Google survey then persistent popup(s)

A

andyq

Member
i'm on XP and using chrome as my browser. a google survey popped up and in a moment of madness i completed it. after that popups were flying up persistently. i ran malwarebytes and it removed 49 items(see log below), also did a full scan with mcafee. the problem persisted so i ran a full malwarebytes scan lasting 3.75hrs. it found one pup which was adware. i keep getting a message in the bottom rhs of my screen stating "you have one new message" clicking on this unleases more crap.the worrying thing is that if i go to my bank site the https bit of the address bar is red with a strike thro. below is the malwarebytes log after the initial infection + a recent hijack this log.a recent malware bytes log with a full scan was clear. help please.

Malwarebytes scan after initial infection.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.03.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
andrew quarmby :: HOME-DBA9F381EB [administrator]

03/09/2013 21:02:15
mbam-log-2013-09-03 (21-02-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra |

Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217063
Time elapsed: 27 minute(s), 23 second(s)

Memory Processes Detected: 1
C:\Program Files\BrowseFox\updateBrowseFox.exe (PUP.Optional.BrowseFox.A) -> 2080 -> Delete on reboot.

Memory Modules Detected: 1
C:\Program Files\BrowseFox\BrowseFox.Common.dll (PUP.Optional.BrowseFox.A) -> Delete on reboot.

Registry Keys Detected: 19
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{39A17362-9C1D-4907-9428-0D28A94DC79D} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\Interface\{627A968A-03E6-41C7-B11B-4E442B376F95} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} (Trojan.Agent.IE) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (Adware.GameVance) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (Adware.GameVance) -> Quarantined and deleted successfully.
HKCR\TypeLib\{39A17362-9C1D-4907-9428-0D28A94DC79D} (Adware.GameVance) -> Quarantined and deleted successfully.
HKCR\Interface\{627A968A-03E6-41C7-B11B-4E442B376F95} (Adware.GameVance) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C3E833-420E-4D78-9BA7-86AEBB272384} (Adware.GameVance) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C3E833-420E-4D78-9BA7-86AEBB272384} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowseFox (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Update BrowseFox (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 8
C:\Documents and Settings\andrew quarmby\Local Settings\Application Data\TopArcadeHits (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Documents and Settings\andrew quarmby\Start Menu\Programs\TopArcadeHits (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Documents and Settings\andrew quarmby\Local Settings\Application Data\TopArcadeHits (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseFox (PUP.Optional.BrowseFox.A) -> Delete on reboot.
C:\Documents and Settings\andrew quarmby\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\andrew quarmby\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\andrew quarmby\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\andrew quarmby\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.

Files Detected: 30
C:\Documents and Settings\andrew quarmby\Local Settings\Application Data\TopArcadeHits\Toparcadehits.dll (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\andrew quarmby\My Documents\Downloads\K-Lite Codec Pack Full.exe (PUP.Optional.Solimba.mr) -> Quarantined and deleted successfully.
C:\Documents and Settings\andrew quarmby\Local Settings\temp\SetupToparcadehits.exe (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Documents and Settings\andrew quarmby\Local Settings\temp\C324FD8E-BAB0-7891-B1C3-C7EE4EDA799A\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\andrew quarmby\Local Settings\Application Data\TopArcadeHits\tah.config (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Documents and Settings\andrew quarmby\Local Settings\Application Data\TopArcadeHits\Toparcadehits.dll (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Documents and Settings\andrew quarmby\Local Settings\Application Data\TopArcadeHits\uninstaller.exe (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Documents and Settings\andrew quarmby\Local Settings\Application Data\TopArcadeHits\updater.exe (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Documents and Settings\andrew quarmby\Start Menu\Programs\TopArcadeHits\Play Toparcadehits Online.url (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Documents and Settings\andrew quarmby\Start Menu\Programs\TopArcadeHits\Uninstall Toparcadehits.lnk (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Documents and Settings\andrew quarmby\Local Settings\Application Data\TopArcadeHits\tah.config (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\andrew quarmby\Local Settings\Application Data\TopArcadeHits\uninstaller.exe (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\andrew quarmby\Local Settings\Application Data\TopArcadeHits\updater.exe (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\TopArcadeHits.job (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\andrew quarmby\Local Settings\temp\SetupToparcadehits.exe (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseFox\updateBrowseFox.InstallState (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseFox\BrowseFox.Common.dll (PUP.Optional.BrowseFox.A) -> Delete on reboot.
C:\Program Files\BrowseFox\BrowseFox.ico (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseFox\BrowseFoxBHO.dll (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseFox\BrowseFoxUninstall.exe (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseFox\Microsoft.Win32.TaskScheduler.dll (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseFox\ppdjnkblmcjfnlogjjhpigpdgpcgdpll.crx (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseFox\sqlite3.exe (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseFox\updateBrowseFox.exe (PUP.Optional.BrowseFox.A) -> Delete on reboot.
C:\Documents and Settings\andrew quarmby\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome.manifest (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\andrew quarmby\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\icon.png (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\andrew quarmby\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\install.rdf (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\andrew quarmby\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\browser.xul (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\andrew quarmby\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\toparcadehits.js (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\andrew quarmby\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin\style.css (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
(end)


Hijack this log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:38:06, on 08/09/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Labtec\Wireless Mouse\MulMouse.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ElsaWin\bin\LcSvrAdm.exe
C:\ElsaWin\bin\LcSvrDba.exe
C:\ElsaWin\bin\LcSvrHis.exe
C:\ElsaWin\bin\LcSvrPas.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\ElsaWin\bin\LcSvrSaz.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\ElsaWin\bin\VSgate.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\ElsaWin\bin\LcSvrAuf.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?complete=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\InternetSettings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_01\bin\jp2ssv.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Labtec Mouse Software 2.0.lnk = C:\Program Files\Labtec\Wireless Mouse\MulMouse.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\t00el32.dll' missing
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135790674437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1360702297654
O16 - DPF: {DB28CF23-0083-40B5-BF63-69925D672385} (CNeroSerialChecker Object) - http://www.nero.com/doc/NeroVersionChecker.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com//activex/ractrl.cab?lmi=972
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} (VM_1.VM_Control) - http://downloads.virginmedia.com/CST/ver1/xp_mail.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiProt.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - C:\ElsaWin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - C:\ElsaWin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - C:\ElsaWin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - C:\ElsaWin\bin\LcSvrHis.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - C:\ElsaWin\bin\LcSvrPas.exe
O23 - Service: ELSA APOSpro Server (LcSvrSaz) - Volkswagen AG - C:\ElsaWin\bin\LcSvrSaz.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBKbackup.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: ELSA Vaudis Service (VSGate) - Volkswagen AG - C:\ElsaWin\bin\VSgate.exe

--
End of file - 12252 bytes
 
Last edited by a moderator:
You have some issues we need to deal with before we are done but I need you to run some other scans first.

1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

tdssstartscan_zps32a151cd.jpg


TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

2663-2-eng.png


To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.

After trying to clean them it will pop up with the results of the scan and its actions.

2663_3_en.png


Please reboot the system if asked to do so.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

Please open the log and copy and paste it back here.

3.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
  • Download this file here :

    Combofix

  • When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
  • Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.

    cf-icon.jpg
  • We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

  • Close all open Windows including this one.
  • Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
    Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  • Please click on I agree on the disclaimer window.
  • ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.

    cf-preparing.jpg

  • ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.

    erunt.jpg

  • Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:

    recovery-console-prompt.jpg

  • At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  • Please click on yes in the next window to continue scanning for malware.
  • ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  • ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.

    still-scanning-clockchanges.jpg

  • When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  • This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  • When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  • Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running

4.

