Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with various unknown processes - firefox home redirects + 2 pop-ups


  • This topic is locked This topic is locked
40 replies to this topic

#1 ThomofAylmer

ThomofAylmer

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 03 January 2012 - 11:13 PM

Ok my title and description make me sound a little dumb, but I know a little about what I'm doing, It's just I think there are many unwanted processes working on my computer.

The most obvious thing is when firefox loads its default homepage and I try to search something, the search automatically redirects to a site called "SEARCH" with the letters using GOOGLE's colors and font. In the adress bar it says the page address is : search.feedandme.com.

Also often when I click anywhere on a webpage two pop-ups are generated, this is not related to the site visited, it happens on every site, usually in the first 5 minutes of a new firefox session. (I've notice this has been going on for the last 3-4 weeks.

There may be other processes/malware at work, if you can help me with cleaning my computer as much as possible it would be appreciated, although I know perfection is not of the computer world hehehe!

Finally you should know I downloaded and ran combofix, but when i heard my computer beep, i panicked and stopped it before it started (the beep was in relation to a message asking me to turn off my anti-virus, but it made me realize combofix was not something I was trained to play around with!) So I'm pretty sure it did not have the time to do much but it did create a folder and an executable file in my C: I do not dare to touch! Just wanted to let you know before we do anything!

Thanks for your help in advance! Here are the reports!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_26
Run by Thomas Gagné at 10:44:16 on 2012-01-03
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3069.1209 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Windows\system32\dlcxcoms.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Xobni\XobniService.exe
C:\Windows\system32\WUDFHost.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1070925
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1070925
mDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1070925
uURLSearchHooks: H - No File
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [CCUTRAYICON] c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
StartupFolder: c:\users\thomas~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\impuls~1.lnk - c:\program files\stardock\impulse\now\ImpulseNow.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///E:/win/setup/iamce.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{02E8F5BB-79C8-4A49-BA9A-BC7D573D40C0} : DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189
TCP: Interfaces\{F8B3E268-1397-4D27-825A-539169BF62E5} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\thomas gagné\appdata\roaming\mozilla\firefox\profiles\midy8b3l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=
FF - component: c:\users\thomas gagné\appdata\roaming\mozilla\firefox\profiles\midy8b3l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKslc59f81d3;MpKslc59f81d3;c:\programdata\microsoft\microsoft antimalware\definition updates\{6c48114e-8baf-43fa-932f-ece9d4287f76}\MpKslc59f81d3.sys [2012-1-3 29904]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-11 21504]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-4-23 2218600]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-4-7 378472]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-5-6 45288]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-9-24 5504]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-11-18 174552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-03 15:11:15 -------- d-s---w- C:\Bibitte
2012-01-03 14:23:51 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6c48114e-8baf-43fa-932f-ece9d4287f76}\MpKslc59f81d3.sys
2012-01-03 14:23:25 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6c48114e-8baf-43fa-932f-ece9d4287f76}\offreg.dll
2012-01-03 14:23:14 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6c48114e-8baf-43fa-932f-ece9d4287f76}\mpengine.dll
2011-12-16 00:34:47 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-16 00:33:11 605968 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2011-12-04 20:54:16 876032 ----a-w- c:\windows\system32\XpsPrint.dll
.
==================== Find3M ====================
.
2011-12-03 14:54:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-14 16:02:19 429056 ----a-w- c:\windows\system32\EncDec.dll
.
============= FINISH: 10:45:32.63 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:36 PM

Posted 09 January 2012 - 11:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/436138 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:36 PM

Posted 14 January 2012 - 11:20 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,046 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:36 PM

Posted 15 January 2012 - 10:29 PM

Topic reopened at member's request. ~ OB

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.


Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.

animinionsmalltext.gif

 


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:36 PM

Posted 16 January 2012 - 12:15 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 ThomofAylmer

ThomofAylmer
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 16 January 2012 - 06:12 PM

Thanks Gringo!

I understand you guys guys must be busy, thanks for the time you put in this! Way to go! I bought a new laptop and try to use my desktop as little as possible since I posted here, as it is my main computer (and my business computer), I wish we can solve this as thoroughly as possible. My problem doesn't change, and these two spam windows randomly popping up when I click anywhere on any webpage is the weirdest sign I've ever seen, it still happens regularly, same with the firefox search engine redirection to SEARCH.com so I browse as little as possible... Again there maybe various other infections. My first download for my new laptop was MSE and I intend to keep both computers as clean as possible from now on, when we fix the desktop... thanks again for you help with these problems, here are the logs:

DDS :

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_30
Run by Thomas Gagné at 17:58:20 on 2012-01-16
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3069.1440 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Windows\system32\dlcxcoms.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Xobni\XobniService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\conime.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.




ATTACH :

