Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dmwu.exe trying to comm w/ c:\WINDOWS\Exporer.EXE


  • Please log in to reply
9 replies to this topic

#1 scottie1105

scottie1105

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 09 July 2013 - 11:04 AM

zone alarm gave me the message "dmwu.exe is trying to communicate with c:\WINDOWS\Exporer.EXE by opening its process"

search about this executable and found it was malware and need help removing.  Was trying to d/l some bid sheets from Cnet.com and installed some additional toolbars...assuming thats where the problem started.

 

windows xp pro  service pack 3  pent 4  2.66 Ghrz  512 mb ram


Edited by hamluis, 09 July 2013 - 11:44 AM.
Moved from XP to Am I infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:37 AM

Posted 09 July 2013 - 01:10 PM

Do you use Incredimail?
 
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 
Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)
Do not change the default options on scan results.
 
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 scottie1105

scottie1105
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 09 July 2013 - 11:20 PM

no, i do not have incredimail.  But I did complete all of the scans...

 

MiniToolBox by Farbar  Version: 16-06-2013
Ran by Administrator (administrator) on 09-07-2013 at 22:56:09
Running from "C:\Documents and Settings\Administrator\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Apple Mobile Device Ethernet = Local Area Connection 2 (Connected)
3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX) = Local Area Connection (Media disconnected)
Windows IP Configuration        Host Name . . . . . . . . . . . . : 12345-f57c2c76f        Primary Dns Suffix  . . . . . . . :         Node Type . . . . . . . . . . . . : Unknown        IP Routing Enabled. . . . . . . . : Yes        WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection:        Media State . . . . . . . . . . . : Media disconnected        Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX)        Physical Address. . . . . . . . . : 00-04-75-BD-8D-A5Ethernet adapter Local Area Connection 2:        Connection-specific DNS Suffix  . :         Description . . . . . . . . . . . : Apple Mobile Device Ethernet        Physical Address. . . . . . . . . : C2-9F-42-DB-A2-2D        Dhcp Enabled. . . . . . . . . . . : Yes        Autoconfiguration Enabled . . . . : Yes        IP Address. . . . . . . . . . . . : 172.20.10.3        Subnet Mask . . . . . . . . . . . : 255.255.255.240        Default Gateway . . . . . . . . . : 172.20.10.1        DHCP Server . . . . . . . . . . . : 172.20.10.1        DNS Servers . . . . . . . . . . . : 172.26.38.1                                            172.26.38.2        Lease Obtained. . . . . . . . . . : Tuesday, July 09, 2013 10:45:09 PM        Lease Expires . . . . . . . . . . : Wednesday, July 10, 2013 10:30:45 PMServer:  UnKnown
Address:  172.26.38.1
 
Name:    google.com
Addresses:  74.125.225.142, 74.125.225.135, 74.125.225.133, 74.125.225.130
 74.125.225.137, 74.125.225.132, 74.125.225.136, 74.125.225.134, 74.125.225.129
 74.125.225.128, 74.125.225.131
 
Pinging google.com [74.125.225.133] with 32 bytes of data:Reply from 74.125.225.133: bytes=32 time=141ms TTL=50Reply from 74.125.225.133: bytes=32 time=162ms TTL=50Ping statistics for 74.125.225.133:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 141ms, Maximum = 162ms, Average = 151msServer:  UnKnown
Address:  172.26.38.1
 
Name:    yahoo.com
Addresses:  98.138.253.109, 206.190.36.45, 98.139.183.24
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:Reply from 206.190.36.45: bytes=32 time=196ms TTL=44Reply from 206.190.36.45: bytes=32 time=251ms TTL=44Ping statistics for 206.190.36.45:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 196ms, Maximum = 251ms, Average = 223msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 04 75 bd 8d a5 ...... 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX) - Packet Scheduler Miniport
0x10004 ...c2 9f 42 db a2 2d ...... Apple Mobile Device Ethernet - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      172.20.10.1     172.20.10.3   40
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
      169.254.0.0      255.255.0.0      172.20.10.3     172.20.10.3   20
      172.20.10.0  255.255.255.240      172.20.10.3     172.20.10.3   40
      172.20.10.3  255.255.255.255        127.0.0.1       127.0.0.1   40
   172.20.255.255  255.255.255.255      172.20.10.3     172.20.10.3   40
        224.0.0.0        240.0.0.0      172.20.10.3     172.20.10.3   40
  255.255.255.255  255.255.255.255      172.20.10.3               2   1
  255.255.255.255  255.255.255.255      172.20.10.3     172.20.10.3   1
Default Gateway:       172.20.10.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/09/2013 03:49:42 AM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)
 
Error: (07/09/2013 03:48:37 AM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)
 
Error: (07/04/2013 07:36:46 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.
 
Error: (07/04/2013 07:36:46 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
 
Error: (07/04/2013 07:29:11 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.
 
Error: (07/04/2013 07:29:11 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
 
Error: (12/02/2003 00:01:58 AM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.
 
Error: (12/02/2003 00:01:58 AM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
 
Error: (06/28/2013 01:04:38 AM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.
 