I need you to post a log that combofix produces but doesn't show you. Please navigate to c:\Qoobox and in that folder will be a file named add-remove programs.txt Open that file and copy and paste the contents back here. You have a couple of outdated programs installed that are actually security risks in your system.
 
i will attempt all this tomorrow. i've got mcafee internet security, how do i turn off the anti-virus. your link doesn't mention my version. do i turn off the real time scanning(and firewall)?
thanks
 
done all of the above, still getting a popup when chrome finds its first website. no popups in IE8. right the logs as requested:-

[EDIT]MADE A MESS POSTED COMBOFIX LOG TWICE SEE NEXT POST FOR TDSSKILLER LOG

ADWCLEANER

# AdwCleaner v3.003 - Report created 10/09/2013 at 19:54:27
# Updated 07/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : andrew quarmby - HOME-DBA9F381EB
# Running from : C:\Documents and Settings\andrew quarmby\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\BrowserProtect
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
Folder Deleted : C:\Program Files\MapsGalaxy_39EI
Folder Deleted : C:\Documents and Settings\andrew quarmby\IECompatCache
Folder Deleted : C:\Documents and Settings\andrew quarmby\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\andrew quarmby\Application Data\SpeedMaxPc
File Deleted : C:\WINDOWS\Tasks\BrowserProtect.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ppdjnkblmcjfnlogjjhpigpdgpcgdpll
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\58edad0b569ea40
Key Deleted : HKLM\SOFTWARE\58edad0b569ea40
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\BrowseFox
Key Deleted : HKCU\Software\SpeedMaxPC
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\MapsGalaxy_39EI
Key Deleted : HKLM\Software\SpeedMaxPC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]

-\\ Google Chrome v29.0.1547.66

[ File : C:\Documents and Settings\andrew quarmby\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3766 octets] - [10/09/2013 19:48:58]
AdwCleaner[S0].txt - [3694 octets] - [10/09/2013 19:54:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3754 octets] ##########

TDSKILLER

ComboFix 13-09-10.03 - andrew quarmby 10/09/2013 20:17:28.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.991.429 [GMT 1:00]
Running from: c:\documents and settings\andrew quarmby\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\offitems.log
c:\windows\system32\msssc.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Files Created from 2013-08-10 to 2013-09-10 )))))))))))))))))))))))))))))))
.
.
2013-09-10 18:48 . 2013-09-10 18:54 -------- d-----w- C:\AdwCleaner
2013-08-15 19:33 . 2013-08-15 19:54 -------- d-----w- c:\windows\system32\MRT
2013-08-13 19:29 . 2013-08-07 11:55 85064 ----a-w- c:\windows\system32\drivers\mfendisk.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-07 12:02 . 2012-11-09 06:56 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-08-07 11:59 . 2013-01-03 20:02 172416 ----a-w- c:\windows\system32\mfevtps.exe
2013-08-07 11:58 . 2012-11-09 06:53 91736 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2013-08-07 11:56 . 2012-11-09 06:51 568632 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-08-07 11:55 . 2012-11-09 06:50 365224 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-08-07 11:55 . 2012-11-09 06:50 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2013-08-07 11:54 . 2012-11-09 06:49 235520 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-08-07 11:53 . 2012-11-09 06:49 133992 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-08-03 13:18 . 2006-10-18 21:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-26 02:47 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-07-10 10:37 . 2004-08-04 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-09 06:34 . 2012-11-02 01:46 10152 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2013-07-09 06:34 . 2012-11-02 01:46 80656 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2013-07-09 06:34 . 2012-11-02 01:46 288056 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2013-07-04 02:59 . 2004-08-04 12:00 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2004-08-03 22:59 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-20 19:06 . 2013-06-20 19:06 0 ----a-w- c:\windows\system32\REN74.tmp
2013-06-12 20:48 . 2013-06-20 19:06 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"SiSPower"="SiSPower.dll" [2004-09-02 49152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-08-06 516912]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-08-06 516912]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Labtec Mouse Software 2.0.lnk - c:\program files\Labtec\Wireless Mouse\MulMouse.exe [2006-1-7 253952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^andrew quarmby^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\andrew quarmby\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^andrew quarmby^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\andrew quarmby\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2005-07-25 12:01 1397760 ------w- c:\program files\Ahead\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 15:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2011-11-18 12:37 1492264 ----a-w- c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2010-10-20 15:32 2192752 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-16 19:45 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 16:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McAfee SiteAdvisor Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Documents and Settings\\andrew quarmby\\Application Data\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\Platform\\McSvcHost\\McSvHost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [10/01/2012 22:05 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [10/01/2012 22:06 12464]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [09/11/2012 07:53 91736]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [22/08/2011 20:02 54776]
R1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [07/01/2006 11:49 6144]
R2 HomeNetSvc;McAfee Home Network;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [03/01/2013 21:02 281560]
R2 LcSvrAdm;ELSA Administration Service;c:\elsawin\bin\LcSvrAdm.exe [28/08/2010 11:59 147456]
R2 LcSvrDba;ELSA DBA Server;c:\elsawin\bin\LcSvrDba.exe [28/08/2010 11:59 241664]
R2 LcSvrHis;ELSA Historie Server;c:\elsawin\bin\LcSvrHis.exe [28/08/2010 11:59 217088]
R2 LcSvrPAS;ELSA PASS Server;c:\elsawin\bin\LcSvrPas.exe [28/08/2010 11:59 368640]
R2 LcSvrSaz;ELSA APOSpro Server;c:\elsawin\bin\LcSvrSaz.exe [05/09/2010 12:07 249856]
R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe [03/01/2013 21:02 145600]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [03/01/2013 21:02 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [03/01/2013 21:02 281560]
R2 mcpltsvc;McAfee Platform Services;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [03/01/2013 21:02 281560]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\Mcafee\AMCore\mcshield.exe [03/01/2013 21:03 638976]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [03/01/2013 21:02 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [03/01/2013 21:02 172416]
R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [13/04/2010 20:11 229688]
R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [25/11/2011 17:32 687400]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/08/2010 10:38 92008]
R2 VSGate;ELSA Vaudis Service;c:\elsawin\bin\VSGate.exe [28/08/2010 11:59 81920]
R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [07/12/2006 22:02 12288]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [09/11/2012 07:56 60920]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;c:\elsawin\bin\LcSvrAuf.exe [28/08/2010 11:59 1306624]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [09/11/2012 07:50 365224]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [02/11/2012 02:46 288056]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [13/08/2013 20:29 85064]
S3 5wtza9h3.sys;5wtza9h3.sys;\??\c:\windows\system32\drivers\5wtza9h3.sys --> c:\windows\system32\drivers\5wtza9h3.sys [?]
S3 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [07/12/2006 22:02 7040]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [11/11/2012 12:56 147472]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [02/11/2012 02:46 80656]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [13/08/2013 20:29 85064]
S3 TFBULK;Topfield USB client driver;c:\windows\system32\drivers\TfBulk.sys [26/08/2003 06:11 41996]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [22/08/2011 20:00 167784]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 04:45 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:11]
.
2013-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2013-09-08 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 11:43]
.
2013-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:13]
.
2013-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:13]
.
2013-09-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/webhp?complete=0
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: {DB28CF23-0083-40B5-BF63-69925D672385} - hxxp://www.nero.com/doc/NeroVersionChecker.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - (no file)
SafeBoot-04682184.sys
SafeBoot-16518178.sys
MSConfigStartUp-DriverUpdaterPro - c:\program files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-10 20:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2000478354-261903793-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2000478354-261903793-682003330-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-2000478354-261903793-682003330-1003)
@Allowed: (Read) (S-1-5-21-2000478354-261903793-682003330-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(992)
c:\windows\system32\WININET.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\windows\system32\rundll32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\McAfee\Platform\mcuicnt.exe
c:\program files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\System32\vssvc.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\mcafee.com\agent\mcupdate.exe
.
**************************************************************************
.
Completion time: 2013-09-10 20:41:58 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-10 19:41
ComboFix2.txt 2011-11-03 19:59
.
Pre-Run: 24,888,037,376 bytes free
Post-Run: 28,915,421,184 bytes free
.
- - End Of File - - E983B51DF6CCEF5EDED5C888205DBD4F
8F558EB6672622401DA993E1E865C861
 
Last edited by a moderator:
yes i made a mess and posted combo log twice, here's the missing tdskiller log