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 9/24/2007 11:52:35 PM
System Uptime: 1/16/2012 3:53:16 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0CT017
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | Microprocessor | 2394/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 47.683 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.495 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1732: 1/9/2012 8:48:57 AM - Windows Update
RP1733: 1/10/2012 9:47:21 AM - Windows Update
RP1734: 1/11/2012 1:44:22 PM - Windows Update
RP1735: 1/12/2012 12:08:50 AM - Windows Update
RP1736: 1/12/2012 2:30:45 PM - Windows Update
RP1738: 1/12/2012 8:24:34 PM - Installed DirectX
RP1739: 1/13/2012 3:40:50 PM - Windows Update
RP1740: 1/14/2012 12:46:47 PM - Scheduled Checkpoint
RP1741: 1/15/2012 4:09:56 AM - Windows Update
RP1742: 1/15/2012 11:02:34 PM - Scheduled Checkpoint
RP1743: 1/16/2012 4:04:29 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
A Game of Thrones - Genesis
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.0
ATI Parental Control & Encoder
Birth of the Federation
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
Business Contact Manager for Outlook 2007 SP2
CCScore
Compact Wireless-G USB Adapter
Company of Heroes: Tales of Valor
Conduit Engine
Conexant D850 PCI V.92 Modem
Creative MediaSource 5
Dell PC Fax
Dell Photo AIO Printer 926
Dell Support Center
Dell System Customization Wizard
DellSupport
Digital Line Detect
Digital Media Converter 2.7
Driver Detective
Dungeon Defenders
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
fflink
Free DWG Viewer 6.2
Google Earth
Google Update Helper
Google Updater
Greed Corp
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Impulse
Intel® Matrix Storage Manager
Intel® PRO Network Connections 11.2.1.69
Intel® Viiv™ Software
Java Auto Updater
Java DB 10.5.3.0
Java™ 6 Update 30
Java™ SE Development Kit 6 Update 21
Java™ SE Runtime Environment 6
Junk Mail filter update
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech Legacy USB Camera Driver Package
Logitech QuickCam
Logitech QuickCam Driver Package
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Modem Diagnostic Tool
Mozilla Firefox 9.0.1 (x86 fr)
Mpeg2Decoder 1.3
MSD Akira
MSD Defiant
MSD Enterprise C
MSD Galaxy Class Enterprise D
MSD Sovereign
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
NetWaiting
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 270.61
NVIDIA 3D Vision Driver 270.61
NVIDIA Control Panel 270.61
NVIDIA Graphics Driver 270.61
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.1.34
NVIDIA Update Components
OfotoXMI
OpenAL
Pando Media Booster
Restaurant Empire 2
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SFR
SHASTA
Sid Meier's Civilization IV Colonization
Sid Meier's Civilization V
Sins of a Solar Empire
Sins of a Solar Empire - Diplomacy
Sins of a Solar Empire - Entrenchment
skin0001
SKINXSDK
Skype Click to Call
Skype™ 5.5
Sonic Activation Module
Sound Blaster Audigy ADVANCED MB
Star Wars Empire at War
Star Wars Empire at War Forces of Corruption
StarCraft II
staticcr
Steam
TBS WMP Plug-in
The Battle for Middle-earth ™ II
The Elder Scrolls V: Skyrim
The Lord of the Rings, The Rise of the Witch-king
tooltips
Tropico 3 - Steam Special Edition
Tropico 3: Absolute Power
TVT7Diag
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
URL Assistant
User's Guides
VideoLAN VLC media player 0.8.6c
Vista Codec Package
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
VPRINTOL
Vuze
Vuze Remote Toolbar
WinAce Archiver
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR 4.01 (32-bit)
WinZip 14.5
WIRELESS
Xobni
Xobni Core
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
1/9/2012 8:35:04 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2012 8:35:04 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2012 8:35:04 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2012 8:35:02 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2012 8:35:02 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2012 8:34:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2012 8:34:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2012 8:34:46 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2012 8:34:46 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2012 5:34:48 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2012 5:34:48 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2012 5:34:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2012 5:34:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2012 2:34:49 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2012 2:34:49 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2012 2:34:49 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2012 2:34:49 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2012 11:34:52 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2012 11:34:51 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2012 11:34:51 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2012 11:34:51 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2012 11:34:48 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2012 11:34:48 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2012 11:34:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2012 11:34:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/16/2012 3:56:44 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/16/2012 3:56:44 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/16/2012 3:56:28 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/16/2012 3:56:28 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/16/2012 3:55:24 PM, Error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.
1/15/2012 9:57:10 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/15/2012 9:57:10 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/15/2012 9:57:09 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/15/2012 9:57:09 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/15/2012 5:18:05 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/15/2012 5:18:05 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/15/2012 5:18:05 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/15/2012 5:18:04 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/15/2012 5:18:03 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/15/2012 3:57:15 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/15/2012 3:57:15 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/15/2012 3:57:15 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/15/2012 3:57:15 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/15/2012 3:57:07 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the STacSV service.
1/15/2012 2:00:15 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/15/2012 2:00:15 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/15/2012 2:00:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/15/2012 2:00:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/15/2012 10:47:40 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/15/2012 10:47:40 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/15/2012 10:47:24 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/15/2012 10:47:24 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/14/2012 5:00:08 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/14/2012 5:00:08 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/14/2012 5:00:08 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/14/2012 5:00:08 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/14/2012 3:01:12 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/14/2012 3:01:12 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/14/2012 3:01:12 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/14/2012 3:01:12 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/14/2012 3:01:01 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/14/2012 2:00:12 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/14/2012 2:00:12 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/14/2012 2:00:11 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/14/2012 2:00:11 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/14/2012 11:01:47 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/14/2012 11:01:47 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/14/2012 11:01:39 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/14/2012 11:01:39 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/13/2012 8:00:03 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/13/2012 8:00:03 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/13/2012 8:00:02 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/13/2012 8:00:02 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/13/2012 7:03:30 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/13/2012 7:03:29 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/13/2012 7:03:29 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/13/2012 7:03:29 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/13/2012 7:00:58 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
1/13/2012 7:00:58 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/13/2012 5:00:13 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/13/2012 5:00:13 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/13/2012 5:00:13 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/13/2012 5:00:13 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/13/2012 2:00:16 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/13/2012 2:00:15 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/13/2012 2:00:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/13/2012 2:00:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2012 9:54:57 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2012 9:54:57 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2012 9:54:55 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2012 9:54:55 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2012 9:54:53 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2012 9:54:53 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2012 9:54:52 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2012 9:54:52 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2012 6:56:25 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2012 6:56:25 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2012 6:56:05 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2012 6:56:05 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2012 6:54:48 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2012 6:54:48 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2012 6:54:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2012 6:54:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2012 3:54:50 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2012 3:54:50 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2012 3:54:50 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2012 3:54:50 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2012 12:54:49 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2012 12:54:49 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2012 12:54:49 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2012 12:54:49 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 7:32:24 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 7:32:24 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 7:32:24 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 7:32:24 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 5:42:08 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 5:42:08 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 5:42:08 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 5:42:08 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 4:32:26 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 4:32:26 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 4:32:26 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 4:32:26 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 2:42:21 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 2:42:21 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 2:42:21 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 2:42:20 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 2:42:20 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 10:32:21 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 10:32:21 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 10:32:20 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 10:32:20 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 1:32:39 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 1:32:39 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 1:32:39 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/11/2012 1:32:39 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/10/2012 9:47:39 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/10/2012 9:47:39 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/10/2012 9:47:39 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/10/2012 9:47:39 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/10/2012 6:49:19 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/10/2012 6:49:19 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/10/2012 6:49:01 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/10/2012 6:49:01 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/10/2012 5:29:34 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/10/2012 5:29:34 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/10/2012 5:29:34 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/10/2012 5:29:34 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/10/2012 2:29:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/10/2012 2:29:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/10/2012 2:29:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/10/2012 2:29:45 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/10/2012 2:29:45 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user ThomasGagné-PC\Thomas Gagné SID (S-1-5-21-153020038-182880824-1411331282-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================


Here we go, waiting for your next post!

