Members

Blog Posts

qbqdkbcj

Posted by Shiela on July 12, 2024 at 8:13am 0 Comments

https://issawhiknong.theblog.me/posts/54547518 https://pastelink.net/h1kzcugo https://aqeknucadank.therestaurant.jp/posts/54547512 http://divasunlimited.ning.com/photo/albums/kbhajzcp… Continue

qihvaiip

Posted by Leslie on July 12, 2024 at 8:12am 0 Comments

https://www.taptap.io/post/create?draft_id=1214782 https://mubywhungedi.localinfo.jp/posts/54547498 https://podcast.kkbox.com/tw/episode/KqZnXdVGicr1Y6HeYJ… Continue

yptnfwsa

Posted by Rebecca on July 12, 2024 at 8:08am 0 Comments

http://divasunlimited.ning.com/photo/albums/yqsxtkyp https://uqythuknokna.themedia.jp/posts/54547434 https://sseqasiniquq.therestaurant.jp/posts/54547473 http://beterhbo.ning.com/profiles/blogs/tzfitqfv… Continue

Workplace Stress Management Market Share, Overview, Competitive Analysis and Forecast 2031

Posted by Prajakta on July 12, 2024 at 8:08am 0 Comments

The Workplace Stress Management Market in 2023 is US$ 10.41 billion, and is expected to reach US$ 16.75 billion by 2031 at a CAGR of 6.10%.



FutureWise Research published a report that analyzes Workplace Stress Management Market trends to predict the market's growth. The report begins with a description of the business environment and explains the commercial… Continue

Top Content 

1 Specialist Removal Firm in Bangalore Will Make Sure of Painless Relocation

Specialist Removal Firm in Bangalore Will Make Sure of Painless Relocation
2 Most Beneficial Tips for Making Residential Shifting Easier

Most Beneficial Tips for Making Residential Shifting Easier
3 Support in School

Support in School
4 How to Combine SEO with Content Marketing

How to Combine SEO with Content Marketing
5 Time to Snap 8% off old school runescape cheap gold with code RSHFD8 from Rsorder for Gower Trailer& Father's day 6.18-6.20

Time to Snap 8% off old school runescape cheap gold with code RSHFD8 from Rsorder for Gower Trailer& Father's day 6.18-6.20

heaven dx11 benchmark pro download

 

heaven dx11 benchmark pro download


Name: heaven dx11 benchmark pro download
Category: Download
Published: liracoro1975
Language: English

 


 


 

 

 

 

 

 

 


 


 


 


 


 


 


 


 


 


 


 


 


 


 


 


 