20:01:03.0312 3956 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:01:04.0250 3956 ============================================================
20:01:04.0250 3956 Current date / time: 2013/09/10 20:01:04.0250
20:01:04.0250 3956 SystemInfo:
20:01:04.0250 3956
20:01:04.0250 3956 OS Version: 5.1.2600 ServicePack: 3.0
20:01:04.0250 3956 Product type: Workstation
20:01:04.0250 3956 ComputerName: HOME-DBA9F381EB
20:01:04.0250 3956 UserName: andrew quarmby
20:01:04.0250 3956 Windows directory: C:\WINDOWS
20:01:04.0250 3956 System windows directory: C:\WINDOWS
20:01:04.0250 3956 Processor architecture: Intel x86
20:01:04.0250 3956 Number of processors: 1
20:01:04.0281 3956 Page size: 0x1000
20:01:04.0281 3956 Boot type: Normal boot
20:01:04.0281 3956 ============================================================
20:01:05.0531 3956 Drive \Device\Harddisk0\DR0 - Size: 0x262AE80000 (152.67 Gb), SectorSize: 0x200, Cylinders: 0x4DD9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:01:05.0531 3956 ============================================================
20:01:05.0531 3956 \Device\Harddisk0\DR0:
20:01:05.0531 3956 MBR partitions:
20:01:05.0531 3956 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1314FF99
20:01:05.0531 3956 ============================================================
20:01:05.0562 3956 C: <-> \Device\Harddisk0\DR0\Partition1
20:01:05.0562 3956 ============================================================
20:01:05.0562 3956 Initialize success
20:01:05.0562 3956 ============================================================
20:01:07.0437 3024 ============================================================
20:01:07.0437 3024 Scan started
20:01:07.0437 3024 Mode: Manual;
20:01:07.0437 3024 ============================================================
20:01:07.0656 3024 ================ Scan system memory ========================
20:01:07.0656 3024 System memory - ok
20:01:07.0671 3024 ================ Scan services =============================
20:01:08.0046 3024 5wtza9h3.sys - ok
20:01:08.0078 3024 Abiosdsk - ok
20:01:08.0093 3024 abp480n5 - ok
20:01:08.0437 3024 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
20:01:08.0453 3024 ACDaemon - ok
20:01:08.0515 3024 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:01:08.0546 3024 ACPI - ok
20:01:08.0609 3024 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:01:08.0625 3024 ACPIEC - ok
20:01:08.0750 3024 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:01:08.0781 3024 AdobeFlashPlayerUpdateSvc - ok
20:01:08.0796 3024 adpu160m - ok
20:01:08.0875 3024 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
20:01:08.0875 3024 aeaudio - ok
20:01:08.0921 3024 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:01:08.0921 3024 aec - ok
20:01:08.0968 3024 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\WINDOWS\system32\drivers\Afc.sys
20:01:08.0984 3024 Afc - ok
20:01:09.0046 3024 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:01:09.0375 3024 AFD - ok
20:01:09.0406 3024 Aha154x - ok
20:01:09.0421 3024 aic78u2 - ok
20:01:09.0468 3024 aic78xx - ok
20:01:09.0515 3024 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:01:09.0531 3024 Alerter - ok
20:01:09.0562 3024 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:01:09.0562 3024 ALG - ok
20:01:09.0593 3024 AliIde - ok
20:01:09.0656 3024 [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
20:01:09.0671 3024 AmdK7 - ok
20:01:09.0703 3024 amsint - ok
20:01:09.0953 3024 [ 43DC4FC662DF064535E30B17C8B5AB00 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
20:01:09.0953 3024 Apple Mobile Device - ok
20:01:10.0031 3024 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:01:10.0046 3024 AppMgmt - ok
20:01:10.0062 3024 asc - ok
20:01:10.0093 3024 asc3350p - ok
20:01:10.0125 3024 asc3550 - ok
20:01:10.0250 3024 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:01:10.0265 3024 aspnet_state - ok
20:01:10.0328 3024 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:01:10.0343 3024 AsyncMac - ok
20:01:10.0375 3024 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:01:10.0390 3024 atapi - ok
20:01:10.0406 3024 Atdisk - ok
20:01:10.0437 3024 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:01:10.0468 3024 Atmarpc - ok
20:01:10.0531 3024 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:01:10.0546 3024 AudioSrv - ok
20:01:10.0609 3024 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:01:10.0609 3024 audstub - ok
20:01:10.0765 3024 [ CC9EB3EE0A1BC422E9E91A16C9984D76 ] AVerBDA C:\WINDOWS\system32\DRIVERS\AVerBDA3x.sys
20:01:10.0875 3024 AVerBDA - ok
20:01:10.0937 3024 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:01:10.0937 3024 Beep - ok
20:01:11.0015 3024 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:01:11.0250 3024 BITS - ok
20:01:11.0328 3024 [ 04E84C8049EE93614A2FF6D676D1E247 ] BlueletAudio C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
20:01:11.0328 3024 BlueletAudio - ok
20:01:11.0406 3024 [ 55F24E6EC983FCC7510293B05A27CEEC ] BlueSoleil Hid Service C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
20:01:11.0406 3024 BlueSoleil Hid Service - ok
20:01:11.0484 3024 [ E9A820314E7F8B492A4553BCE2D45931 ] Bonifay C:\WINDOWS\system32\DRIVERS\Bonifay.sys
20:01:11.0750 3024 Bonifay - ok
20:01:11.0812 3024 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:01:11.0812 3024 Bonjour Service - ok
20:01:11.0906 3024 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
20:01:11.0906 3024 Browser - ok
20:01:11.0984 3024 [ D1813668A0117AE05BC0B81C874F91D4 ] BT C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
20:01:11.0984 3024 BT - ok
20:01:12.0015 3024 [ 98E9CCB681EAC4FBE00133E46D0DA790 ] Btcsrusb C:\WINDOWS\system32\Drivers\btcusb.sys
20:01:12.0015 3024 Btcsrusb - ok
20:01:12.0062 3024 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
20:01:12.0078 3024 BthEnum - ok
20:01:12.0125 3024 [ 161969D2DD1D39CD2F1EDBC60C61FA99 ] BTHidEnum C:\WINDOWS\system32\DRIVERS\vbtenum.sys
20:01:12.0437 3024 BTHidEnum - ok
20:01:12.0468 3024 [ A9164C2A39BD917B9F42AE087560AC3D ] BTHidMgr C:\WINDOWS\system32\Drivers\BTHidMgr.sys
20:01:12.0781 3024 BTHidMgr - ok
20:01:12.0828 3024 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
20:01:12.0828 3024 BthPan - ok
20:01:12.0906 3024 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
20:01:12.0937 3024 BTHPORT - ok
20:01:13.0000 3024 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
20:01:13.0000 3024 BthServ - ok
20:01:13.0062 3024 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
20:01:13.0078 3024 BTHUSB - ok
20:01:13.0171 3024 [ CDD70BF480385425DBDD33A9093957C2 ] Cap7134 C:\WINDOWS\system32\DRIVERS\Cap7134.sys
20:01:13.0203 3024 Cap7134 - ok
20:01:13.0328 3024 catchme - ok
20:01:13.0390 3024 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:01:13.0406 3024 cbidf2k - ok
20:01:13.0453 3024 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:01:13.0468 3024 CCDECODE - ok
20:01:13.0484 3024 cd20xrnt - ok
20:01:13.0515 3024 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:01:13.0515 3024 Cdaudio - ok
20:01:13.0578 3024 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:01:13.0593 3024 Cdfs - ok
20:01:13.0625 3024 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:01:13.0656 3024 Cdrom - ok
20:01:13.0781 3024 [ 67FEF1CA7EF8541670BE38520097C2C9 ] cfwids C:\WINDOWS\system32\drivers\cfwids.sys
20:01:13.0781 3024 cfwids - ok
20:01:13.0812 3024 Changer - ok
20:01:13.0859 3024 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:01:13.0875 3024 CiSvc - ok
20:01:13.0906 3024 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:01:13.0906 3024 ClipSrv - ok
20:01:13.0984 3024 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:01:14.0015 3024 clr_optimization_v2.0.50727_32 - ok
20:01:14.0125 3024 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:01:14.0156 3024 clr_optimization_v4.0.30319_32 - ok
20:01:14.0187 3024 CmdIde - ok
20:01:14.0218 3024 COMSysApp - ok
20:01:14.0265 3024 Cpqarray - ok
20:01:14.0328 3024 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:01:14.0343 3024 CryptSvc - ok
20:01:14.0359 3024 dac2w2k - ok
20:01:14.0390 3024 dac960nt - ok
20:01:14.0468 3024 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:01:14.0500 3024 DcomLaunch - ok
20:01:14.0562 3024 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:01:14.0578 3024 Dhcp - ok
20:01:14.0609 3024 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:01:14.0609 3024 Disk - ok
20:01:14.0640 3024 dmadmin - ok
20:01:14.0734 3024 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:01:14.0796 3024 dmboot - ok
20:01:14.0828 3024 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:01:14.0875 3024 dmio - ok
20:01:14.0906 3024 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:01:14.0921 3024 dmload - ok
20:01:14.0968 3024 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:01:14.0968 3024 dmserver - ok
20:01:15.0031 3024 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:01:15.0031 3024 DMusic - ok
20:01:15.0093 3024 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:01:15.0109 3024 Dnscache - ok
20:01:15.0171 3024 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:01:15.0187 3024 Dot3svc - ok
20:01:15.0218 3024 dpti2o - ok
20:01:15.0265 3024 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:01:15.0265 3024 drmkaud - ok
20:01:15.0296 3024 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:01:15.0328 3024 EapHost - ok
20:01:15.0375 3024 [ 12CDB5DC7774298223099D6E41ED5CE7 ] EPSONStatusAgent2 C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
20:01:15.0390 3024 EPSONStatusAgent2 - ok
20:01:15.0453 3024 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:01:15.0453 3024 ERSvc - ok
20:01:15.0531 3024 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:01:15.0531 3024 Eventlog - ok
20:01:15.0609 3024 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
20:01:15.0625 3024 EventSystem - ok