Thom

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:36 PM

Posted 16 January 2012 - 07:22 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 ThomofAylmer

ThomofAylmer
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 16 January 2012 - 10:51 PM

Ok that's weird! When it finished i cliqued on your e-mail and when firefox loaded it asked me if I wanted to make firefox my default browser (which it was) so combofix may have fixed something but my clicking to make it default again may have reinstalled the infection as the redirection continues...

Should I restart combofix? I'll wait for your imput!

Here's the report

ComboFix 12-01-16.05 - Thomas Gagné 01/16/2012 22:10:29.1.4 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3069.1672 [GMT -5:00]
Running from: c:\users\Thomas Gagné\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\SPL233.tmp
c:\programdata\SPL264D.tmp
c:\programdata\SPL30BE.tmp
c:\programdata\SPL38BE.tmp
c:\programdata\SPL407E.tmp
c:\programdata\SPL450F.tmp
c:\programdata\SPL4BD6.tmp
c:\programdata\SPL6F6C.tmp
c:\programdata\SPL71A6.tmp
c:\programdata\SPL77DF.tmp
c:\programdata\SPL7C86.tmp
c:\programdata\SPL7D59.tmp
c:\programdata\SPL8863.tmp
c:\programdata\SPL8BA1.tmp
c:\programdata\SPL91A8.tmp
c:\programdata\SPL9870.tmp
c:\programdata\SPL9E93.tmp
c:\programdata\SPL9EDF.tmp
c:\programdata\SPLA994.tmp
c:\programdata\SPLAB5F.tmp
c:\programdata\SPLD1EA.tmp
c:\programdata\SPLD669.tmp
c:\programdata\SPLD682.tmp
c:\programdata\SPLDD86.tmp
c:\programdata\SPLDEAA.tmp
c:\programdata\SPLE122.tmp
c:\programdata\SPLE713.tmp
c:\programdata\SPLEA9B.tmp
c:\programdata\SPLF29A.tmp
c:\programdata\SPLF329.tmp
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))
.
.
2012-01-17 03:23 . 2012-01-17 03:23 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D646085-3363-4D4B-A557-3CC944956A33}\offreg.dll
2012-01-17 03:21 . 2012-01-17 03:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-17 03:21 . 2012-01-17 03:21 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-01-17 03:21 . 2012-01-17 03:21 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2012-01-17 03:21 . 2012-01-17 03:21 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-01-17 03:21 . 2012-01-17 03:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-17 03:04 . 2012-01-17 03:05 -------- d-----w- C:\Bibitte
2012-01-16 21:05 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D646085-3363-4D4B-A557-3CC944956A33}\mpengine.dll
2012-01-11 19:54 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 19:54 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 19:54 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 19:54 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 19:54 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 19:54 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 19:54 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 19:54 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-08 21:09 . 2012-01-08 21:09 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-08 21:09 . 2012-01-08 21:09 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-08 21:09 . 2012-01-08 21:09 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-08 21:09 . 2012-01-08 21:09 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-08 00:49 . 2012-01-08 00:49 -------- d-----w- c:\program files\Microsoft LifeCam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-16 00:33 . 2011-12-16 00:33 605968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-03 14:54 . 2011-07-05 18:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37 . 2011-12-16 00:34 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2011-03-20 00:14 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-10 10:54 . 2010-07-08 13:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-08 14:42 . 2011-12-16 00:34 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 06:22 . 2011-12-16 00:34 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 06:17 . 2011-12-16 00:34 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 06:17 . 2011-12-16 00:34 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 06:17 . 2011-12-16 00:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 06:17 . 2011-12-16 00:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 05:22 . 2011-12-16 00:34 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 04:45 . 2011-12-16 00:34 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-03 04:43 . 2011-12-16 00:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01 . 2011-12-16 00:34 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01 . 2011-12-16 00:34 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 15:56 . 2011-12-16 00:34 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-08 21:09 . 2011-05-11 00:53 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 20:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 20:54 175912 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-01 68856]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-18 2969496]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-07-10 405504]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Thomas Gagné\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-6-17 419104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-24 50688]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\M:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-01 20:38]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 03:39]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 03:39]
.
2012-01-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-01-17 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1070925
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///E:/win/setup/iamce.dll
FF - ProfilePath - c:\users\Thomas Gagné\AppData\Roaming\Mozilla\Firefox\Profiles\midy8b3l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=

.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
AddRemove-{8BCAFB73-49AE-4AC4-00A1-70E4EC38BD4E} - c:\program files\Electronic Arts\The Lord of the Rings
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(9724)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\dlcxcoms.exe
c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\STacSV.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Xobni\XobniService.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wsqmcons.exe
.
**************************************************************************
.
Completion time: 2012-01-16 22:35:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-17 03:35
.
Pre-Run: 51,058,688,000 bytes free
Post-Run: 51,638,587,392 bytes free
.
- - End Of File - - 272885810700A10A74859A2470D7668E

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:36 PM

Posted 16 January 2012 - 10:58 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 ThomofAylmer

ThomofAylmer
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 16 January 2012 - 11:16 PM