 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverr >"FirewallOverr > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
Folders Infected: (No malicious items detected)
1,014.00 Mb Total Physical Memory | 668.00 Mb Available Physical Memory | 66.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 28.00% Paging File free Paging file location(s): c:\pagefile.sys 1524 1524 [binary data]
Scan type: Quick Scan Objects scanned: 182800 Time elapsed: 21 minute(s), 50 second(s)
Error - 8/28/2008 11:52:51 PM | Computer Name = FOUNDATION1-LT | Source = VETMONNT | >Description =
Malwarebytes' Anti-Malware 1.44 Database version: 3796 Windows 5.1.2600 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18702.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services "3246:TCP" = 3246:TCP:*:Enabled:Services "2479:TCP" = 2479:TCP:*:Enabled:Services.
cjkvvr.exe [Closed]
OTL Extras logfile created on: 2/27/2010 10:25:00 AM - Run 1 OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Scott.Edgelow.CORP\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy.
========== HKEY_LOCAL_MACHINE Uninstall List ==========
Computer Name: FOUNDATION1-LT Current User Name: Scott.Edgelow NOT logged in as Administrator.
Error - 12/3/2009 5:30:40 PM | Computer Name = FOUNDATION1-LT | Source = AutoEnrollment | >Description = Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] " " = TOSHIBA Speech System SR Engine(U.S.) Version1.0 " " = mLogView " " = FX AccuCharts " " = Popup Blocker (Windows Live Toolbar) " " = SoftIPT " " = Sonic DLA " " = TOSHIBA Assist " " = Tabbed Browsing (Windows Live Toolbar) " " = AutoUpdate " " = Google Toolbar for Internet Explorer " " = mProSafe " " = J2SE Runtime Environment 5.0 Update 4 " " = WebFldrs XP " " = Windows Live Toolbar Extension (Windows Live Toolbar) " " = Microsoft Report Viewer Redistributable 2005 " " = Google Earth " " = Interbank FX Trader 4 4.00 " " = mIWA " " = TOSHIBA Speech System TTS Engine(U.S.) Version1.0 " " = TIPCI " " = TOSHIBA SD Memory Card Format " " = Windows Live Sign-in Assistant " " = OneCare Advisor (Windows Live Toolbar) " " = Windows Live Messenger " " = TOSHIBA Zooming Utility " " = TOSHIBA Hotkey Utility " " = TOSHIBA TouchPad ON/Off Utility " " = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 " " = TOSHIBA Utilities " " = DivX Codec " " = SplitView 2007 " " = Windows Support Tools " " = Intel® Graphics Media Accelerator Driver " " = DivX Player " " = TOSHIBA Virtual Sound " " = mPfMgr " " = mHelp " " = Microsoft Office Professional Edition 2003 " " = Compatibility Pack for the 2007 Office system " " = Microsoft Office FrontPage 2003 " " = Microsoft Office Project Professional 2003 " " = Microsoft Office Visio Professional 2003 " " = Microsoft Office PowerPoint Viewer 2003 " " = mPfWiz " " = InterVideo WinDVD for TOSHIBA " " = Microsoft Office OneNote 2003 " " = mZConfig " " = Sonic RecordNow! " " = Smart Menus (Windows Live Toolbar) " " = mXML " " = DVD-RAM Driver " " = CD/DVD Drive Acoustic Silencer " " = Windows Defender " " = Microsoft .NET Framework 3.0 Service Pack 2 " " = Windows Live Outlook Toolbar (Windows Live Toolbar) " " = Microsoft Visual C++ 2005 Redistributable " " = TOSHIBA Controls " " = Google Update Helper " " = Microsoft Office Live Meeting 2007 " " = Adobe Reader 8.1.2 " " = RET Mastery Theory Exam " " = DivX Converter " " = Global Trading System Pro " " = USB to Serial Bridge Controller " _is1" = Spybot - Search & Destroy " " = DivX Web Player " " = Canon MP500 " " = Microsoft SOAP Toolkit 3.0 " " = TOSHIBA ConfigFree " " = Microsoft .NET Framework 2.0 Service Pack 2 " " = SD Secure Module " " = Microsoft .NET Framework 1.1 " " = Microsoft .NET Framework 3.5 SP1 " " = Bluetooth Stack for Windows by Toshiba " " = DivX Content Uploader " " = Skype™ 4.1 " " = Canon PhotoRecord " " = Windows Live Toolbar " " = eSignal " " = F-Secure PSC Prerequisites " " = Ad-Aware 2007 " " = mCore " " = Map Button (Windows Live Toolbar) " " = TOSHIBA Speech System Applications " " = QuickTime " " = mMHouse " " = Realtek High Definition Audio Driver " " = mDrWiFi " " = mWlsSafe "AC3Filter" = AC3Filter (remove only) "ActiveTouchMeetingClient" = WebEx "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Canon iP90 Setup Utility" = Canon iP90 Setup Utility "CANONBJ_Deinstall_CNMCP71.DLL" = Canon iP90 "CutePDF Writer Installation" = CutePDF Writer 2.7 "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox "Easy-WebPrint" = Easy-WebPrint "EB88B6218325D2AB47CFFBF7170236B60A6198FF" = Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0) "ERUNT_is1" = ERUNT 1.1j "eSignal" = eSignal 10.5 "F-Secure Product 444" = Shaw Secure "Global Trading System" = Global Trading System "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "HijackThis" = HijackThis 2.0.0 "ICM Live WinTrader" = ICM Live WinTrader (remove only) " >"ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_ " = Texas Instruments PCIxx21/x515/xx12 drivers. "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005 "Mozilla Firefox (3.6)" = Mozilla Firefox (3.6) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "MSTargetContextSubmenu" = Target Context Menu (Remove Only) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PalTalk8.2" = PaltalkScene "PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool "Power Saver" = TOSHIBA Power Saver "ProInst" = Intel® PROSet/Wireless Software "PROSet" = Intel® PRO Network Connections Drivers "RealPlayer 6.0" = RealPlayer Basic "Refined Elliott Trader" = Refined Elliott Trader 1.10.9 "RET Pro" = RET Pro 1.3.5 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TOSHIBA Software Modem" = TOSHIBA Software Modem "Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver "ViewpointMediaPlayer" = Viewpoint Media Player "WIC" = Windows Imaging Component "Windows Live Toolbar" = Windows Live Toolbar "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinZip" = WinZip "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Xv > ========== HKEY_CURRENT_USER Uninstall List ==========
Hi, I was on paltalk in a trading room when it struck. The following are copies as per the guide. I was unable to run GMER. Tried several times but kept locking up.
Error - 8/28/2008 11:52:51 PM | Computer Name = FOUNDATION1-LT | Source = VETMONNT | >Description =
NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/11/01 12:04:02 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found.