20:01:15.0703 3024 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:01:15.0718 3024 Fastfat - ok
20:01:15.0750 3024 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:01:15.0765 3024 FastUserSwitchingCompatibility - ok
20:01:15.0812 3024 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:01:15.0812 3024 Fdc - ok
20:01:15.0843 3024 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:01:15.0859 3024 Fips - ok
20:01:15.0890 3024 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:01:15.0906 3024 Flpydisk - ok
20:01:15.0921 3024 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:01:15.0953 3024 FltMgr - ok
20:01:16.0046 3024 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:01:16.0062 3024 FontCache3.0.0.0 - ok
20:01:16.0093 3024 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:01:16.0093 3024 Fs_Rec - ok
20:01:16.0125 3024 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:01:16.0156 3024 Ftdisk - ok
20:01:16.0203 3024 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
20:01:16.0203 3024 gameenum - ok
20:01:16.0359 3024 [ F2F431D1573EE632975C524418655B84 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:01:16.0359 3024 GEARAspiWDM - ok
20:01:16.0406 3024 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
20:01:16.0421 3024 giveio - ok
20:01:16.0453 3024 [ 829870058335703AF4B95CBC1F83AFFC ] Gonzales C:\WINDOWS\system32\DRIVERS\Gonzales.sys
20:01:16.0687 3024 Gonzales - ok
20:01:16.0906 3024 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:01:16.0906 3024 Gpc - ok
20:01:17.0078 3024 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:01:17.0093 3024 gupdate - ok
20:01:17.0140 3024 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:01:17.0140 3024 gupdatem - ok
20:01:17.0218 3024 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:01:17.0234 3024 gusvc - ok
20:01:17.0328 3024 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:01:17.0328 3024 helpsvc - ok
20:01:17.0359 3024 HidServ - ok
20:01:17.0421 3024 [ 8F72C4916A288485812745DC5AF873FC ] HipShieldK C:\WINDOWS\system32\drivers\HipShieldK.sys
20:01:17.0453 3024 HipShieldK - ok
20:01:17.0515 3024 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:01:17.0546 3024 hkmsvc - ok
20:01:17.0656 3024 [ 5007E21208DA68F60EBF43352BDFE6D0 ] HomeNetSvc C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
20:01:17.0656 3024 HomeNetSvc - ok
20:01:17.0687 3024 hpn - ok
20:01:17.0781 3024 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:01:17.0781 3024 HTTP - ok
20:01:17.0828 3024 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:01:17.0859 3024 HTTPFilter - ok
20:01:17.0875 3024 i2omgmt - ok
20:01:17.0906 3024 i2omp - ok
20:01:17.0953 3024 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:01:17.0984 3024 i8042prt - ok
20:01:18.0078 3024 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:01:18.0125 3024 idsvc - ok
20:01:18.0171 3024 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:01:18.0203 3024 Imapi - ok
20:01:18.0281 3024 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:01:18.0296 3024 ImapiService - ok
20:01:18.0359 3024 [ D075EC26F410E5FE1CC3688BCF78609F ] InCDfs C:\WINDOWS\system32\drivers\InCDfs.sys
20:01:18.0375 3024 InCDfs - ok
20:01:18.0406 3024 [ 1267811F30CECCB72E97DC33742ABEA2 ] InCDPass C:\WINDOWS\system32\DRIVERS\InCDPass.sys
20:01:18.0406 3024 InCDPass - ok
20:01:18.0421 3024 [ BB4E2C719B745E27E55EDBCB1230C205 ] InCDrec C:\WINDOWS\system32\drivers\InCDrec.sys
20:01:18.0437 3024 InCDrec - ok
20:01:18.0453 3024 [ 9589D693B003D2A4D044A2476A827E11 ] incdrm C:\WINDOWS\system32\drivers\incdrm.sys
20:01:18.0718 3024 incdrm - ok
20:01:18.0859 3024 [ 222B59D2655EE0C831F9317A14A49B0F ] InCDsrv C:\Program Files\Ahead\InCD\InCDsrv.exe
20:01:18.0921 3024 InCDsrv - ok
20:01:18.0953 3024 ini910u - ok
20:01:19.0000 3024 IntelIde - ok
20:01:19.0062 3024 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:01:19.0078 3024 Ip6Fw - ok
20:01:19.0125 3024 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:01:19.0140 3024 IpFilterDriver - ok
20:01:19.0171 3024 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:01:19.0171 3024 IpInIp - ok
20:01:19.0234 3024 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:01:19.0250 3024 IpNat - ok
20:01:19.0328 3024 [ F055C1760ABFA52B159985E551EA0EDC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:01:19.0390 3024 iPod Service - ok
20:01:19.0437 3024 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:01:19.0453 3024 IPSec - ok
20:01:19.0500 3024 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:01:19.0515 3024 IRENUM - ok
20:01:19.0562 3024 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:01:19.0562 3024 isapnp - ok
20:01:19.0593 3024 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:01:19.0593 3024 Kbdclass - ok
20:01:19.0640 3024 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:01:19.0640 3024 kmixer - ok
20:01:19.0687 3024 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:01:19.0718 3024 KSecDD - ok
20:01:19.0796 3024 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:01:19.0812 3024 lanmanserver - ok
20:01:19.0875 3024 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:01:19.0890 3024 lanmanworkstation - ok
20:01:19.0921 3024 lbrtfdc - ok
20:01:20.0031 3024 [ 713F1E5ED4E18B0414DE5ECB60975F4D ] LcSvrAdm C:\ElsaWin\bin\LcSvrAdm.exe
20:01:20.0046 3024 LcSvrAdm - ok
20:01:20.0156 3024 [ C3870CEE13704E8CB49E475F75061CB1 ] LcSvrAuf C:\ElsaWin\bin\LcSvrAuf.exe
20:01:20.0234 3024 LcSvrAuf - ok
20:01:20.0265 3024 [ B569D65200A695D7C0BB7E519D984E45 ] LcSvrDba C:\ElsaWin\bin\LcSvrDba.exe
20:01:20.0281 3024 LcSvrDba - ok
20:01:20.0328 3024 [ 034D216702B88BFC9C8C0DAFD59F2CBF ] LcSvrHis C:\ElsaWin\bin\LcSvrHis.exe
20:01:20.0343 3024 LcSvrHis - ok
20:01:20.0375 3024 [ 0FF861408A309DE6620144025DDBBAD1 ] LcSvrPAS C:\ElsaWin\bin\LcSvrPas.exe
20:01:20.0406 3024 LcSvrPAS - ok
20:01:20.0437 3024 [ BDBA138EBAD70F88DDD4EB0C88F20800 ] LcSvrSaz C:\ElsaWin\bin\LcSvrSaz.exe
20:01:20.0453 3024 LcSvrSaz - ok
20:01:20.0531 3024 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:01:20.0562 3024 LmHosts - ok
20:01:20.0656 3024 [ ECAB006AC6136F1307E140B633CDB8C2 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
20:01:20.0671 3024 McAfee SiteAdvisor Service - ok
20:01:20.0859 3024 [ CCB60B6820DF49646D5D97CBEC12D7B3 ] McAPExe C:\Program Files\McAfee\MSC\McAPExe.exe
20:01:20.0890 3024 McAPExe - ok
20:01:20.0921 3024 [ 5007E21208DA68F60EBF43352BDFE6D0 ] McMPFSvc C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
20:01:20.0937 3024 McMPFSvc - ok
20:01:20.0968 3024 [ 5007E21208DA68F60EBF43352BDFE6D0 ] McNaiAnn C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
20:01:20.0968 3024 McNaiAnn - ok
20:01:21.0078 3024 [ 3A01047FFF666D33EBDE3513D20DA1F5 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
20:01:21.0078 3024 McODS - ok
20:01:21.0125 3024 [ 5007E21208DA68F60EBF43352BDFE6D0 ] mcpltsvc C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
20:01:21.0140 3024 mcpltsvc - ok
20:01:21.0171 3024 [ 5007E21208DA68F60EBF43352BDFE6D0 ] McProxy C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
20:01:21.0171 3024 McProxy - ok
20:01:21.0234 3024 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:01:21.0265 3024 Messenger - ok
20:01:21.0328 3024 [ 65DF665FDED501263D0CC3D6E0E9DC7F ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
20:01:21.0328 3024 mfeapfk - ok
20:01:21.0375 3024 [ AF069594C9D062B1DA9128E21E6A0FC7 ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
20:01:21.0406 3024 mfeavfk - ok
20:01:21.0453 3024 [ 2619A2839439AB73901AEA77259B302E ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
20:01:21.0453 3024 mfebopk - ok
20:01:21.0546 3024 [ 2DA577B09944F3B4E8751CEEB733D380 ] mfecore C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
20:01:21.0562 3024 mfecore - ok
20:01:21.0640 3024 [ F9505D12D562549815D680C32E56D80C ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
20:01:21.0656 3024 mfefire - ok
20:01:21.0750 3024 [ DB608133C5E66B300EC0B86DAE115EC1 ] mfefirek C:\WINDOWS\system32\drivers\mfefirek.sys
20:01:21.0859 3024 mfefirek - ok
20:01:21.0921 3024 [ C0C70B2C66B8525BAED8448BEE3B90A1 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
20:01:22.0062 3024 mfehidk - ok
20:01:22.0140 3024 [ A53DD250107293390D24D0AD80F872E1 ] mfencbdc C:\WINDOWS\system32\DRIVERS\mfencbdc.sys
20:01:22.0171 3024 mfencbdc - ok
20:01:22.0250 3024 [ 38CF6C1A74A5AC6D341B735208FB8ED8 ] mfencrk C:\WINDOWS\system32\DRIVERS\mfencrk.sys
20:01:22.0250 3024 mfencrk - ok
20:01:22.0312 3024 [ 59BEB360BAD0B6B903E828ECCCB9A7A6 ] mfendisk C:\WINDOWS\system32\DRIVERS\mfendisk.sys
20:01:22.0328 3024 mfendisk - ok
20:01:22.0359 3024 [ 59BEB360BAD0B6B903E828ECCCB9A7A6 ] mfendiskmp C:\WINDOWS\system32\DRIVERS\mfendisk.sys
20:01:22.0359 3024 mfendiskmp - ok
20:01:22.0437 3024 [ 6D1837A171A394643483DE23C7ECBE99 ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys
20:01:22.0453 3024 mfetdi2k - ok
20:01:22.0562 3024 [ 3EB57CFC149C8B702B22424DC870CD8C ] mfevtp C:\WINDOWS\system32\mfevtps.exe
20:01:22.0562 3024 mfevtp - ok
20:01:22.0640 3024 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:01:22.0640 3024 mnmdd - ok
20:01:22.0750 3024 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:01:22.0765 3024 mnmsrvc - ok
20:01:22.0859 3024 [ 35176FA09A0FC58DB630991A81A0BA39 ] MOBKbackup C:\Program Files\McAfee Online Backup\MOBKbackup.exe
20:01:22.0859 3024 MOBKbackup - ok
20:01:22.0906 3024 [ E896775837A8BCE436348DF460522394 ] MOBKFilter C:\WINDOWS\system32\DRIVERS\MOBK.sys
20:01:22.0906 3024 MOBKFilter - ok
20:01:22.0968 3024 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:01:22.0984 3024 Modem - ok
20:01:23.0015 3024 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:01:23.0031 3024 Mouclass - ok
20:01:23.0078 3024 [ A4A897EC59CE8C52D2537DA00128EF40 ] moufiltr C:\WINDOWS\system32\drivers\moufiltr.sys
20:01:23.0390 3024 moufiltr - ok
20:01:23.0421 3024 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:01:23.0421 3024 MountMgr - ok