23:13:46.0003 11432 TDSS rootkit removing tool 2.7.2.0 Jan 14 2012 20:07:30
23:13:46.0408 11432 ============================================================
23:13:46.0408 11432 Current date / time: 2012/01/16 23:13:46.0408
23:13:46.0408 11432 SystemInfo:
23:13:46.0408 11432
23:13:46.0408 11432 OS Version: 6.0.6002 ServicePack: 2.0
23:13:46.0408 11432 Product type: Workstation
23:13:46.0408 11432 ComputerName: THOMASGAGNÉ-PC
23:13:46.0408 11432 UserName: Thomas Gagné
23:13:46.0408 11432 Windows directory: C:\Windows
23:13:46.0408 11432 System windows directory: C:\Windows
23:13:46.0408 11432 Processor architecture: Intel x86
23:13:46.0408 11432 Number of processors: 4
23:13:46.0408 11432 Page size: 0x1000
23:13:46.0408 11432 Boot type: Normal boot
23:13:46.0408 11432 ============================================================
23:13:46.0674 11432 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400, SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
23:13:46.0814 11432 Initialize success
23:13:58.0186 12204 ============================================================
23:13:58.0186 12204 Scan started
23:13:58.0186 12204 Mode: Manual;
23:13:58.0186 12204 ============================================================
23:13:58.0732 12204 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
23:13:58.0732 12204 ACPI - ok
23:13:58.0795 12204 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
23:13:58.0810 12204 adp94xx - ok
23:13:58.0857 12204 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
23:13:58.0857 12204 adpahci - ok
23:13:58.0904 12204 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
23:13:58.0904 12204 adpu160m - ok
23:13:58.0966 12204 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
23:13:58.0966 12204 adpu320 - ok
23:13:59.0060 12204 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
23:13:59.0060 12204 AFD - ok
23:13:59.0107 12204 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
23:13:59.0107 12204 agp440 - ok
23:13:59.0154 12204 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:13:59.0154 12204 aic78xx - ok
23:13:59.0200 12204 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
23:13:59.0200 12204 aliide - ok
23:13:59.0247 12204 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
23:13:59.0247 12204 amdagp - ok
23:13:59.0278 12204 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
23:13:59.0278 12204 amdide - ok
23:13:59.0341 12204 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
23:13:59.0341 12204 AmdK7 - ok
23:13:59.0388 12204 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
23:13:59.0388 12204 AmdK8 - ok
23:13:59.0466 12204 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
23:13:59.0466 12204 arc - ok
23:13:59.0497 12204 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
23:13:59.0497 12204 arcsas - ok
23:13:59.0575 12204 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:13:59.0575 12204 AsyncMac - ok
23:13:59.0622 12204 atapi (61ca2c1e145809813c28752298cf9843) C:\Windows\system32\drivers\atapi.sys
23:13:59.0637 12204 atapi - ok
23:13:59.0715 12204 ATIAVPCI (5c82165d604269bb7cd8171a4b50288a) C:\Windows\system32\DRIVERS\atinavrr.sys
23:13:59.0746 12204 ATIAVPCI - ok
23:13:59.0902 12204 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:13:59.0902 12204 Beep - ok
23:13:59.0934 12204 blbdrive - ok
23:13:59.0996 12204 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
23:13:59.0996 12204 bowser - ok
23:14:00.0043 12204 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:14:00.0043 12204 BrFiltLo - ok
23:14:00.0074 12204 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:14:00.0074 12204 BrFiltUp - ok
23:14:00.0136 12204 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:14:00.0136 12204 Brserid - ok
23:14:00.0168 12204 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:14:00.0168 12204 BrSerWdm - ok
23:14:00.0214 12204 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:14:00.0214 12204 BrUsbMdm - ok
23:14:00.0261 12204 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:14:00.0261 12204 BrUsbSer - ok
23:14:00.0308 12204 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:14:00.0308 12204 BTHMODEM - ok
23:14:00.0402 12204 catchme - ok
23:14:00.0480 12204 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:14:00.0480 12204 cdfs - ok
23:14:00.0573 12204 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
23:14:00.0573 12204 cdrom - ok
23:14:00.0636 12204 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
23:14:00.0651 12204 circlass - ok
23:14:00.0698 12204 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
23:14:00.0714 12204 CLFS - ok
23:14:00.0760 12204 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
23:14:00.0760 12204 cmdide - ok
23:14:00.0792 12204 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
23:14:00.0792 12204 Compbatt - ok
23:14:00.0823 12204 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
23:14:00.0838 12204 crcdisk - ok
23:14:00.0885 12204 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
23:14:00.0901 12204 Crusoe - ok
23:14:00.0979 12204 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
23:14:00.0994 12204 CSC - ok
23:14:01.0057 12204 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
23:14:01.0057 12204 DfsC - ok
23:14:01.0150 12204 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
23:14:01.0150 12204 disk - ok
23:14:01.0244 12204 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:14:01.0244 12204 drmkaud - ok
23:14:01.0322 12204 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
23:14:01.0322 12204 DSproct - ok
23:14:01.0416 12204 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
23:14:01.0416 12204 dsunidrv - ok
23:14:01.0478 12204 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
23:14:01.0509 12204 DXGKrnl - ok
23:14:01.0572 12204 e1express (9f3e3f19d28b3b4ff261a1e758f4ad26) C:\Windows\system32\DRIVERS\e1e6032.sys
23:14:01.0572 12204 e1express - ok
23:14:01.0603 12204 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:14:01.0618 12204 E1G60 - ok
23:14:01.0681 12204 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
23:14:01.0681 12204 Ecache - ok
23:14:01.0790 12204 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:14:01.0790 12204 eeCtrl - ok
23:14:01.0884 12204 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
23:14:01.0884 12204 elxstor - ok
23:14:01.0946 12204 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
23:14:01.0946 12204 exfat - ok
23:14:01.0993 12204 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
23:14:02.0008 12204 fastfat - ok
23:14:02.0024 12204 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
23:14:02.0024 12204 fdc - ok
23:14:02.0118 12204 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:14:02.0118 12204 FileInfo - ok
23:14:02.0180 12204 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:14:02.0180 12204 Filetrace - ok
23:14:02.0242 12204 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
23:14:02.0242 12204 flpydisk - ok
23:14:02.0305 12204 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
23:14:02.0305 12204 FltMgr - ok
23:14:02.0430 12204 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
23:14:02.0430 12204 Fs_Rec - ok