Error - 12/3/2009 12:17:47 AM | Computer Name = FOUNDATION1-LT | Source = Application Error | >Description = Faulting application paltalk.exe, version 9.96.3439.0, faulting module mshtml.dll, version 8.0.6001.18852, fault address 0x0003d4d7.
Error - 12/2/2009 12:40:35 PM | Computer Name = FOUNDATION1-LT | Source = AutoEnrollment | >Description = Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed.
[2010/02/26 15:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott.Edgelow.CORP\Application Data\Mozilla\Extensions [2010/02/26 16:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott.Edgelow.CORP\Application Data\Mozilla\Firefox\Profiles\t2csswre.default\extensions [2010/02/26 16:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott.Edgelow.CORP\Application Data\Mozilla\Firefox\Profiles\t2csswre.default\extensions\[email protected] [2010/02/26 15:30:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions.
[ Application Events ] Error - 12/2/2009 12:39:43 PM | Computer Name = FOUNDATION1-LT | Source = Userenv | >Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ \shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\ [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== Files Created - No Company Name ==========
[2010/02/27 10:22:09 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/02/27 08:43:15 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/02/27 08:22:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/02/27 06:42:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/02/27 06:42:36 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Scott.Edgelow.CORP\ntuser.ini [2010/02/27 06:42:35 | 008,912,896 | ---- | M] () -- C:\Documents and Settings\Scott.Edgelow.CORP\ntuser.dat [2010/02/27 06:41:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/02/26 16:17:28 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Scott.Edgelow.CORP\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2010/02/26 16:17:15 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\NTREGOPT.lnk [2010/02/26 16:17:15 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\ERUNT.lnk [2010/02/26 15:33:09 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/02/26 15:30:50 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/02/26 12:30:17 | 000,196,806 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\mbam-setup.exe [2010/02/26 12:23:55 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\OTL.exe [2010/02/26 12:22:47 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\gmer.zip [2010/02/26 12:21:46 | 000,243,390 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\erunt_setup.exe [2010/02/26 12:16:56 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\TFC.exe [2010/02/26 11:34:11 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2010/02/26 11:20:14 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/02/26 10:45:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm [2010/02/26 10:45:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2010/02/26 02:06:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm [2010/02/26 02:06:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm [2010/02/26 01:03:16 | 000,000,035 | ---- | M] () -- C:\WINDOWS\RET.INI [2010/02/26 00:46:42 | 000,002,927 | ---- | M] () -- C:\WINDOWS\WinRos.ini [2010/02/26 00:42:27 | 000,022,090 | ---- | M] () -- C:\WINDOWS\WinSig.ini [2010/02/26 00:18:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm [2010/02/26 00:18:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2010/02/25 23:51:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm [2010/02/25 23:51:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm [2010/02/25 23:30:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm [2010/02/25 23:30:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2010/02/24 01:21:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm [2010/02/24 01:21:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2010/02/22 07:02:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm [2010/02/22 07:02:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2010/02/19 09:34:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm [2010/02/19 09:34:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2010/02/18 06:42:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm [2010/02/18 06:42:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2010/02/16 06:42:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm [2010/02/16 06:42:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2010/02/14 22:28:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm [2010/02/14 22:28:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm [53 \\srv-ads-01\Scott.Edgelow$\My Documents\*.tmp files -> \\srv-ads-01\Scott.Edgelow$\My Documents\*.tmp -> ] [1 C:\Documents and Settings\Scott.Edgelow.CORP\Application Data\*.tmp files -> C:\Documents and Settings\Scott.Edgelow.CORP\Application Data\*.tmp -> ]
OTL logfile created on: 2/27/2010 10:25:00 AM - Run 1 OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Scott.Edgelow.CORP\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy.
1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\a8049154382: DllName - C:\WINDOWS\system32\__c004B279.dat - C:\WINDOWS\System32\__c004B279.dat File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O28 - HKLM ShellExecuteHooks: - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\ \Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\ \Shell\AutoRun\command - "" = E:\autorun.exe -- File not found O33 - MountPoints2\ \Shell\phone\command - "" = E:\autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %*
Memory Modules Infected: (No malicious items detected)
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.54 Gb Total Space | 72.84 Gb Free Space | 65.31% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded.
Error - 8/28/2008 11:52:51 PM | Computer Name = FOUNDATION1-LT | Source = VETMONNT | >Description =
Error - 8/28/2008 11:52:51 PM | Computer Name = FOUNDATION1-LT | Source = VETMONNT | >Description =
Error - 8/28/2008 11:52:51 PM | Computer Name = FOUNDATION1-LT | Source = VETMONNT | >Description =
Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fce15a50.exe (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f215ea27d.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
Files Infected: C:\Program Files\noadware.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant.FOUNDATION1-LT\Local Settings\Temp\wxlony.dll (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Scott.Edgelow.CORP\Local Settings\Temp\wxlony.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