Error: (06/28/2013 01:04:38 AM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
 
 
System errors:
=============
Error: (07/09/2013 11:16:39 AM) (Source: Print) (User: 12345-F57C2C76F)
Description: The document Full page fax print owned by Administrator failed to print on printer Lexmark 730 Series. Data type: LEMF. Size of the spool file in bytes: 491540. Number of bytes printed: 491540. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\12345-F57C2C76F. Win32 error code returned by the print processor: Full page fax print0. Full page fax print1
 
Error: (07/09/2013 11:14:04 AM) (Source: Print) (User: 12345-F57C2C76F)
Description: The document Full page fax print owned by Administrator failed to print on printer Lexmark 730 Series. Data type: LEMF. Size of the spool file in bytes: 491540. Number of bytes printed: 491540. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\12345-F57C2C76F. Win32 error code returned by the print processor: Full page fax print0. Full page fax print1
 
Error: (07/04/2013 10:33:52 PM) (Source: 0) (User: )
Description: \Device\MrwR00000000
 
Error: (07/04/2013 09:27:56 PM) (Source: DCOM) (User: 12345-F57C2C76F)
Description: DCOM got error "%%1055" attempting to start the service iPod Service with arguments ""
in order to run the server:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}
 
Error: (07/04/2013 07:35:55 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1
 
Error: (07/04/2013 07:35:55 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1
 
Error: (07/04/2013 07:29:40 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1
 
Error: (07/04/2013 07:29:40 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1
 
Error: (07/04/2013 07:29:23 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1
 
Error: (07/04/2013 07:29:13 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1
 
 
Microsoft Office Sessions:
=========================
Error: (07/09/2013 03:49:42 AM) (Source: CltMngSvc)(User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)
 
Error: (07/09/2013 03:48:37 AM) (Source: CltMngSvc)(User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)
 
Error: (07/04/2013 07:36:46 PM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl
 
Error: (07/04/2013 07:36:46 PM) (Source: LoadPerf)(User: )
Description: Performance
 
Error: (07/04/2013 07:29:11 PM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl
 
Error: (07/04/2013 07:29:11 PM) (Source: LoadPerf)(User: )
Description: Performance
 
Error: (12/02/2003 00:01:58 AM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl
 
Error: (12/02/2003 00:01:58 AM) (Source: LoadPerf)(User: )
Description: Performance
 
Error: (06/28/2013 01:04:38 AM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl
 
Error: (06/28/2013 01:04:38 AM) (Source: LoadPerf)(User: )
Description: Performance
 
 
=========================== Installed Programs ============================
 
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Ahead InCD EasyWrite Reader
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Bid-n-Invoice Basic Invoice version 6 (Version: 6)
Bonjour (Version: 3.0.0.10)
Business-in-a-Box (Version: 5.0.4)
EZ-Forms-Contractor TestDrive
Google Chrome (Version: 27.0.1453.116)
Google Update Helper (Version: 1.3.21.145)
Intel® Extreme Graphics Driver
Internet Explorer Toolbar 4.8 by SweetPacks (Version: 4.8.0000)
iTunes (Version: 11.0.4.4)
Lexmark 730 Series
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Service Pack 1 (Version: 1.1.4322)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
Nero Media Player
Nero OEM
NeroVision Express 2
QuickTime (Version: 7.74.80.86)
Search Protect by conduit (Version: 1.5.0.71)
SoundMAX (Version: 5.12.01.5246)
SweetPacks Updater Service (Version: 3.0.5.5)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Updater By SweetPacks 2.0.0.586 (Version: 2.0.0.586)
Who Wants To Be A Millionaire Sports Edition
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Wondershare Player(Build 1.0.2) (Version: 1.0.2.1)
Wondershare Video Editor(Build 3.1.3)
ZoneAlarm Do Not Track Add-on 2.2.5.1213 (Version: 2.2.5.1213)
ZoneAlarm Firewall (Version: 11.0.000.054)
ZoneAlarm Free Firewall (Version: 11.0.000.054)
ZoneAlarm LTD Toolbar
ZoneAlarm Security (Version: 11.0.000.054)
ZoneAlarm Security Toolbar 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 76%
Total physical RAM: 510 MB
Available physical RAM: 117.55 MB
Total Pagefile: 1248.75 MB
Available Pagefile: 754.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.41 MB
 
========================= Partitions: =====================================
 
2 Drive c: () (Fixed) (Total:74.5 GB) (Free:58.29 GB) NTFS
3 Drive d: () (Fixed) (Total:74.52 GB) (Free:72.67 GB) NTFS
4 Drive e: (Sportsmil) (CDROM) (Total:0.54 GB) (Free:0 GB) CDFS
 
========================= Users: ========================================
 
User accounts for \\12345-F57C2C76F
 
Administrator            ASPNET                   Guest                    
HelpAssistant            Scottie                  
 
 
**** End of log ****
 

 

 

 