23:14:02.0476 12204 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
23:14:02.0492 12204 fvevol - ok
23:14:02.0523 12204 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
23:14:02.0523 12204 gagp30kx - ok
23:14:02.0664 12204 hamachi (d30b31375c40309425c21efe75db90bb) C:\Windows\system32\DRIVERS\hamachi.sys
23:14:02.0664 12204 hamachi - ok
23:14:02.0757 12204 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:14:02.0757 12204 HDAudBus - ok
23:14:02.0804 12204 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:14:02.0804 12204 HidBth - ok
23:14:02.0866 12204 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
23:14:02.0866 12204 HidIr - ok
23:14:02.0960 12204 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
23:14:02.0960 12204 HidUsb - ok
23:14:03.0007 12204 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
23:14:03.0007 12204 HpCISSs - ok
23:14:03.0085 12204 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
23:14:03.0100 12204 HSF_DPV - ok
23:14:03.0147 12204 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
23:14:03.0147 12204 HSXHWBS2 - ok
23:14:03.0210 12204 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
23:14:03.0210 12204 HTTP - ok
23:14:03.0241 12204 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
23:14:03.0241 12204 i2omp - ok
23:14:03.0319 12204 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:14:03.0319 12204 i8042prt - ok
23:14:03.0366 12204 iaStor (e9f704ca833bd24bfaa3b4a59707633a) C:\Windows\system32\drivers\iastor.sys
23:14:03.0381 12204 iaStor - ok
23:14:03.0412 12204 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
23:14:03.0428 12204 iaStorV - ok
23:14:03.0475 12204 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:14:03.0475 12204 iirsp - ok
23:14:03.0553 12204 IntelDH (b7a420e4b137176234272d5ca9d51a49) C:\Windows\system32\Drivers\IntelDH.sys
23:14:03.0553 12204 IntelDH - ok
23:14:03.0600 12204 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\drivers\intelide.sys
23:14:03.0600 12204 intelide - ok
23:14:03.0678 12204 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:14:03.0678 12204 intelppm - ok
23:14:03.0740 12204 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:14:03.0740 12204 IpFilterDriver - ok
23:14:03.0771 12204 IpInIp - ok
23:14:03.0818 12204 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
23:14:03.0818 12204 IPMIDRV - ok
23:14:03.0896 12204 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:14:03.0896 12204 IPNAT - ok
23:14:03.0974 12204 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:14:03.0974 12204 IRENUM - ok
23:14:04.0021 12204 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
23:14:04.0021 12204 isapnp - ok
23:14:04.0114 12204 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
23:14:04.0114 12204 iScsiPrt - ok
23:14:04.0146 12204 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:14:04.0161 12204 iteatapi - ok
23:14:04.0192 12204 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:14:04.0192 12204 iteraid - ok
23:14:04.0270 12204 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:14:04.0270 12204 kbdclass - ok
23:14:04.0317 12204 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
23:14:04.0317 12204 kbdhid - ok
23:14:04.0380 12204 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
23:14:04.0380 12204 KSecDD - ok
23:14:04.0426 12204 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:14:04.0426 12204 lltdio - ok
23:14:04.0473 12204 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
23:14:04.0473 12204 LSI_FC - ok
23:14:04.0520 12204 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
23:14:04.0520 12204 LSI_SAS - ok
23:14:04.0567 12204 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
23:14:04.0567 12204 LSI_SCSI - ok
23:14:04.0629 12204 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:14:04.0629 12204 luafv - ok
23:14:04.0707 12204 lvpopflt (900b76894c81cbf876cd605448b06959) C:\Windows\system32\DRIVERS\lvpopflt.sys
23:14:04.0707 12204 lvpopflt - ok
23:14:04.0801 12204 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\Windows\system32\Drivers\LVPr2Mon.sys
23:14:04.0801 12204 LVPr2Mon - ok
23:14:04.0863 12204 LVRS (e22fd7852e74f04cceb6b8a684a51f3e) C:\Windows\system32\DRIVERS\lvrs.sys
23:14:04.0910 12204 LVRS - ok
23:14:04.0988 12204 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\Windows\system32\drivers\LVUSBSta.sys
23:14:04.0988 12204 LVUSBSta - ok
23:14:05.0206 12204 LVUVC (e89df2b88ee659954de79827ddf46dc9) C:\Windows\system32\DRIVERS\lvuvc.sys
23:14:05.0394 12204 LVUVC - ok
23:14:05.0456 12204 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:14:05.0456 12204 mdmxsdk - ok
23:14:05.0534 12204 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
23:14:05.0534 12204 megasas - ok
23:14:05.0612 12204 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:14:05.0612 12204 Modem - ok
23:14:05.0690 12204 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:14:05.0690 12204 monitor - ok
23:14:05.0752 12204 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:14:05.0752 12204 mouclass - ok
23:14:05.0799 12204 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:14:05.0815 12204 mouhid - ok
23:14:05.0862 12204 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:14:05.0862 12204 MountMgr - ok
23:14:05.0924 12204 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
23:14:05.0924 12204 MpFilter - ok
23:14:05.0971 12204 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
23:14:05.0971 12204 mpio - ok
23:14:06.0018 12204 MpKsl2327d381 - ok
23:14:06.0033 12204 MpKsl4414cf10 - ok
23:14:06.0049 12204 MpKsl926beeef - ok
23:14:06.0049 12204 MpKsl9da7b092 - ok
23:14:06.0064 12204 MpKsla9e93dbb - ok
23:14:06.0080 12204 MpKslb1b69621 - ok
23:14:06.0080 12204 MpKslc542e99b - ok
23:14:06.0096 12204 MpKslce7b03f7 - ok
23:14:06.0096 12204 MpKsld3d61ddd - ok
23:14:06.0127 12204 MpKsld6d94c08 - ok
23:14:06.0142 12204 MpKslec51ad12 - ok
23:14:06.0142 12204 MpKslef2959f3 - ok
23:14:06.0267 12204 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
23:14:06.0267 12204 MpNWMon - ok
23:14:06.0330 12204 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:14:06.0330 12204 mpsdrv - ok
23:14:06.0376 12204 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:14:06.0376 12204 Mraid35x - ok
23:14:06.0454 12204 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
23:14:06.0470 12204 MRxDAV - ok
23:14:06.0532 12204 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:14:06.0532 12204 mrxsmb - ok
23:14:06.0595 12204 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:14:06.0595 12204 mrxsmb10 - ok
23:14:06.0626 12204 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:14:06.0626 12204 mrxsmb20 - ok
23:14:06.0657 12204 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
23:14:06.0657 12204 msahci - ok
23:14:06.0704 12204 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
23:14:06.0704 12204 msdsm - ok
23:14:06.0766 12204 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:14:06.0766 12204 Msfs - ok
23:14:06.0829 12204 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:14:06.0844 12204 msisadrv - ok
23:14:06.0938 12204 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:14:06.0938 12204 MSKSSRV - ok