20:01:23.0468 3024 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
20:01:23.0468 3024 MPE - ok
20:01:23.0500 3024 mraid35x - ok
20:01:23.0546 3024 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:01:23.0546 3024 MRxDAV - ok
20:01:23.0609 3024 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:01:23.0656 3024 MRxSmb - ok
20:01:23.0718 3024 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:01:23.0765 3024 MSDTC - ok
20:01:23.0859 3024 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:01:23.0859 3024 Msfs - ok
20:01:23.0890 3024 MSIServer - ok
20:01:23.0937 3024 [ 5007E21208DA68F60EBF43352BDFE6D0 ] MSK80Service C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
20:01:23.0937 3024 MSK80Service - ok
20:01:23.0968 3024 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:01:23.0984 3024 MSKSSRV - ok
20:01:24.0046 3024 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:01:24.0078 3024 MSPCLOCK - ok
20:01:24.0125 3024 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:01:24.0156 3024 MSPQM - ok
20:01:24.0218 3024 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:01:24.0218 3024 mssmbios - ok
20:01:24.0265 3024 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:01:24.0296 3024 MSTEE - ok
20:01:24.0375 3024 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:01:24.0406 3024 Mup - ok
20:01:24.0468 3024 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:01:24.0515 3024 NABTSFEC - ok
20:01:24.0625 3024 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:01:24.0703 3024 napagent - ok
20:01:24.0859 3024 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
20:01:24.0937 3024 NAUpdate - ok
20:01:24.0968 3024 [ 0AE25530894A934C6CA600865C6E9D7C ] NBVol C:\WINDOWS\system32\DRIVERS\NBVol.sys
20:01:24.0984 3024 NBVol - ok
20:01:25.0046 3024 [ 1DDCEF3039C9D90AF3529DEE6699967D ] NBVolUp C:\WINDOWS\system32\DRIVERS\NBVolUp.sys
20:01:25.0078 3024 NBVolUp - ok
20:01:25.0125 3024 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:01:25.0140 3024 NDIS - ok
20:01:25.0203 3024 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:01:25.0218 3024 NdisIP - ok
20:01:25.0265 3024 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:01:25.0937 3024 NdisTapi - ok
20:01:26.0000 3024 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:01:26.0031 3024 Ndisuio - ok
20:01:26.0062 3024 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:01:26.0078 3024 NdisWan - ok
20:01:26.0125 3024 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:01:26.0218 3024 NDProxy - ok
20:01:26.0281 3024 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:01:26.0312 3024 NetBIOS - ok
20:01:26.0390 3024 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:01:26.0484 3024 NetBT - ok
20:01:26.0578 3024 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:01:26.0609 3024 NetDDE - ok
20:01:26.0640 3024 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:01:26.0656 3024 NetDDEdsdm - ok
20:01:26.0718 3024 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:01:26.0718 3024 Netlogon - ok
20:01:26.0828 3024 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:01:26.0828 3024 Netman - ok
20:01:26.0890 3024 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:01:27.0062 3024 NetTcpPortSharing - ok
20:01:27.0125 3024 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:01:27.0140 3024 Nla - ok
20:01:27.0203 3024 [ 48FB907B069524F2DC7BA62A0762850C ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
20:01:27.0250 3024 nmwcd - ok
20:01:27.0296 3024 [ 2914CEB789964141AC6E22C6BC980C42 ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
20:01:27.0312 3024 nmwcdc - ok
20:01:27.0343 3024 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:01:27.0375 3024 Npfs - ok
20:01:27.0453 3024 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:01:27.0515 3024 Ntfs - ok
20:01:27.0593 3024 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:01:27.0609 3024 NtLmSsp - ok
20:01:27.0656 3024 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:01:27.0687 3024 NtmsSvc - ok
20:01:27.0734 3024 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:01:27.0765 3024 Null - ok
20:01:27.0828 3024 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:01:27.0843 3024 NwlnkFlt - ok
20:01:27.0875 3024 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:01:27.0906 3024 NwlnkFwd - ok
20:01:27.0968 3024 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:01:28.0046 3024 Parport - ok
20:01:28.0109 3024 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:01:28.0171 3024 PartMgr - ok
20:01:28.0234 3024 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:01:28.0234 3024 ParVdm - ok
20:01:28.0281 3024 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
20:01:28.0296 3024 pccsmcfd - ok
20:01:28.0328 3024 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:01:28.0359 3024 PCI - ok
20:01:28.0375 3024 PCIDump - ok
20:01:28.0453 3024 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:01:28.0484 3024 PCIIde - ok
20:01:28.0546 3024 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:01:28.0578 3024 Pcmcia - ok
20:01:28.0609 3024 PDCOMP - ok
20:01:28.0625 3024 PDFRAME - ok
20:01:28.0687 3024 PDRELI - ok
20:01:28.0703 3024 PDRFRAME - ok
20:01:28.0734 3024 perc2 - ok
20:01:28.0781 3024 perc2hib - ok
20:01:28.0859 3024 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:01:28.0859 3024 PlugPlay - ok
20:01:28.0890 3024 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:01:28.0906 3024 PolicyAgent - ok
20:01:29.0000 3024 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:01:29.0015 3024 PptpMiniport - ok
20:01:29.0046 3024 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:01:29.0046 3024 ProtectedStorage - ok
20:01:29.0078 3024 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:01:29.0109 3024 PSched - ok
20:01:29.0187 3024 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:01:29.0203 3024 Ptilink - ok
20:01:29.0265 3024 [ 5A23C56E73E51B29E142FB3F9A0890EE ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
20:01:29.0281 3024 PxHelp20 - ok
20:01:29.0312 3024 ql1080 - ok
20:01:29.0390 3024 Ql10wnt - ok
20:01:29.0421 3024 ql12160 - ok
20:01:29.0453 3024 ql1240 - ok
20:01:29.0484 3024 ql1280 - ok
20:01:29.0546 3024 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:01:29.0640 3024 RasAcd - ok
20:01:29.0703 3024 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:01:29.0796 3024 RasAuto - ok
20:01:29.0812 3024 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:01:29.0859 3024 Rasl2tp - ok
20:01:29.0937 3024 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:01:29.0968 3024 RasMan - ok
20:01:30.0031 3024 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:01:30.0046 3024 RasPppoe - ok
20:01:30.0078 3024 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:01:30.0109 3024 Raspti - ok
20:01:30.0140 3024 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:01:30.0234 3024 Rdbss - ok
20:01:30.0265 3024 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:01:30.0296 3024 RDPCDD - ok
20:01:30.0359 3024 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:01:30.0453 3024 rdpdr - ok
20:01:30.0531 3024 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:01:30.0562 3024 RDPWD - ok
20:01:30.0640 3024 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:01:30.0718 3024 RDSessMgr - ok
20:01:30.0734 3024 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:01:30.0765 3024 redbook - ok
20:01:30.0843 3024 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:01:30.0859 3024 RemoteAccess - ok
20:01:30.0937 3024 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:01:30.0953 3024 RemoteRegistry - ok
20:01:31.0031 3024 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
20:01:31.0046 3024 RFCOMM - ok
20:01:31.0125 3024 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
20:01:31.0203 3024 ROOTMODEM - ok
20:01:31.0234 3024 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
20:01:31.0250 3024 RpcLocator - ok
20:01:31.0296 3024 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
20:01:31.0312 3024 RpcSs - ok
20:01:31.0359 3024 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:01:31.0406 3024 RSVP - ok
20:01:31.0437 3024 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:01:31.0437 3024 SamSs - ok
20:01:31.0484 3024 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:01:31.0578 3024 SCardSvr - ok
20:01:31.0687 3024 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:01:31.0718 3024 Schedule - ok
20:01:31.0812 3024 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:01:31.0859 3024 Secdrv - ok
20:01:31.0906 3024 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:01:31.0937 3024 seclogon - ok
20:01:31.0984 3024 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:01:32.0000 3024 SENS - ok
20:01:32.0078 3024 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:01:32.0140 3024 serenum - ok
20:01:32.0156 3024 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:01:32.0187 3024 Serial - ok
20:01:32.0281 3024 [ 7D3903AF48E6C1DC2704EAFCB608D031 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
20:01:33.0406 3024 ServiceLayer - ok
20:01:33.0578 3024 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:01:33.0593 3024 Sfloppy - ok
20:01:33.0703 3024 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:01:33.0734 3024 SharedAccess - ok
20:01:33.0796 3024 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:01:33.0828 3024 ShellHWDetection - ok
20:01:33.0843 3024 Simbad - ok
20:01:33.0921 3024 [ DE19E1DDD5CC69781599781B32E5E887 ] SiS315 C:\WINDOWS\system32\DRIVERS\sisgrp.sys
20:01:33.0953 3024 SiS315 - ok
20:01:34.0015 3024 [ 61CA562DEF09A782D26B3E7EDEC5369A ] SISAGP C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
20:01:34.0031 3024 SISAGP - ok
20:01:34.0078 3024 [ B4485881BD8AED9B157A2E6CF43C2D51 ] SiSide C:\WINDOWS\system32\DRIVERS\siside.sys
20:01:34.0375 3024 SiSide - ok