23:06:14.0359 0912  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
23:06:16.0375 0912  ============================================================
23:06:16.0375 0912  Current date / time: 2013/07/09 23:06:16.0375
23:06:16.0375 0912  SystemInfo:
23:06:16.0375 0912  
23:06:16.0375 0912  OS Version: 5.1.2600 ServicePack: 3.0
23:06:16.0375 0912  Product type: Workstation
23:06:16.0375 0912  ComputerName: 12345-F57C2C76F
23:06:16.0375 0912  UserName: Administrator
23:06:16.0375 0912  Windows directory: C:\WINDOWS
23:06:16.0375 0912  System windows directory: C:\WINDOWS
23:06:16.0375 0912  Processor architecture: Intel x86
23:06:16.0375 0912  Number of processors: 1
23:06:16.0375 0912  Page size: 0x1000
23:06:16.0375 0912  Boot type: Normal boot
23:06:16.0375 0912  ============================================================
23:06:27.0593 0912  Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:06:27.0609 0912  Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:06:27.0625 0912  ============================================================
23:06:27.0625 0912  \Device\Harddisk0\DR0:
23:06:27.0625 0912  MBR partitions:
23:06:27.0625 0912  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
23:06:27.0625 0912  \Device\Harddisk1\DR1:
23:06:27.0625 0912  MBR partitions:
23:06:27.0625 0912  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
23:06:27.0625 0912  ============================================================
23:06:27.0640 0912  C: <-> \Device\Harddisk0\DR0\Partition1
23:06:27.0687 0912  D: <-> \Device\Harddisk1\DR1\Partition1
23:06:27.0687 0912  ============================================================
23:06:27.0687 0912  Initialize success
23:06:27.0687 0912  ============================================================
23:07:00.0593 2328  ============================================================
23:07:00.0593 2328  Scan started
23:07:00.0593 2328  Mode: Manual; TDLFS; 
23:07:00.0593 2328  ============================================================
23:07:01.0812 2328  ================ Scan system memory ========================
23:07:01.0828 2328  System memory - ok
23:07:01.0828 2328  ================ Scan services =============================
23:07:02.0703 2328  Abiosdsk - ok
23:07:02.0718 2328  abp480n5 - ok
23:07:02.0765 2328  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:07:02.0781 2328  ACPI - ok
23:07:02.0812 2328  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
23:07:02.0812 2328  ACPIEC - ok
23:07:02.0828 2328  adpu160m - ok
23:07:02.0859 2328  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
23:07:02.0875 2328  aec - ok
23:07:02.0906 2328  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
23:07:02.0921 2328  AFD - ok
23:07:02.0937 2328  Aha154x - ok
23:07:02.0953 2328  aic78u2 - ok
23:07:02.0968 2328  aic78xx - ok
23:07:03.0015 2328  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
23:07:03.0015 2328  Alerter - ok
23:07:03.0031 2328  AliIde - ok
23:07:03.0046 2328  amsint - ok
23:07:03.0218 2328  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:07:03.0234 2328  Apple Mobile Device - ok
23:07:03.0265 2328  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
23:07:03.0281 2328  AppMgmt - ok
23:07:03.0281 2328  asc - ok
23:07:03.0296 2328  asc3350p - ok
23:07:03.0328 2328  asc3550 - ok
23:07:03.0468 2328  [ 0B6CCE61F021CF483AD0AE046E322513 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
23:07:03.0500 2328  aspnet_state - ok
23:07:03.0515 2328  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:07:03.0531 2328  AsyncMac - ok
23:07:03.0562 2328  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
23:07:03.0562 2328  atapi - ok
23:07:03.0578 2328  Atdisk - ok
23:07:03.0609 2328  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
23:07:03.0609 2328  AudioSrv - ok
23:07:03.0656 2328  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
23:07:03.0656 2328  audstub - ok
23:07:03.0687 2328  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
23:07:03.0687 2328  Beep - ok
23:07:03.0734 2328  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
23:07:03.0812 2328  BITS - ok
23:07:03.0890 2328  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:07:03.0906 2328  Bonjour Service - ok
23:07:03.0937 2328  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
23:07:03.0937 2328  Browser - ok
23:07:03.0968 2328  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
23:07:03.0984 2328  cbidf2k - ok
23:07:04.0000 2328  cd20xrnt - ok
23:07:04.0015 2328  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
23:07:04.0015 2328  Cdaudio - ok
23:07:04.0046 2328  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
23:07:04.0046 2328  Cdfs - ok
23:07:04.0062 2328  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:07:04.0062 2328  Cdrom - ok
23:07:04.0093 2328  Changer - ok
23:07:04.0156 2328  [ 2B9A15DFDC14B4ECB1E8FC13AE43E60F ] CltMngSvc       C:\Program Files\SearchProtect\bin\CltMngSvc.exe
23:07:04.0156 2328  CltMngSvc - ok
23:07:04.0171 2328  CmdIde - ok
23:07:04.0187 2328  COMSysApp - ok
23:07:04.0218 2328  Cpqarray - ok
23:07:04.0234 2328  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
23:07:04.0250 2328  CryptSvc - ok
23:07:04.0265 2328  dac2w2k - ok
23:07:04.0281 2328  dac960nt - ok
23:07:04.0328 2328  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
23:07:04.0343 2328  DcomLaunch - ok
23:07:04.0375 2328  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
23:07:04.0390 2328  Dhcp - ok
23:07:04.0406 2328  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
23:07:04.0406 2328  Disk - ok
23:07:04.0421 2328  dmadmin - ok
23:07:04.0484 2328  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
23:07:04.0515 2328  dmboot - ok
23:07:04.0546 2328  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
23:07:04.0562 2328  dmio - ok
23:07:04.0593 2328  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
23:07:04.0593 2328  dmload - ok
23:07:04.0609 2328  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
23:07:04.0625 2328  dmserver - ok
23:07:04.0656 2328  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
23:07:04.0671 2328  DMusic - ok
23:07:04.0703 2328  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
23:07:04.0703 2328  Dnscache - ok
23:07:04.0734 2328  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
23:07:04.0750 2328  Dot3svc - ok
23:07:04.0750 2328  dpti2o - ok
23:07:04.0781 2328  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
23:07:04.0781 2328  drmkaud - ok
23:07:04.0812 2328  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
23:07:04.0812 2328  EapHost - ok
23:07:04.0843 2328  [ 6E883BF518296A40959131C2304AF714 ] EL90XBC         C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
23:07:04.0859 2328  EL90XBC - ok
23:07:04.0890 2328  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
23:07:04.0890 2328  Eventlog - ok