23:14:06.0954 12204 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:14:06.0954 12204 MSPCLOCK - ok
23:14:07.0016 12204 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:14:07.0016 12204 MSPQM - ok
23:14:07.0078 12204 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
23:14:07.0078 12204 MsRPC - ok
23:14:07.0125 12204 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:14:07.0125 12204 mssmbios - ok
23:14:07.0188 12204 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:14:07.0188 12204 MSTEE - ok
23:14:07.0266 12204 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
23:14:07.0266 12204 Mup - ok
23:14:07.0344 12204 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
23:14:07.0344 12204 NativeWifiP - ok
23:14:07.0437 12204 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
23:14:07.0453 12204 NDIS - ok
23:14:07.0546 12204 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:14:07.0562 12204 NdisTapi - ok
23:14:07.0609 12204 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:14:07.0609 12204 Ndisuio - ok
23:14:07.0671 12204 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:14:07.0671 12204 NdisWan - ok
23:14:07.0734 12204 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:14:07.0734 12204 NDProxy - ok
23:14:07.0796 12204 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:14:07.0796 12204 NetBIOS - ok
23:14:07.0843 12204 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
23:14:07.0843 12204 netbt - ok
23:14:07.0905 12204 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:14:07.0905 12204 nfrd960 - ok
23:14:07.0983 12204 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:14:07.0983 12204 NisDrv - ok
23:14:08.0030 12204 nmsgopro (acc8d7fc0da793450f5f257d9ce4ff75) C:\Windows\system32\DRIVERS\nmsgopro.sys
23:14:08.0030 12204 nmsgopro - ok
23:14:08.0046 12204 nmsunidr (64fa28c15dd71a80bef3527e1ef07df6) C:\Windows\system32\DRIVERS\nmsunidr.sys
23:14:08.0046 12204 nmsunidr - ok
23:14:08.0124 12204 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
23:14:08.0124 12204 Npfs - ok
23:14:08.0186 12204 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:14:08.0186 12204 nsiproxy - ok
23:14:08.0264 12204 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
23:14:08.0264 12204 Ntfs - ok
23:14:08.0311 12204 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:14:08.0311 12204 ntrigdigi - ok
23:14:08.0358 12204 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:14:08.0373 12204 Null - ok
23:14:08.0638 12204 nvlddmkm (1f144bd1fecb52fe4dc18fafe70ff7af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:14:08.0857 12204 nvlddmkm - ok
23:14:08.0966 12204 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
23:14:08.0966 12204 nvraid - ok
23:14:08.0997 12204 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
23:14:08.0997 12204 nvstor - ok
23:14:09.0060 12204 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
23:14:09.0060 12204 nv_agp - ok
23:14:09.0091 12204 NwlnkFlt - ok
23:14:09.0106 12204 NwlnkFwd - ok
23:14:09.0138 12204 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
23:14:09.0153 12204 ohci1394 - ok
23:14:09.0200 12204 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:14:09.0200 12204 Parport - ok
23:14:09.0278 12204 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
23:14:09.0278 12204 partmgr - ok
23:14:09.0325 12204 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:14:09.0325 12204 Parvdm - ok
23:14:09.0387 12204 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
23:14:09.0387 12204 pci - ok
23:14:09.0434 12204 pciide (eb03c52c1cc6ffc31757e0a69fffd5b6) C:\Windows\system32\drivers\pciide.sys
23:14:09.0434 12204 pciide - ok
23:14:09.0481 12204 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:14:09.0481 12204 pcmcia - ok
23:14:09.0528 12204 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:14:09.0559 12204 PEAUTH - ok
23:14:09.0652 12204 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:14:09.0652 12204 PptpMiniport - ok
23:14:09.0668 12204 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
23:14:09.0668 12204 Processor - ok
23:14:09.0746 12204 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
23:14:09.0746 12204 PSched - ok
23:14:09.0793 12204 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
23:14:09.0793 12204 ql2300 - ok
23:14:09.0855 12204 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:14:09.0855 12204 ql40xx - ok
23:14:09.0933 12204 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:14:09.0933 12204 QWAVEdrv - ok
23:14:10.0027 12204 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
23:14:10.0074 12204 R300 - ok
23:14:10.0152 12204 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:14:10.0152 12204 RasAcd - ok
23:14:10.0230 12204 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:14:10.0230 12204 Rasl2tp - ok
23:14:10.0292 12204 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
23:14:10.0308 12204 RasPppoe - ok
23:14:10.0370 12204 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
23:14:10.0370 12204 RasSstp - ok
23:14:10.0464 12204 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
23:14:10.0464 12204 rdbss - ok
23:14:10.0526 12204 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:14:10.0542 12204 RDPCDD - ok
23:14:10.0604 12204 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
23:14:10.0604 12204 rdpdr - ok
23:14:10.0635 12204 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:14:10.0635 12204 RDPENCDD - ok
23:14:10.0698 12204 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
23:14:10.0698 12204 RDPWD - ok
23:14:10.0776 12204 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
23:14:10.0791 12204 RimUsb - ok
23:14:10.0885 12204 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
23:14:10.0885 12204 RimVSerPort - ok
23:14:10.0932 12204 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
23:14:10.0932 12204 ROOTMODEM - ok
23:14:10.0994 12204 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:14:10.0994 12204 rspndr - ok
23:14:11.0041 12204 RT73 (7436bfd3a542cf6ff55097200031b293) C:\Windows\system32\DRIVERS\rt73.sys
23:14:11.0041 12204 RT73 - ok
23:14:11.0103 12204 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:14:11.0119 12204 sbp2port - ok
23:14:11.0134 12204 SDDMI2 - ok
23:14:11.0197 12204 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:14:11.0197 12204 secdrv - ok
23:14:11.0228 12204 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:14:11.0228 12204 Serenum - ok
23:14:11.0259 12204 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
23:14:11.0259 12204 Serial - ok
23:14:11.0337 12204 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:14:11.0337 12204 sermouse - ok
23:14:11.0384 12204 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
23:14:11.0384 12204 sffdisk - ok
23:14:11.0400 12204 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
23:14:11.0400 12204 sffp_mmc - ok
23:14:11.0431 12204 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
23:14:11.0431 12204 sffp_sd - ok
23:14:11.0478 12204 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:14:11.0478 12204 sfloppy - ok
23:14:11.0540 12204 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
23:14:11.0540 12204 sisagp - ok