20:01:34.0406 3024 [ 6225224B8E846AC230F8D9B343635910 ] sisidex C:\WINDOWS\system32\drivers\sisidex.sys
20:01:34.0437 3024 sisidex - ok
20:01:34.0484 3024 [ 88270F73C67D0D40E05E4062E8CD78F5 ] SiSkp C:\WINDOWS\system32\DRIVERS\srvkp.sys
20:01:34.0500 3024 SiSkp - ok
20:01:34.0593 3024 [ 3FBB6EF8B5A71A2FA11F5F461BB73219 ] SISNIC C:\WINDOWS\system32\DRIVERS\sisnic.sys
20:01:34.0656 3024 SISNIC - ok
20:01:34.0718 3024 [ A1348A901A44760CCD76043525E851D0 ] SISNICXP C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
20:01:34.0796 3024 SISNICXP - ok
20:01:34.0828 3024 [ 596D4A7052002D2BD344D8937DA6F66D ] sisperf C:\WINDOWS\system32\drivers\sisperf.sys
20:01:35.0140 3024 sisperf - ok
20:01:35.0234 3024 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:01:35.0281 3024 SLIP - ok
20:01:35.0437 3024 [ BF208C85119770E6A9B6577019A3D810 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
20:01:35.0500 3024 smwdm - ok
20:01:35.0625 3024 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
20:01:35.0625 3024 SoundMAX Agent Service (default) - ok
20:01:35.0687 3024 Sparrow - ok
20:01:35.0718 3024 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:01:35.0718 3024 splitter - ok
20:01:35.0828 3024 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:01:35.0828 3024 Spooler - ok
20:01:35.0875 3024 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:01:35.0890 3024 sr - ok
20:01:35.0984 3024 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:01:36.0015 3024 srservice - ok
20:01:36.0140 3024 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:01:36.0156 3024 Srv - ok
20:01:36.0203 3024 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:01:36.0218 3024 SSDPSRV - ok
20:01:36.0281 3024 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:01:36.0359 3024 stisvc - ok
20:01:36.0437 3024 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:01:36.0453 3024 streamip - ok
20:01:36.0500 3024 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:01:36.0546 3024 swenum - ok
20:01:36.0656 3024 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:01:36.0671 3024 swmidi - ok
20:01:36.0734 3024 SwPrv - ok
20:01:36.0765 3024 symc810 - ok
20:01:36.0796 3024 symc8xx - ok
20:01:36.0859 3024 sym_hi - ok
20:01:36.0890 3024 sym_u3 - ok
20:01:36.0968 3024 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:01:36.0984 3024 sysaudio - ok
20:01:37.0046 3024 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:01:37.0093 3024 SysmonLog - ok
20:01:37.0156 3024 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:01:37.0218 3024 TapiSrv - ok
20:01:37.0296 3024 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:01:37.0359 3024 Tcpip - ok
20:01:37.0421 3024 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:01:37.0421 3024 TDPIPE - ok
20:01:37.0468 3024 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:01:37.0484 3024 TDTCP - ok
20:01:37.0625 3024 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:01:37.0640 3024 TermDD - ok
20:01:37.0718 3024 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:01:37.0734 3024 TermService - ok
20:01:37.0828 3024 [ 3277348470B550C99ABC2B7324248ED6 ] TFBULK C:\WINDOWS\system32\drivers\TfBulk.sys
20:01:37.0828 3024 TFBULK - ok
20:01:37.0906 3024 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:01:37.0906 3024 Themes - ok
20:01:37.0984 3024 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:01:38.0031 3024 TlntSvr - ok
20:01:38.0125 3024 [ 747E60B773E95F6C93D5621B550D6865 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
20:01:38.0125 3024 TomTomHOMEService - ok
20:01:38.0156 3024 TosIde - ok
20:01:38.0234 3024 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:01:38.0234 3024 TrkWks - ok
20:01:38.0312 3024 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys
20:01:38.0328 3024 uagp35 - ok
20:01:38.0390 3024 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:01:38.0406 3024 Udfs - ok
20:01:38.0437 3024 ultra - ok
20:01:38.0484 3024 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:01:38.0750 3024 Update - ok
20:01:38.0859 3024 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:01:38.0921 3024 upnphost - ok
20:01:38.0968 3024 [ E526A166E6ACAFD0A9B3841D3941669E ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
20:01:38.0984 3024 upperdev - ok
20:01:39.0031 3024 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:01:39.0046 3024 UPS - ok
20:01:39.0109 3024 [ 026F7F224F088EE11E383BCA448FFF81 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
20:01:39.0109 3024 USBAAPL - ok
20:01:39.0171 3024 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:01:39.0171 3024 usbccgp - ok
20:01:39.0203 3024 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:01:39.0234 3024 usbehci - ok
20:01:39.0312 3024 [ C1BD31AC0C1397FA7CD0A23012C87A10 ] UsbFltr C:\WINDOWS\system32\drivers\UsbFltr.sys
20:01:39.0328 3024 UsbFltr - ok
20:01:39.0359 3024 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:01:39.0375 3024 usbhub - ok
20:01:39.0406 3024 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:01:39.0453 3024 usbohci - ok
20:01:39.0468 3024 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:01:39.0484 3024 usbprint - ok
20:01:39.0515 3024 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:01:39.0531 3024 usbscan - ok
20:01:39.0578 3024 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
20:01:39.0609 3024 usbser - ok
20:01:39.0640 3024 [ 6F3E3C6811B930D2414552A2E4A40F36 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
20:01:39.0671 3024 UsbserFilt - ok
20:01:39.0718 3024 [ CAAD3467FBFAE8A380F67E9C7150A85E ] usbsermpt C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
20:01:39.0734 3024 usbsermpt - ok
20:01:39.0828 3024 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:01:39.0843 3024 USBSTOR - ok
20:01:39.0890 3024 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
20:01:39.0906 3024 usbvideo - ok
20:01:39.0953 3024 [ 9EBEE4A060C5364A31AEAA04EAC2AF1E ] VComm C:\WINDOWS\system32\DRIVERS\VComm.sys
20:01:39.0968 3024 VComm - ok
20:01:40.0062 3024 [ 630BBDBF5490F8F57ABE650DA63661A0 ] VcommMgr C:\WINDOWS\system32\Drivers\VcommMgr.sys
20:01:40.0078 3024 VcommMgr - ok
20:01:40.0140 3024 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:01:40.0140 3024 VgaSave - ok
20:01:40.0171 3024 ViaIde - ok
20:01:40.0234 3024 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:01:40.0250 3024 VolSnap - ok
20:01:40.0328 3024 [ 0CB074812F0BBE5FD77A3B726EB2118E ] VSGate C:\ElsaWin\bin\VSgate.exe
20:01:40.0328 3024 VSGate - ok
20:01:40.0406 3024 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:01:40.0437 3024 VSS - ok
20:01:40.0468 3024 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
20:01:40.0484 3024 W32Time - ok
20:01:40.0578 3024 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:01:40.0578 3024 Wanarp - ok
20:01:40.0656 3024 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
20:01:40.0687 3024 Wdf01000 - ok
20:01:40.0718 3024 WDICA - ok
20:01:40.0765 3024 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:01:40.0765 3024 wdmaud - ok
20:01:40.0828 3024 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:01:40.0828 3024 WebClient - ok
20:01:40.0968 3024 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:01:40.0984 3024 winmgmt - ok
20:01:41.0078 3024 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:01:41.0093 3024 WmdmPmSN - ok
20:01:41.0156 3024 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:01:41.0187 3024 Wmi - ok
20:01:41.0234 3024 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:01:41.0265 3024 WmiApSrv - ok
20:01:41.0359 3024 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:01:41.0390 3024 WMPNetworkSvc - ok
20:01:41.0437 3024 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:01:41.0437 3024 WpdUsb - ok
20:01:41.0656 3024 [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:01:41.0765 3024 WPFFontCache_v0400 - ok
20:01:41.0843 3024 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:01:41.0859 3024 wscsvc - ok
20:01:41.0906 3024 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:01:41.0906 3024 WSTCODEC - ok
20:01:41.0953 3024 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:01:41.0968 3024 wuauserv - ok
20:01:42.0031 3024 [ 50EB9E21963B4F06FD010D007D54351B ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:01:42.0078 3024 WudfPf - ok
20:01:42.0125 3024 [ 6E209664BDEA8A15B5E8E480D6C607C2 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:01:42.0125 3024 WudfRd - ok
20:01:42.0187 3024 [ AE93084D2D236887BA56467AE42B4955 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:01:42.0218 3024 WudfSvc - ok
20:01:42.0296 3024 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:01:42.0359 3024 WZCSVC - ok
20:01:42.0390 3024 xcpip - ok
20:01:42.0468 3024 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:01:42.0484 3024 xmlprov - ok
20:01:42.0515 3024 xpsec - ok
20:01:42.0562 3024 ================ Scan global ===============================
20:01:42.0640 3024 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:01:42.0718 3024 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
20:01:42.0781 3024 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
20:01:42.0812 3024 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:01:42.0828 3024 [Global] - ok
20:01:42.0828 3024 ================ Scan MBR ==================================
20:01:42.0859 3024 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:01:43.0031 3024 \Device\Harddisk0\DR0 - ok
20:01:43.0046 3024 ================ Scan VBR ==================================
20:01:43.0062 3024 [ 3F36D3EA03801677D0286EE7A51D19EC ] \Device\Harddisk0\DR0\Partition1
20:01:43.0062 3024 \Device\Harddisk0\DR0\Partition1 - ok
20:01:43.0078 3024 ============================================================
20:01:43.0078 3024 Scan finished
20:01:43.0078 3024 ============================================================
20:01:43.0109 3656 Detected object count: 0
20:01:43.0109 3656 Actual detected object count: 0
 