[HKEY_CURRENT_USER\SOFTWARE\Classes\ ] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Current Boot Mode: SafeMode with Networking Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan.
Error - 8/28/2008 11:52:51 PM | Computer Name = FOUNDATION1-LT | Source = VETMONNT | >Description =
CREATERESTOREPOINT Error starting restore point: The function was called in safe mode. Error closing restore point: The sequence number is invalid.
Error - 12/3/2009 9:30:28 AM | Computer Name = FOUNDATION1-LT | Source = Userenv | >Description = Windows cannot obtain the domain controller name for your computer network. (A socket operation was attempted to an unreachable host. ). Group Policy processing aborted.
Error - 12/3/2009 9:30:27 AM | Computer Name = FOUNDATION1-LT | Source = Userenv | >Description = Windows cannot obtain the domain controller name for your computer network. (A socket operation was attempted to an unreachable host. ). Group Policy processing aborted.
MOD - [2010/02/26 12:23:55 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\OTL.exe MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services "2479:TCP" = 2479:TCP:*:Enabled:Services "3246:TCP" = 3246:TCP:*:Enabled:Services.
========== Files/Folders - Created Within 14 Days ==========
Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c002dc40 (Trojan.Vundo) -> Quarantined and deleted successfully.
[ System Events ] Error - 8/28/2008 11:52:51 PM | Computer Name = FOUNDATION1-LT | Source = VETMONNT | >Description =
O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DriveLetterAccess) - - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (no name) - - No CLSID value found. O2 - BHO: (no name) - - No CLSID value found. O2 - BHO: (Browsing Protection Class) - - C:\Program Files\Shaw Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (&Google) - - c:\program files\google\googletoolbar3.dll File not found O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - - C:\Program Files\Shaw Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - - C:\Program Files\Windows Live Toolbar\msntb.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - - c:\program files\google\googletoolbar3.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - - C:\Program Files\Windows Live Toolbar\msntb.dll File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\agrsmmsg.exe (Agere Systems) O4 - HKLM..\Run: [CFSServ.exe] File not found O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Shaw Secure\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [HornetMonitor] C:\Program Files\Common Files\Hornet\MntrHrnt.exe File not found O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SplitView] C:\Program Files\SplitView 2007\SplitScr.exe () O4 - HKLM..\Run: [Synchronization Manager] C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TFncKy] File not found O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA) O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Scott.Edgelow.CORP\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.) O4 - HKCU..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKCU..\Run: [SplitScreen] C:\Program Files\SplitView 2007\SplitScr.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.) O4 - Startup: C:\Documents and Settings\Scott.Edgelow.CORP\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui (Microsoft Corporation) O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.) O9 - Extra Button: PalTalk - - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O16 - DPF: http://apps.corel.co. IEGetPlugin.ocx (get_atlcom Class) O16 - DPF: http://www.update.mi. b?1193950252692 (WUWebControl Class) O16 - DPF: http://download.sp.f. /fslauncher.cab (F-Secure Online Scanner Launcher) O16 - DPF: http://download.macr. ash/swflash.cab (Shockwave Flash Object) O16 - DPF: https://elliottician. bex/ieatgpc.cab (GpcContainer Class) O16 - DPF: https://secure.logme. trl.cab?lmi=100 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.omeganet.ca O18 - Protocol\Handler\livecall - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA.
[2099/01/01 12:00:00 | 000,000,000 | --SD | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My Webs [2099/01/01 12:00:00 | 000,000,000 | --SD | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My Web Sites [2099/01/01 12:00:00 | 000,000,000 | --SD | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My Shapes [2099/01/01 12:00:00 | 000,000,000 | R--D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My Videos [2099/01/01 12:00:00 | 000,000,000 | R--D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My Pictures [2099/01/01 12:00:00 | 000,000,000 | R--D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My Music [2099/01/01 12:00:00 | 000,000,000 | R--D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Copy of My Videos [2099/01/01 12:00:00 | 000,000,000 | -HSD | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\RECYCLER [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\worx [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\WoodStalk Biocomposites Inc [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\WebEx [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\VIDEO_TS [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Updater5 [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\trade [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\stu [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\SP [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Shaun's Folder [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\scott [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\ROC [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Rapport [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\qx [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Prosper [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\PPT Viewer [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\PowerPoint [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Peru [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\panama [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My Skype Received Files [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My Skype Pictures [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My Skype Content [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My Received Files [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My Notebook [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My Meetings [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\My eBooks [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\mutual [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Mikogo [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Leprechaun [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Kaz [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\JBC [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\InterVideo [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\India [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\IJM [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\ICM [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\ICCC Canada [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\IBFX [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\heli [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\french patent [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Foundation [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\FONDESIF [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Esther [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\elliott [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Downloads [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\CRA [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Copy of My Skype Received Files [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Copy of My Skype Pictures [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Copy of My Notebook [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\chad [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\bolivia [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\BOD [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\blackberry [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\biosynergy [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\biofuel [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\Bendking [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\bell capital [2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\srv-ads-01\Scott.Edgelow$\My Documents\avanti [2010/02/26 18:31:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2010/02/26 16:17:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/02/26 16:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010/02/26 15:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott.Edgelow.CORP\Local Settings\Application Data\Mozilla [2010/02/26 15:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott.Edgelow.CORP\Application Data\Mozilla [2010/02/26 15:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010/02/26 12:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott.Edgelow.CORP\Application Data\Malwarebytes [2010/02/26 12:33:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/02/26 12:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/02/26 12:33:37 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/02/26 12:33:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/02/26 12:30:14 | 000,196,806 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\mbam-setup.exe [2010/02/26 12:23:53 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\OTL.exe [2010/02/26 12:21:42 | 000,243,390 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\erunt_setup.exe [2010/02/26 12:16:48 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\TFC.exe [2009/11/27 06:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2009/11/23 18:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2009/10/12 19:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure [2009/05/13 08:15:09 | 005,670,736 | ---- | C] (MetaQuotes Software Corp.) -- C:\Program Files\mt4.exe [2009/04/30 19:29:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2008/08/23 17:07:23 | 016,168,440 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_8_138a1332.exe [2008/08/23 16:29:51 | 015,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd160.exe [2008/08/23 16:21:05 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HJTInstall.exe [2007/11/26 19:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth [2007/11/06 09:40:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2007/11/05 21:55:00 | 123,228,376 | ---- | C] (InterVideo) -- C:\Program Files\WinDVD8Platinum.exe [2007/09/25 15:50:16 | 001,308,216 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HiJackThis_v2.exe [2007/09/25 15:47:38 | 007,467,056 | ---- | C] (Safer Networking Ltd. ) -- C:\Program Files\spybotsd15.exe [2007/01/27 18:25:54 | 014,994,392 | ---- | C] (Macrovision Corporation) -- C:\Program Files\GoogleEarthWin.exe [2006/11/04 09:17:12 | 012,841,064 | ---- | C] (Skype Technologies S.A. ) -- C:\Program Files\SkypeSetup.exe [2006/10/31 21:29:45 | 001,951,432 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ppviewer.exe [2006/03/02 23:07:17 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll [2006/02/21 03:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2006/02/21 03:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [53 \\srv-ads-01\Scott.Edgelow$\My Documents\*.tmp files -> \\srv-ads-01\Scott.Edgelow$\My Documents\*.tmp -> ] [1 C:\Documents and Settings\Scott.Edgelow.CORP\Application Data\*.tmp files -> C:\Documents and Settings\Scott.Edgelow.CORP\Application Data\*.tmp -> ]
Registry Data Items Infected: (No malicious items detected)
1,014.00 Mb Total Physical Memory | 668.00 Mb Available Physical Memory | 66.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 28.00% Paging File free Paging file location(s): c:\pagefile.sys 1524 1524 [binary data]
Error - 12/3/2009 9:30:51 AM | Computer Name = FOUNDATION1-LT | Source = AutoEnrollment | >Description = Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed.
Error - 12/3/2009 5:44:37 PM | Computer Name = FOUNDATION1-LT | Source = Userenv | >Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Shaw Secure\NRS\[email protected] [2010/01/13 09:16:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/26 15:30:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/26 15:30:46 | 000,000,000 | ---D | M]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.54 Gb Total Space | 72.84 Gb Free Space | 65.31% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded.
Memory Processes Infected: (No malicious items detected)
Error - 8/28/2008 11:52:51 PM | Computer Name = FOUNDATION1-LT | Source = VETMONNT | >Description =