23:14:11.0571 12204 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
23:14:11.0571 12204 SiSRaid2 - ok
23:14:11.0618 12204 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
23:14:11.0618 12204 SiSRaid4 - ok
23:14:11.0680 12204 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
23:14:11.0680 12204 Smb - ok
23:14:11.0743 12204 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:14:11.0743 12204 spldr - ok
23:14:11.0821 12204 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
23:14:11.0821 12204 srv - ok
23:14:11.0899 12204 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
23:14:11.0899 12204 srv2 - ok
23:14:11.0930 12204 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
23:14:11.0930 12204 srvnet - ok
23:14:12.0039 12204 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
23:14:12.0039 12204 STHDA - ok
23:14:12.0133 12204 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:14:12.0133 12204 swenum - ok
23:14:12.0195 12204 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:14:12.0195 12204 Symc8xx - ok
23:14:12.0242 12204 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:14:12.0242 12204 Sym_hi - ok
23:14:12.0289 12204 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:14:12.0289 12204 Sym_u3 - ok
23:14:12.0382 12204 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
23:14:12.0382 12204 Tcpip - ok
23:14:12.0445 12204 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
23:14:12.0445 12204 Tcpip6 - ok
23:14:12.0476 12204 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
23:14:12.0476 12204 tcpipreg - ok
23:14:12.0554 12204 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:14:12.0554 12204 TDPIPE - ok
23:14:12.0632 12204 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:14:12.0632 12204 TDTCP - ok
23:14:12.0694 12204 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
23:14:12.0694 12204 tdx - ok
23:14:12.0757 12204 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
23:14:12.0757 12204 TermDD - ok
23:14:12.0944 12204 TSHWMDTCP (3f6dc449398b21c213dcdd18f460df72) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
23:14:12.0944 12204 TSHWMDTCP - ok
23:14:13.0006 12204 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:14:13.0006 12204 tssecsrv - ok
23:14:13.0084 12204 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:14:13.0084 12204 tunmp - ok
23:14:13.0116 12204 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
23:14:13.0116 12204 tunnel - ok
23:14:13.0178 12204 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
23:14:13.0178 12204 uagp35 - ok
23:14:13.0240 12204 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
23:14:13.0256 12204 udfs - ok
23:14:13.0303 12204 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
23:14:13.0303 12204 uliagpkx - ok
23:14:13.0350 12204 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
23:14:13.0350 12204 uliahci - ok
23:14:13.0396 12204 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:14:13.0396 12204 UlSata - ok
23:14:13.0490 12204 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:14:13.0521 12204 ulsata2 - ok
23:14:13.0584 12204 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:14:13.0584 12204 umbus - ok
23:14:13.0662 12204 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
23:14:13.0662 12204 usbaudio - ok
23:14:13.0755 12204 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:14:13.0755 12204 usbccgp - ok
23:14:13.0818 12204 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
23:14:13.0818 12204 usbcir - ok
23:14:13.0880 12204 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
23:14:13.0880 12204 usbehci - ok
23:14:13.0942 12204 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
23:14:13.0942 12204 usbhub - ok
23:14:13.0989 12204 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
23:14:13.0989 12204 usbohci - ok
23:14:14.0052 12204 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
23:14:14.0052 12204 usbprint - ok
23:14:14.0130 12204 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
23:14:14.0130 12204 usbscan - ok
23:14:14.0176 12204 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:14:14.0176 12204 USBSTOR - ok
23:14:14.0239 12204 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
23:14:14.0239 12204 usbuhci - ok
23:14:14.0301 12204 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
23:14:14.0301 12204 usbvideo - ok
23:14:14.0364 12204 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
23:14:14.0364 12204 vga - ok
23:14:14.0410 12204 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:14:14.0410 12204 VgaSave - ok
23:14:14.0473 12204 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
23:14:14.0473 12204 viaagp - ok
23:14:14.0566 12204 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
23:14:14.0566 12204 ViaC7 - ok
23:14:14.0613 12204 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
23:14:14.0613 12204 viaide - ok
23:14:14.0660 12204 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:14:14.0660 12204 volmgr - ok
23:14:14.0722 12204 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
23:14:14.0722 12204 volmgrx - ok
23:14:14.0816 12204 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
23:14:14.0816 12204 volsnap - ok
23:14:14.0878 12204 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
23:14:14.0878 12204 vsmraid - ok
23:14:14.0925 12204 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:14:14.0925 12204 WacomPen - ok
23:14:14.0988 12204 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:14:14.0988 12204 Wanarp - ok
23:14:14.0988 12204 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:14:14.0988 12204 Wanarpv6 - ok
23:14:15.0034 12204 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
23:14:15.0034 12204 Wd - ok
23:14:15.0112 12204 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:14:15.0112 12204 Wdf01000 - ok
23:14:15.0159 12204 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
23:14:15.0175 12204 winachsf - ok
23:14:15.0206 12204 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
23:14:15.0206 12204 WmiAcpi - ok
23:14:15.0268 12204 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
23:14:15.0268 12204 WpdUsb - ok
23:14:15.0331 12204 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:14:15.0331 12204 ws2ifsl - ok
23:14:15.0424 12204 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:14:15.0424 12204 WUDFRd - ok
23:14:15.0471 12204 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
23:14:15.0471 12204 XAudio - ok
23:14:15.0518 12204 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:14:15.0565 12204 \Device\Harddisk0\DR0 - ok
23:14:15.0580 12204 Boot (0x1200) (e68d6e283e78e7c2dbf725cfaa4dfe64) \Device\Harddisk0\DR0\Partition0
23:14:15.0580 12204 \Device\Harddisk0\DR0\Partition0 - ok
23:14:15.0580 12204 Boot (0x1200) (d30c769fd7982c8fef5e12d9ee5659b5) \Device\Harddisk0\DR0\Partition1
23:14:15.0580 12204 \Device\Harddisk0\DR0\Partition1 - ok
23:14:15.0580 12204 ============================================================
23:14:15.0580 12204 Scan finished
23:14:15.0580 12204 ============================================================
23:14:15.0596 10360 Detected object count: 0
23:14:15.0596 10360 Actual detected object count: 0