23:07:04.0921 2328  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
23:07:04.0937 2328  EventSystem - ok
23:07:04.0968 2328  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
23:07:04.0984 2328  Fastfat - ok
23:07:05.0015 2328  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:07:05.0031 2328  FastUserSwitchingCompatibility - ok
23:07:05.0046 2328  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
23:07:05.0062 2328  Fdc - ok
23:07:05.0078 2328  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
23:07:05.0078 2328  Fips - ok
23:07:05.0125 2328  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:07:05.0125 2328  Flpydisk - ok
23:07:05.0171 2328  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:07:05.0171 2328  FltMgr - ok
23:07:05.0203 2328  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:07:05.0203 2328  Fs_Rec - ok
23:07:05.0234 2328  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:07:05.0250 2328  Ftdisk - ok
23:07:05.0281 2328  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:07:05.0281 2328  GEARAspiWDM - ok
23:07:05.0296 2328  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:07:05.0296 2328  Gpc - ok
23:07:05.0359 2328  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
23:07:05.0359 2328  gupdate - ok
23:07:05.0375 2328  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
23:07:05.0390 2328  gupdatem - ok
23:07:05.0421 2328  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
23:07:05.0421 2328  HidServ - ok
23:07:05.0453 2328  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:07:05.0453 2328  hidusb - ok
23:07:05.0500 2328  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
23:07:05.0500 2328  hkmsvc - ok
23:07:05.0500 2328  hpn - ok
23:07:05.0546 2328  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
23:07:05.0546 2328  HTTP - ok
23:07:05.0593 2328  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
23:07:05.0593 2328  HTTPFilter - ok
23:07:05.0609 2328  i2omgmt - ok
23:07:05.0625 2328  i2omp - ok
23:07:05.0640 2328  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:07:05.0640 2328  i8042prt - ok
23:07:05.0703 2328  [ 44B7D5A4F2BD9FE21AEA0BB0BACE38C4 ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23:07:05.0734 2328  ialm - ok
23:07:05.0812 2328  [ A3224E67F24C84ECB7660CF75059065A ] IBUpdaterService C:\WINDOWS\system32\dmwu.exe
23:07:05.0859 2328  IBUpdaterService - ok
23:07:05.0890 2328  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
23:07:05.0890 2328  Imapi - ok
23:07:05.0937 2328  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
23:07:05.0953 2328  ImapiService - ok
23:07:05.0984 2328  [ C46E8CF2BF9688D5332DD14CF42ACD61 ] incdrm          C:\WINDOWS\system32\drivers\incdrm.sys
23:07:05.0984 2328  incdrm - ok
23:07:06.0000 2328  ini910u - ok
23:07:06.0031 2328  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
23:07:06.0031 2328  IntelIde - ok
23:07:06.0078 2328  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:07:06.0078 2328  intelppm - ok
23:07:06.0093 2328  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:07:06.0093 2328  Ip6Fw - ok
23:07:06.0125 2328  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:07:06.0125 2328  IpFilterDriver - ok
23:07:06.0156 2328  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:07:06.0156 2328  IpInIp - ok
23:07:06.0171 2328  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:07:06.0187 2328  IpNat - ok
23:07:06.0250 2328  [ FE56897B27ED266F9C4E7D90A0B5DA47 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:07:06.0281 2328  iPod Service - ok
23:07:06.0312 2328  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:07:06.0312 2328  IPSec - ok
23:07:06.0343 2328  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
23:07:06.0343 2328  IRENUM - ok
23:07:06.0375 2328  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:07:06.0375 2328  isapnp - ok
23:07:06.0453 2328  [ 724A6A9AB5E1807665C5DB71C30BFC5F ] ISWKL           C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
23:07:06.0453 2328  ISWKL - ok
23:07:06.0531 2328  [ 57FE873B8246DEF1372503CBC57A7499 ] IswSvc          C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
23:07:06.0546 2328  IswSvc - ok
23:07:06.0593 2328  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:07:06.0593 2328  Kbdclass - ok
23:07:06.0625 2328  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:07:06.0625 2328  kbdhid - ok
23:07:06.0656 2328  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
23:07:06.0656 2328  kmixer - ok
23:07:06.0703 2328  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
23:07:06.0703 2328  KSecDD - ok
23:07:06.0734 2328  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
23:07:06.0750 2328  LanmanServer - ok
23:07:06.0781 2328  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:07:06.0781 2328  lanmanworkstation - ok
23:07:06.0796 2328  lbrtfdc - ok
23:07:06.0843 2328  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
23:07:06.0843 2328  LmHosts - ok
23:07:06.0859 2328  lxcf_device - ok
23:07:06.0890 2328  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
23:07:06.0906 2328  Modem - ok
23:07:06.0937 2328  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:07:06.0937 2328  Mouclass - ok
23:07:06.0953 2328  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:07:06.0953 2328  mouhid - ok
23:07:06.0984 2328  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
23:07:06.0984 2328  MountMgr - ok
23:07:07.0046 2328  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:07:07.0062 2328  MozillaMaintenance - ok
23:07:07.0078 2328  mraid35x - ok
23:07:07.0109 2328  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:07:07.0109 2328  MRxDAV - ok
23:07:07.0171 2328  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:07:07.0203 2328  MRxSmb - ok
23:07:07.0250 2328  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
23:07:07.0250 2328  MSDTC - ok
23:07:07.0281 2328  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
23:07:07.0296 2328  Msfs - ok
23:07:07.0312 2328  MSIServer - ok
23:07:07.0343 2328  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:07:07.0343 2328  MSKSSRV - ok
23:07:07.0375 2328  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:07:07.0375 2328  MSPCLOCK - ok
23:07:07.0390 2328  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
23:07:07.0390 2328  MSPQM - ok
23:07:07.0421 2328  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:07:07.0437 2328  mssmbios - ok
23:07:07.0468 2328  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
23:07:07.0468 2328  Mup - ok
23:07:07.0515 2328  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
23:07:07.0531 2328  napagent - ok
23:07:07.0578 2328  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
23:07:07.0578 2328  NDIS - ok
23:07:07.0609 2328  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:07:07.0609 2328  NdisTapi - ok