Ok, we need to remove a bad driver, please do the following.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
Driver::

5wtza9h3.sys



3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

I'm also still waiting for the add-remove programs log from my previous post.
 
hi john
where is the add/remove programs log? i've done your latest task, the popups are still coming. Latest Combofix log below. i'm on holiday to Greece tomorrow so it'll be the 20th or thereabouts before i next respond. many thanks for your help so far.

Combofix log

ComboFix 13-09-10.03 - andrew quarmby 11/09/2013 21:34:06.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.991.407 [GMT 1:00]
Running from: c:\documents and settings\andrew quarmby\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\andrew quarmby\Desktop\CFscript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_5WTZA9H3.SYS
-------\Service_5wtza9h3.sys
.
.
((((((((((((((((((((((((( Files Created from 2013-08-11 to 2013-09-11 )))))))))))))))))))))))))))))))
.
.
2013-09-10 18:48 . 2013-09-10 18:54 -------- d-----w- C:\AdwCleaner
2013-08-15 19:33 . 2013-09-11 19:13 -------- d-----w- c:\windows\system32\MRT
2013-08-13 19:29 . 2013-08-07 11:55 85064 ----a-w- c:\windows\system32\drivers\mfendisk.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-09 01:56 . 2004-08-04 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2004-08-04 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27 . 2013-02-24 11:09 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 00:02 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-08-07 12:02 . 2012-11-09 06:56 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-08-07 11:59 . 2013-01-03 20:02 172416 ----a-w- c:\windows\system32\mfevtps.exe
2013-08-07 11:58 . 2012-11-09 06:53 91736 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2013-08-07 11:56 . 2012-11-09 06:51 568632 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-08-07 11:55 . 2012-11-09 06:50 365224 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-08-07 11:55 . 2012-11-09 06:50 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2013-08-07 11:54 . 2012-11-09 06:49 235520 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-08-07 11:53 . 2012-11-09 06:49 133992 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-08-05 13:30 . 2004-08-04 12:00 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 13:18 . 2006-10-18 21:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-10 10:37 . 2004-08-04 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-09 06:34 . 2012-11-02 01:46 10152 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2013-07-09 06:34 . 2012-11-02 01:46 80656 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2013-07-09 06:34 . 2012-11-02 01:46 288056 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2013-07-04 02:59 . 2004-08-04 12:00 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2004-08-03 22:59 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-20 19:06 . 2013-06-20 19:06 0 ----a-w- c:\windows\system32\REN74.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"SiSPower"="SiSPower.dll" [2004-09-02 49152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-08-06 516912]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-08-06 516912]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Labtec Mouse Software 2.0.lnk - c:\program files\Labtec\Wireless Mouse\MulMouse.exe [2006-1-7 253952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^andrew quarmby^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\andrew quarmby\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^andrew quarmby^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\andrew quarmby\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2005-07-25 12:01 1397760 ------w- c:\program files\Ahead\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 15:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2011-11-18 12:37 1492264 ----a-w- c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2010-10-20 15:32 2192752 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-16 19:45 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 16:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McAfee SiteAdvisor Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Documents and Settings\\andrew quarmby\\Application Data\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\Platform\\McSvcHost\\McSvHost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [10/01/2012 22:05 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [10/01/2012 22:06 12464]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [09/11/2012 07:53 91736]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [22/08/2011 20:02 54776]
R1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [07/01/2006 11:49 6144]
R2 HomeNetSvc;McAfee Home Network;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [03/01/2013 21:02 281560]
R2 LcSvrAdm;ELSA Administration Service;c:\elsawin\bin\LcSvrAdm.exe [28/08/2010 11:59 147456]
R2 LcSvrDba;ELSA DBA Server;c:\elsawin\bin\LcSvrDba.exe [28/08/2010 11:59 241664]
R2 LcSvrHis;ELSA Historie Server;c:\elsawin\bin\LcSvrHis.exe [28/08/2010 11:59 217088]
R2 LcSvrPAS;ELSA PASS Server;c:\elsawin\bin\LcSvrPas.exe [28/08/2010 11:59 368640]
R2 LcSvrSaz;ELSA APOSpro Server;c:\elsawin\bin\LcSvrSaz.exe [05/09/2010 12:07 249856]
R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe [03/01/2013 21:02 145600]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [03/01/2013 21:02 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [03/01/2013 21:02 281560]
R2 mcpltsvc;McAfee Platform Services;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [03/01/2013 21:02 281560]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\Mcafee\AMCore\mcshield.exe [03/01/2013 21:03 638976]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [03/01/2013 21:02 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [03/01/2013 21:02 172416]
R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [13/04/2010 20:11 229688]
R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [25/11/2011 17:32 687400]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/08/2010 10:38 92008]
R2 VSGate;ELSA Vaudis Service;c:\elsawin\bin\VSGate.exe [28/08/2010 11:59 81920]
R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [07/12/2006 22:02 12288]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [09/11/2012 07:56 60920]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;c:\elsawin\bin\LcSvrAuf.exe [28/08/2010 11:59 1306624]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [09/11/2012 07:50 365224]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [02/11/2012 02:46 288056]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [13/08/2013 20:29 85064]
S3 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [07/12/2006 22:02 7040]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [11/11/2012 12:56 147472]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [02/11/2012 02:46 80656]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [13/08/2013 20:29 85064]
S3 TFBULK;Topfield USB client driver;c:\windows\system32\drivers\TfBulk.sys [26/08/2003 06:11 41996]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [22/08/2011 20:00 167784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 04:45 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:11]
.
2013-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2013-09-08 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 11:43]
.
2013-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:13]
.
2013-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:13]
.
2013-09-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/webhp?complete=0
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: {DB28CF23-0083-40B5-BF63-69925D672385} - hxxp://www.nero.com/doc/NeroVersionChecker.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-11 21:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2000478354-261903793-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2000478354-261903793-682003330-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-2000478354-261903793-682003330-1003)
@Allowed: (Read) (S-1-5-21-2000478354-261903793-682003330-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2492)
c:\windows\system32\WININET.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\McAfee\Platform\mcuicnt.exe
c:\program files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\System32\vssvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-09-11 21:56:55 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-11 20:56
ComboFix2.txt 2013-09-10 19:42
ComboFix3.txt 2011-11-03 19:59
.
Pre-Run: 28,595,929,088 bytes free
Post-Run: 28,587,028,480 bytes free
.
- - End Of File - - F7BE12DCA464EF816A51E0CBABB22394
8F558EB6672622401DA993E1E865C861
 