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:36 PM

Posted 16 January 2012 - 11:38 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 ThomofAylmer

ThomofAylmer
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 17 January 2012 - 06:58 AM

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-17 00:09:16
-----------------------------
00:09:16.831 OS Version: Windows 6.0.6002 Service Pack 2
00:09:16.831 Number of processors: 4 586 0xF0B
00:09:16.831 ComputerName: THOMASGAGNÉ-PC UserName: Thomas Gagné
00:09:33.055 Initialize success
00:11:29.922 AVAST engine defs: 12011601
00:11:37.332 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
00:11:37.332 Disk 0 Vendor: ST325082 3.AD Size: 238418MB BusType: 3
00:11:37.363 Disk 0 MBR read successfully
00:11:37.363 Disk 0 MBR scan
00:11:37.363 Disk 0 Windows VISTA default MBR code
00:11:37.363 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
00:11:37.379 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 129024
00:11:37.395 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 228114 MB offset 21100544
00:11:37.395 Disk 0 scanning sectors +488278016
00:11:37.519 Disk 0 scanning C:\Windows\system32\drivers
00:11:49.984 Service scanning
00:11:50.639 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
00:11:51.247 Modules scanning
00:11:58.876 Disk 0 trace - called modules:
00:11:58.891 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
00:11:58.907 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861a15c8]
00:11:58.907 3 CLASSPNP.SYS[8afcd8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x866c4030]
00:11:59.890 AVAST engine scan C:\Windows
00:12:03.447 AVAST engine scan C:\Windows\system32
00:14:31.756 AVAST engine scan C:\Windows\system32\drivers
00:14:43.971 AVAST engine scan C:\Users\Thomas Gagné
00:58:53.771 AVAST engine scan C:\ProgramData
01:06:08.106 File: C:\ProgramData\gtazizcj\wrkpgdgf.exe.bak **INFECTED** Win32:PureMorph [Cryp]
01:18:12.523 Scan finished successfully
06:54:01.093 Disk 0 MBR has been saved successfully to "C:\Users\Thomas Gagné\Desktop\MBR.dat"
06:54:01.093 The log file has been saved successfully to "C:\Users\Thomas Gagné\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:36 PM

Posted 17 January 2012 - 07:47 AM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

Folder::
C:\ProgramData\gtazizcj

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 ThomofAylmer

ThomofAylmer
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 17 January 2012 - 05:12 PM

Again it's asking be to make firefox default, this time I answered no, but the same problems start right away, re-direction, pop-ups, it might be working close to the problem but doesn't fix it!

Here's the combofix log:

ComboFix 12-01-17.01 - Thomas Gagné 01/17/2012 16:53:53.2.4 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3069.1817 [GMT -5:00]
Running from: c:\users\Thomas GagnT\Desktop\ComboFix.exe
Command switches used :: c:\users\Thomas GagnT\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))
.
.
2012-01-17 22:04 . 2012-01-17 22:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-17 22:04 . 2012-01-17 22:04 -------- d-----w- c:\users\Ti-Guy!\AppData\Local\temp
2012-01-17 22:04 . 2012-01-17 22:04 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-01-17 22:04 . 2012-01-17 22:04 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2012-01-17 22:04 . 2012-01-17 22:04 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-01-17 22:04 . 2012-01-17 22:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-17 21:15 . 2012-01-17 21:15 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{796CF25D-7604-4DF1-A7F2-9230D463D3D0}\offreg.dll
2012-01-17 21:15 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{796CF25D-7604-4DF1-A7F2-9230D463D3D0}\mpengine.dll
2012-01-17 03:35 . 2012-01-17 03:35 -------- d-----w- c:\users\Thomas_Gagné\AppData
2012-01-17 03:04 . 2012-01-17 03:05 -------- d-----w- C:\Bibitte
2012-01-11 19:54 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 19:54 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 19:54 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 19:54 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 19:54 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 19:54 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 19:54 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 19:54 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-08 21:09 . 2012-01-08 21:09 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-08 21:09 . 2012-01-08 21:09 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-08 21:09 . 2012-01-08 21:09 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-08 21:09 . 2012-01-08 21:09 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-08 00:49 . 2012-01-08 00:49 -------- d-----w- c:\program files\Microsoft LifeCam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-16 00:33 . 2011-12-16 00:33 605968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-03 14:54 . 2011-07-05 18:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37 . 2011-12-16 00:34 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2011-03-20 00:14 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-10 10:54 . 2010-07-08 13:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-08 14:42 . 2011-12-16 00:34 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 06:22 . 2011-12-16 00:34 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 06:17 . 2011-12-16 00:34 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 06:17 . 2011-12-16 00:34 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 06:17 . 2011-12-16 00:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 06:17 . 2011-12-16 00:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 05:22 . 2011-12-16 00:34 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 04:45 . 2011-12-16 00:34 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-03 04:43 . 2011-12-16 00:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01 . 2011-12-16 00:34 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01 . 2011-12-16 00:34 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 15:56 . 2011-12-16 00:34 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-08 21:09 . 2011-05-11 00:53 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 20:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 20:54 175912 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-01 68856]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-18 2969496]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-07-10 405504]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Thomas Gagné\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-6-17 419104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-24 50688]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\M:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-01 20:38]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 03:39]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 03:39]
.
2012-01-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-01-17 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1070925
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///E:/win/setup/iamce.dll
FF - ProfilePath - c:\users\Thomas Gagné\AppData\Roaming\Mozilla\Firefox\Profiles\midy8b3l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=

.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2696)
c:\program files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp4_ds.ax
c:\program files\Research In Motion\BlackBerry Desktop\Codecs\mc_demux_mp2_ds.ax
c:\program files\VistaCodecPack\filters\VSFilter.dll
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\umc_vob_source_filter.ax
c:\program files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_amr_ds.ax
c:\program files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_amr.dll
c:\program files\VistaCodecPack\filters\MP4Splitter.dll
c:\program files\VistaCodecPack\filters\RealMediaSplitter.ax
c:\program files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mpa_ds.ax
c:\program files\Research In Motion\BlackBerry Desktop\Codecs\mc_dec_mpa.dll
c:\program files\VistaCodecPack\filters\FLVSplitter.ax
c:\program files\VistaCodecPack\filters\splitter.ax
c:\program files\VistaCodecPack\filters\mkunicode.dll
c:\program files\VistaCodecPack\filters\mkzlib.dll
c:\program files\Research In Motion\BlackBerry Desktop\Codecs\mc_trans_video_framerate_ds.ax
.
Completion time: 2012-01-17 17:07:29
ComboFix-quarantined-files.txt 2012-01-17 22:07
ComboFix2.txt 2012-01-17 03:35
.
Pre-Run: 49,401,597,952 bytes free
Post-Run: 49,415,524,352 bytes free
.
- - End Of File - - BCD12EC1BCD54848758DEA294FC2697D

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:36 PM

Posted 17 January 2012 - 05:46 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users