23:07:07.0640 2328  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:07:07.0640 2328  Ndisuio - ok
23:07:07.0687 2328  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:07:07.0687 2328  NdisWan - ok
23:07:07.0718 2328  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
23:07:07.0718 2328  NDProxy - ok
23:07:07.0765 2328  [ 1352E1648213551923A0A822E441553C ] Netaapl         C:\WINDOWS\system32\DRIVERS\netaapl.sys
23:07:07.0765 2328  Netaapl - ok
23:07:07.0781 2328  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
23:07:07.0796 2328  NetBIOS - ok
23:07:07.0828 2328  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
23:07:07.0828 2328  NetBT - ok
23:07:07.0875 2328  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
23:07:07.0875 2328  Netlogon - ok
23:07:07.0921 2328  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
23:07:07.0937 2328  Netman - ok
23:07:07.0968 2328  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
23:07:07.0968 2328  Nla - ok
23:07:08.0000 2328  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
23:07:08.0000 2328  Npfs - ok
23:07:08.0046 2328  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
23:07:08.0078 2328  Ntfs - ok
23:07:08.0093 2328  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
23:07:08.0093 2328  NtLmSsp - ok
23:07:08.0125 2328  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
23:07:08.0125 2328  Null - ok
23:07:08.0187 2328  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:07:08.0187 2328  NwlnkFlt - ok
23:07:08.0203 2328  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:07:08.0203 2328  NwlnkFwd - ok
23:07:08.0234 2328  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
23:07:08.0250 2328  Parport - ok
23:07:08.0265 2328  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
23:07:08.0265 2328  PartMgr - ok
23:07:08.0281 2328  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
23:07:08.0281 2328  ParVdm - ok
23:07:08.0296 2328  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
23:07:08.0312 2328  PCI - ok
23:07:08.0328 2328  PCIDump - ok
23:07:08.0359 2328  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\drivers\PCIIde.sys
23:07:08.0359 2328  PCIIde - ok
23:07:08.0390 2328  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
23:07:08.0406 2328  Pcmcia - ok
23:07:08.0421 2328  PDCOMP - ok
23:07:08.0437 2328  PDFRAME - ok
23:07:08.0453 2328  PDRELI - ok
23:07:08.0468 2328  PDRFRAME - ok
23:07:08.0484 2328  perc2 - ok
23:07:08.0500 2328  perc2hib - ok
23:07:08.0562 2328  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
23:07:08.0562 2328  PlugPlay - ok
23:07:08.0593 2328  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
23:07:08.0593 2328  PolicyAgent - ok
23:07:08.0625 2328  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:07:08.0625 2328  PptpMiniport - ok
23:07:08.0640 2328  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:07:08.0640 2328  ProtectedStorage - ok
23:07:08.0671 2328  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
23:07:08.0671 2328  PSched - ok
23:07:08.0718 2328  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:07:08.0718 2328  Ptilink - ok
23:07:08.0734 2328  ql1080 - ok
23:07:08.0750 2328  Ql10wnt - ok
23:07:08.0765 2328  ql12160 - ok
23:07:08.0781 2328  ql1240 - ok
23:07:08.0796 2328  ql1280 - ok
23:07:08.0828 2328  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:07:08.0828 2328  RasAcd - ok
23:07:08.0859 2328  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
23:07:08.0859 2328  RasAuto - ok
23:07:08.0890 2328  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:07:08.0890 2328  Rasl2tp - ok
23:07:08.0937 2328  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
23:07:08.0937 2328  RasMan - ok
23:07:08.0968 2328  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:07:08.0968 2328  RasPppoe - ok
23:07:09.0000 2328  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
23:07:09.0000 2328  Raspti - ok
23:07:09.0031 2328  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:07:09.0062 2328  Rdbss - ok
23:07:09.0078 2328  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:07:09.0078 2328  RDPCDD - ok
23:07:09.0125 2328  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:07:09.0140 2328  rdpdr - ok
23:07:09.0187 2328  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
23:07:09.0203 2328  RDPWD - ok
23:07:09.0265 2328  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
23:07:09.0265 2328  RDSessMgr - ok
23:07:09.0296 2328  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
23:07:09.0312 2328  redbook - ok
23:07:09.0343 2328  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
23:07:09.0343 2328  RemoteAccess - ok
23:07:09.0375 2328  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
23:07:09.0375 2328  RpcSs - ok
23:07:09.0437 2328  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
23:07:09.0437 2328  RSVP - ok
23:07:09.0468 2328  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
23:07:09.0468 2328  SamSs - ok
23:07:09.0500 2328  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
23:07:09.0500 2328  SCardSvr - ok
23:07:09.0562 2328  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
23:07:09.0578 2328  Schedule - ok
23:07:09.0593 2328  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:07:09.0593 2328  Secdrv - ok
23:07:09.0625 2328  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
23:07:09.0625 2328  seclogon - ok
23:07:09.0687 2328  [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt         C:\WINDOWS\system32\drivers\senfilt.sys
23:07:09.0734 2328  senfilt - ok
23:07:09.0765 2328  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
23:07:09.0765 2328  SENS - ok
23:07:09.0781 2328  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
23:07:09.0781 2328  serenum - ok
23:07:09.0796 2328  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
23:07:09.0796 2328  Serial - ok
23:07:09.0828 2328  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
23:07:09.0828 2328  Sfloppy - ok
23:07:09.0875 2328  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
23:07:09.0890 2328  SharedAccess - ok
23:07:09.0921 2328  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:07:09.0921 2328  ShellHWDetection - ok
23:07:09.0937 2328  Simbad - ok
23:07:09.0984 2328  [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
23:07:09.0984 2328  smwdm - ok
23:07:10.0000 2328  Sparrow - ok
23:07:10.0031 2328  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
23:07:10.0031 2328  splitter - ok
23:07:10.0062 2328  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
23:07:10.0078 2328  Spooler - ok
23:07:10.0109 2328  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] Sr              C:\WINDOWS\system32\DRIVERS\sr.sys
23:07:10.0125 2328  Sr - ok
23:07:10.0171 2328  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
23:07:10.0187 2328  srservice - ok