This is the log I need you to post next.

4.

I need you to post a log that combofix produces but doesn't show you. Please navigate to c:\Qoobox and in that folder will be a file named add-remove programs.txt Open that file and copy and paste the contents back here. You have a couple of outdated programs installed that are actually security risks in your system.
 
Add.remove programs log as requested.

ABBYY FineReader 6.0 Sprint
Adobe Flash Player 11 ActiveX
Adobe Photoshop 7.0
Adobe Reader 7.0.9
Adobe SVG Viewer 3.0
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression 2
AsusUpdate
Audacity 1.2.4
Avanquest update
AVerMedia DVD EZMarker Gold
AVIConverter 2.1
AVS DVDMenu Editor 1.2.1.19
AVS Video Converter 5.6
AVS4YOU Software Navigator 1.2
BitTorrent
BlueSoleil
Bonjour
BroadJump Client Foundation
CDex extraction audio
Critical Update for Windows Media Player 11 (KB959772)
DiMAGE Viewer
DVDStyler v1.7.1
Easy Password Manager V1.18 SE
ElsaWin
Email Updater
Epson Easy Photo Print 2
Epson Event Manager
EPSON PhotoQuicker3.4
EPSON Printer Software
Epson Printer Software Downloader
EPSON Scan
Epson Stylus SX510W_TX550W Manual
EPSON SX510W Series Printer Uninstall
EPSON Web-To-Page
EpsonNet Print
EpsonNet Setup
FLAC 1.2.1b (remove only)
Freecom Backup Software 1.15
Freecom Personal Media Suite 2.28
Freemake Video Converter version 4.0.1
FTP Commander
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HandBrake 0.9.8
High-Definition Video Playback
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImgBurn
InCD
iTunes
Java 7 Update 25
Java Auto Updater
Java(TM) SE Runtime Environment 6 Update 1
KONICA_MINOLTA DiMAGE remote camera driver
Labtec Mouse Software 2.0
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Internet Security
McAfee Online Backup
McAfee Virtual Technician
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Motorola Phone Tools
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
neoDVDstandard
neoDVDstandard4
Nero 11
Nero 11 Disc Menus Basic
Nero 11 Effects Basic
Nero 11 Image Samples
Nero 11 Kwik Themes Basic
Nero 11 PiP Effects Basic
Nero Audio Pack 1
Nero BackItUp 11
Nero BackItUp 11 Help (CHM)
Nero Backup Drivers
Nero Burning ROM 11
Nero Burning ROM 11 Help (CHM)
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero CoverDesigner 11
Nero CoverDesigner 11 Help (CHM)
Nero Digital
Nero Express 11
Nero Express 11 Help (CHM)
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Media Player
Nero OEM
Nero Recode 11
Nero Recode 11 Help (CHM)
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero SoundTrax 11
Nero SoundTrax 11 Help (CHM)
Nero Update
Nero Video 11
Nero Video 11 Help (CHM)
Nero WaveEditor 11
Nero WaveEditor 11 Help (CHM)
nero.prerequisites.msi
NeroVision Express Content
Nokia Connectivity Cable Driver
Nokia Ovi Player
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia Photos
Nokia Software Updater
Nokia_Multimedia_Common_Components_2_5
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
PC Wizard 2006.1.661
QuickTime Alternative 2.7.0
ScanToWeb
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shared C Run-time for x86
SiS 651_661FX_741_760_760GX_M661FX_M661MX_M741_M760_M760GX
SiS 900 PCI Fast Ethernet Adapter Driver
SoundMAX
SSC Service Utility v4.10
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
TopfHDRead/Write V0.20
Topfield Windows Applications
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoReDo Plus Version 3.10.3.629
VideoReDo TVSuite Version 4.20.7.629
VideoReDo/Plus Version 2.5.6.512
WebFldrs XP
welcome
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
 
Please uninstall the following programs.

Adobe Reader 7.0.9
BitTorrent
Java(TM) SE Runtime Environment 6 Update 1

Let me ask you this. Did you get any of the programs installed on your system by using bittorrent? If you did any of those programs could be causing your popups.

Go here to get the latest version of adobe reader.

http://get2.adobe.com/reader/

Just make sure you uncheck the optional mcafee security scan.

Please also run the following and post the log.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.

•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Post the contents of JRT.txt in your next message.
 
Let me ask you this. Did you get any of the programs installed on your system by using bittorrent? If you did any of those programs could be causing your popups.
Click to expand...

sorry can't remember. i installed bittorrent around 6 months ago and have never used it. my troubles only started after i did the google survey last week so i doubt its anything to do with bittorrent. my hunch is that chrome has been infected, no problems in IE8. JRT log below

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Microsoft Windows XP x86
Ran by Administrator on 22/09/2013 at 13:11:01.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\bProtectTabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/09/2013 at 13:20:47.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Ok. Lets do this.

Download OTL to your Desktop

Click on the green download box on that page to download OTL.

•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

•Click on Minimal Output at the top

•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file.
 
managed to download OTL.exe eventually. following your link it downloads automatically. clicking on the green box ques up `browser safeguard'. OTL won't run though, throws up "OTL has encounted a problem & needs to close"
 
Look in your add/remove programs for one called browser safeguard and uninstall it. Then run OTL.
 
Can you post a screenshot of this "browser safeguard" window? You may have installed it at one point and tried to uninstall it but didn't uninstall completely.
 
john
totally confused here. don't know what browser safeguard is therefore i can't post a screenshot. its not in my add/remove programs. there's no folder off c:\programs and in task manager processes there is no browser safeguard.exe running.
 
You must log in or register to reply here.
Back
Top