PRC - [2010/02/26 12:23:55 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott.Edgelow.CORP\Desktop\OTL.exe PRC - [2010/01/15 20:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2007/07/06 13:02:26 | 000,561,152 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe PRC - [2004/08/03 23:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ ] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
Error - 12/2/2009 12:40:17 PM | Computer Name = FOUNDATION1-LT | Source = Userenv | >Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
Error - 12/2/2009 8:40:36 PM | Computer Name = FOUNDATION1-LT | Source = AutoEnrollment | >Description = Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c. ferrer:source?> IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0.
2/26/2010 3:57:50 PM mbam-log-2010-02-26 (15-57-50).txt.
Computer Name: FOUNDATION1-LT Current User Name: Scott.Edgelow NOT logged in as Administrator.
FF - prefs.js..extensions.enabledItems: [email protected]:1.10 FF - prefs.js..extensions.enabledItems: [email protected]:1.00.
SRV - [2010/01/25 14:20:18 | 000,056,000 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe -- (FSORSPClient) SRV - [2009/11/23 17:59:35 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca6ca16ecfc4c8) Google Update Service (gupdate1ca6ca16ecfc4c8) SRV - [2009/10/29 14:25:20 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe -- (FSDFWD) SRV - [2009/08/05 08:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Program Files\Shaw Secure\Common\FSMA32.EXE -- (FSMA) SRV - [2009/08/05 08:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter) SRV - [2008/09/06 11:12:11 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103) SRV - [2007/07/06 13:02:26 | 000,561,152 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice) SRV - [2007/02/07 14:25:53 | 000,138,168 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2007/01/19 11:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc) SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2006/02/21 03:32:22 | 000,295,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\termsrv32.dll -- (TermService) SRV - [2005/12/20 12:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV) SRV - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel® SRV - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel® SRV - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel® SRV - [2005/01/17 01:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2004/08/27 09:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service) SRV - [2003/07/28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
Current Boot Mode: SafeMode with Networking Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.) "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- File not found "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- File not found "C:\Program Files\Common Files\AOL\1165448889\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1165448889\EE\AOLServiceHost.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found "C:\Program Files\Paltalk Messenger\paltalk.exe" = C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:Paltalk 9.0 -- (AVM Software Inc.) "C:\Program Files\Refined Elliott Trader\rtdm\RETDM.exe" = C:\Program Files\Refined Elliott Trader\rtdm\RETDM.exe:*:Enabled:Refined Elliott Trader Data Manager -- (Elliottician PL) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation) "C:\Program Files\Outlook Express\Paltalk Messenger\paltalk.exe" = C:\Program Files\Outlook Express\Paltalk Messenger\paltalk.exe:*:Enabled:Paltalk 9.1 -- (AVM Software Inc.) "C:\Program Files\InterV >"C:\Program Files\TOSHIBA\SoftIPT\SoftIPT.exe" = C:\Program Files\TOSHIBA\SoftIPT\SoftIPT.exe:*:Enabled:TOSHIBA SoftIPT -- () "C:\Program Files\eSignal\winros.exe" = C:\Program Files\eSignal\winros.exe:*:Enabled:eSignal Data Manager -- (eSignal) "C:\Documents and Settings\Scott.Edgelow.CORP\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Scott.Edgelow.CORP\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.) "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
Error - 8/28/2008 11:52:51 PM | Computer Name = FOUNDATION1-LT | Source = VETMONNT | >Description =
Error - 8/28/2008 11:52:51 PM | Computer Name = FOUNDATION1-LT | Source = VETMONNT | >Description =
========== Authorized Applications List ==========
Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GoToMeeting" = GoToMeeting 4.0.0.320.
========== Files - Modified Within 14 Days ==========
========== Last 10 Event Log Errors ==========
http://lislowingra1984.eklablog.com/abbyy-lingvo-symbian-download-w...

Views: 2

Comments are closed for this blog post

© 2024   Created by PH the vintage.   Powered by

Badges  |  Report an Issue  |  Terms of Service