23:07:10.0234 2328  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
23:07:10.0265 2328  Srv - ok
23:07:10.0296 2328  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
23:07:10.0312 2328  SSDPSRV - ok
23:07:10.0343 2328  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
23:07:10.0375 2328  stisvc - ok
23:07:10.0390 2328  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
23:07:10.0390 2328  swenum - ok
23:07:10.0421 2328  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
23:07:10.0437 2328  swmidi - ok
23:07:10.0453 2328  SwPrv - ok
23:07:10.0484 2328  symc810 - ok
23:07:10.0500 2328  symc8xx - ok
23:07:10.0515 2328  sym_hi - ok
23:07:10.0531 2328  sym_u3 - ok
23:07:10.0546 2328  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
23:07:10.0546 2328  sysaudio - ok
23:07:10.0593 2328  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
23:07:10.0593 2328  SysmonLog - ok
23:07:10.0640 2328  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
23:07:10.0656 2328  TapiSrv - ok
23:07:10.0703 2328  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:07:10.0718 2328  Tcpip - ok
23:07:10.0765 2328  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
23:07:10.0765 2328  TDPIPE - ok
23:07:10.0781 2328  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
23:07:10.0796 2328  TDTCP - ok
23:07:10.0812 2328  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
23:07:10.0812 2328  TermDD - ok
23:07:10.0875 2328  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
23:07:10.0890 2328  TermService - ok
23:07:10.0921 2328  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
23:07:10.0921 2328  Themes - ok
23:07:10.0937 2328  TosIde - ok
23:07:10.0984 2328  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
23:07:10.0984 2328  TrkWks - ok
23:07:11.0015 2328  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
23:07:11.0031 2328  Udfs - ok
23:07:11.0046 2328  ultra - ok
23:07:11.0093 2328  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
23:07:11.0109 2328  Update - ok
23:07:11.0171 2328  [ 4F887D2C0362E1B4183139A5EB926A50 ] Updater By SweetPacks C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
23:07:11.0171 2328  Updater By SweetPacks - ok
23:07:11.0234 2328  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
23:07:11.0250 2328  upnphost - ok
23:07:11.0281 2328  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
23:07:11.0281 2328  UPS - ok
23:07:11.0312 2328  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
23:07:11.0328 2328  USBAAPL - ok
23:07:11.0359 2328  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:07:11.0359 2328  usbccgp - ok
23:07:11.0375 2328  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:07:11.0375 2328  usbehci - ok
23:07:11.0390 2328  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:07:11.0406 2328  usbhub - ok
23:07:11.0437 2328  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:07:11.0437 2328  usbprint - ok
23:07:11.0468 2328  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:07:11.0468 2328  usbscan - ok
23:07:11.0515 2328  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:07:11.0515 2328  USBSTOR - ok
23:07:11.0562 2328  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:07:11.0562 2328  usbuhci - ok
23:07:11.0593 2328  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
23:07:11.0593 2328  VgaSave - ok
23:07:11.0609 2328  ViaIde - ok
23:07:11.0640 2328  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
23:07:11.0640 2328  VolSnap - ok
23:07:11.0734 2328  [ 0316AAB1D3A0AF6B2F109E8F911EA6A1 ] Vsdatant        C:\WINDOWS\system32\vsdatant.sys
23:07:11.0765 2328  Vsdatant - ok
23:07:11.0843 2328  vsmon - ok
23:07:11.0875 2328  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
23:07:11.0890 2328  VSS - ok
23:07:11.0921 2328  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
23:07:11.0937 2328  W32Time - ok
23:07:11.0968 2328  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:07:11.0968 2328  Wanarp - ok
23:07:12.0015 2328  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
23:07:12.0031 2328  Wdf01000 - ok
23:07:12.0046 2328  WDICA - ok
23:07:12.0062 2328  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
23:07:12.0078 2328  wdmaud - ok
23:07:12.0093 2328  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
23:07:12.0109 2328  WebClient - ok
23:07:12.0218 2328  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
23:07:12.0218 2328  winmgmt - ok
23:07:12.0281 2328  [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
23:07:12.0281 2328  WmdmPmSN - ok
23:07:12.0359 2328  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
23:07:12.0375 2328  Wmi - ok
23:07:12.0453 2328  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:07:12.0453 2328  WmiApSrv - ok
23:07:12.0546 2328  [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
23:07:12.0578 2328  WMPNetworkSvc - ok
23:07:12.0625 2328  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
23:07:12.0625 2328  wuauserv - ok
23:07:12.0656 2328  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:07:12.0656 2328  WudfPf - ok
23:07:12.0703 2328  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:07:12.0703 2328  WudfRd - ok
23:07:12.0734 2328  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
23:07:12.0734 2328  WudfSvc - ok
23:07:12.0781 2328  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
23:07:12.0812 2328  WZCSVC - ok
23:07:12.0843 2328  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
23:07:12.0843 2328  xmlprov - ok
23:07:12.0875 2328  ================ Scan global ===============================
23:07:12.0906 2328  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:07:12.0953 2328  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
23:07:13.0000 2328  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
23:07:13.0031 2328  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:07:13.0031 2328  [Global] - ok
23:07:13.0031 2328  ================ Scan MBR ==================================
23:07:13.0046 2328  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:07:13.0343 2328  \Device\Harddisk0\DR0 - ok
23:07:13.0359 2328  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
23:07:13.0593 2328  \Device\Harddisk1\DR1 - ok
23:07:13.0593 2328  ================ Scan VBR ==================================
23:07:13.0625 2328  [ C8B389BCAF15C113D0040CFAA1A113C7 ] \Device\Harddisk0\DR0\Partition1
23:07:13.0625 2328  \Device\Harddisk0\DR0\Partition1 - ok
23:07:13.0640 2328  [ 3987F5275717A2BEDD20785FC7743671 ] \Device\Harddisk1\DR1\Partition1
23:07:13.0640 2328  \Device\Harddisk1\DR1\Partition1 - ok
23:07:13.0640 2328  ============================================================
23:07:13.0640 2328  Scan finished
23:07:13.0640 2328  ============================================================
23:07:13.0671 2320  Detected object count: 0
23:07:13.0671 2320  Actual detected object count: 0
 

