP" = 2479:TCP:*:Enabled:Services.
NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/11/01 12:04:02 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found.
Memory Processes Infected: (No malicious items detected)
Computer Name: FOUNDATION1-LT Current User Name: Scott.Edgelow NOT logged in as Administrator.
Error - 12/2/2009 12:40:35 PM | Computer Name = FOUNDATION1-LT | Source = AutoEnrollment | >Description = Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed.
Memory Modules Infected: (No malicious items detected)
MOD - [2010/02/26 12:23:55 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\OTL.exe MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\ ] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\a8049154382: DllName - C:\WINDOWS\system32\__c004B279.dat - C:\WINDOWS\System32\__c004B279.dat File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O28 - HKLM ShellExecuteHooks: - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\ \Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\ \Shell\AutoRun\command - "" = E:\autorun.exe -- File not found O33 - MountPoints2\ \Shell\phone\command - "" = E:\autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %*
Error - 12/3/2009 9:30:51 AM | Computer Name = FOUNDATION1-LT | Source = AutoEnrollment | >Description = Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed.
https://5deef5ec66020.site123.me/blog/a4tech-driver-camera-download...

Views: 4

Comments are closed for this blog post

© 2024   Created by PH the vintage.   Powered by

Badges  |  Report an Issue  |  Terms of Service