 

 

 

 

# AdwCleaner v2.304 - Logfile created 07/09/2013 at 23:13:59
# Updated 03/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - 12345-F57C2C76F
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : CltMngSvc
Stopped & Deleted : IBUpdaterService
Stopped & Deleted : Updater By SweetPacks
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ommn7fsv.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ommn7fsv.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ommn7fsv.default\searchplugins\SweetIm.xml
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ommn7fsv.default\searchplugins\zonealarm.xml
File Deleted : C:\END
File Deleted : C:\WINDOWS\system32\dmwu.exe
File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CT3298573
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ommn7fsv.default\CT3298573
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ommn7fsv.default\extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055}
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ommn7fsv.default\extensions\wecarereminder@bryan
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Wondershare
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SweetIM
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Wondershare
Folder Deleted : C:\Program Files\Common Files\Wondershare
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\Updater By SweetPacks
Folder Deleted : C:\Program Files\Wondershare
Folder Deleted : C:\WINDOWS\system32\WNLT
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\Software\Classes\Installer\Products\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298573
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\WNLT
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource=61&CUI=UN78008209511785885&UM=2&UP=SPC317E8F2-FE89-40C2-9F7F-3FD5BB4A3B9D --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={47F6A8F7-E869-11E2-8028-000475BD8DA5} --> hxxp://www.google.com
 
-\\ Mozilla Firefox v21.0 (en-US)
 
File : C:\Documents and Settings\Scottie\Application Data\Mozilla\Firefox\Profiles\xxqubocx.default\prefs.js
 
[OK] File is clean.
 
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ommn7fsv.default\prefs.js
 
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ommn7fsv.default\user.js ... Deleted !
 
Deleted : user_pref("CT3298573.FF19Solved", "true");
Deleted : user_pref("CT3298573.UserID", "UN24076807361556174");
Deleted : user_pref("CT3298573.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3298573.fullUserID", "UN24076807361556174.IN.2013070934650");
Deleted : user_pref("CT3298573.installDate", "09/07/2013 3:46:50");
Deleted : user_pref("CT3298573.installSessionId", "{0271B3E0-6B58-42CE-9759-2A60ECD7A81D}");
Deleted : user_pref("CT3298573.installSp", "TRUE");
Deleted : user_pref("CT3298573.installerVersion", "1.5.4.1");
Deleted : user_pref("CT3298573.keyword", "true");
Deleted : user_pref("CT3298573.originalHomepage", "hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu[...]
Deleted : user_pref("CT3298573.originalSearchAddressUrl", "hxxp://search.zonealarm.com/search?src=sp&tbid=base[...]
Deleted : user_pref("CT3298573.originalSearchEngine", "Search By ZoneAlarm");
Deleted : user_pref("CT3298573.searchRevert", "false");
Deleted : user_pref("CT3298573.searchUserMode", "2");
Deleted : user_pref("CT3298573.smartbar.homepage", "true");
Deleted : user_pref("CT3298573.versionFromInstaller", "10.16.4.19");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.zonealarm.com/search?src=sp&tbid=b[...]
Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V37 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&CUI[...]
Deleted : user_pref("browser.search.selectedEngine", "MixiDJ V37 Customized Web Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&Sea[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3298573");
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298573&CUI=UN240768073[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298573");
Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3298573");
Deleted : user_pref("smartbar.machineId", "QJGL5E1Y9FZ4KUPTZFV1JND6KAJX1/C1F1NQ45IPN0QIX9FVNOPONYJVFDPFSZWDQZY[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]
Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3298573&CUI=UN240768073615[...]
 
-\\ Google Chrome v27.0.1453.116
 
File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.2278] : homepage = "hxxp://search.conduit.com/?ctid=CT3298573&SearchSource=48&CUI=UN96262752911428108&UM[...]
Deleted [l.2578] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3298573&SearchSource=48&CUI[...]
 
*************************
 
AdwCleaner[S1].txt - [18684 octets] - [09/07/2013 23:13:59]
 
########## EOF - C:\AdwCleaner[S1].txt - [18745 octets] ##########
 

 

 

 

C:\Documents and Settings\Administrator\Local Settings\Temp\DefaultTabSetup.exe a variant of Win32/Toolbar.DefaultTab.B application cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temp\hsbing_717_active.exe multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temp\Shortcut_sweetpacks_dlcom_6212013.exe probably a variant of Win32/SweetIM.C application cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temp\WSSetup.exe Win32/SweetIM.E application cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\cbsidlm-tr1_13-BidnInvoice_Basic_Invoice-ORG-10574898 (1).exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\cbsidlm-tr1_13-BidnInvoice_Basic_Invoice-ORG-10574898 (2).exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\cbsidlm-tr1_13-BidnInvoice_Basic_Invoice-ORG-10574898.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Program Files\Mozilla Firefox\browser\nsprotector.js Win32/Conduit.SearchProtect.A application cleaned by deleting - quarantined
C:\WINDOWS\system32\ARFC\wrtc.exe Win32/SweetIM.E application cleaned by deleting - quarantined
C:\WINDOWS\system32\jmdp\SweetNT.crx Win32/SweetIM.E application deleted - quarantined
 

 

 

 

Thanks for such a fast response time.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:37 AM

Posted 10 July 2013 - 08:15 PM

Hi sorry not as speedy today. dmwu.exe is an issue when part of Incredimail, but can be used by some of the malwares found. Is it still trying to communicate?

Let's run one more.
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Edited by boopme, 10 July 2013 - 08:15 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 scottie1105

scottie1105
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 10 July 2013 - 08:47 PM

we all have those kind of days...will start on this new one in just a moment.

Wanted to mention also that now i have pcperformer installed on my desktop (that i didn't add) and seems as if it's causing problems as well.

Screen comes up and says infections found on your computer, scanning to find threats or something like that....had issues on a laptop a few years back with this one and it was a beast to remove.  One thing at a time though, i know :-)

guess I'll start the junkware removal now, thanks again.



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:37 AM

Posted 11 July 2013 - 12:09 PM

See if that can be uninstalled thru Control Panel.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 scottie1105

scottie1105
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 14 July 2013 - 10:05 AM

posted last night, came back to check this morning and post not showing up...

 

apologize, work has had me busy last couple of days...but here is junkware scan results.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.6 (07.10.2013:3)
OS: Microsoft Windows XP x86
Ran by Administrator on Thu 07/11/2013 at  0:10:13.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\performersoft
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\performersoft
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{69457D3C-0A30-44F3-AECE-F100C438EA8B}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\WINDOWS\system32\roboot.exe"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ibupdaterservice"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Application Data\performersoft"
Successfully deleted: [Folder] "C:\Program Files\pc performer"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\pc performer"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/11/2013 at  0:15:21.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

also, tried to remove PC Performer through control panel... text box said, " An error occurred while trying to remove PC Performer. It may have already been uninstalled.  Would you like to remove PC Performer from the Add or Remove programs list?" 



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:37 AM

Posted 14 July 2013 - 08:01 PM

 

Would you like to remove PC Performer from the Add or Remove programs list?" 

 

YES

 

 

Man the heat and humidity id brutal..

 

Looks like you should be good now.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 scottie1105

scottie1105
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 14 July 2013 - 11:07 PM

most definitely...not looking forward to the end of Aug this year.

 

thanks for the help...any suggestion on free programs I can use to help keep this from happening again?



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:37 AM

Posted 15 July 2013 - 01:01 PM

Hello, you can add SpywareBlaster. Update and use ADWCleaner and the free version of SAS (SuperAntispyware )from our page HERE


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users