Jump to content

captainslow

Honorary Members
  • Posts

    40
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Deflix has now been run. Thanks for all your help. Il keep popup blocker enabled, and i do hope league of angels is forever banished from firefox :-)
  2. Hi, i removed Firefox by using remove programmes function as described. I noticed that it seemed to remove everything regarding Mozilla, as i couldnt find the installation folder, or app data afterwards - i guess that is fine? So far nothing on the re-installed firefox browser, but of course, i have adblock running (which it seems stops it showing). If you think i should test it without adblock let me know...... Thanks
  3. Hello, ok, thanks for the advice and all your help. Just to clarify; so what might be causing the same redirect advert to come up on a separate tab, on a variety of different sites with adblock plus, etc. off? That has never happened before. Would you recommend changing browsers? I have run the tool, and have pasted the log in case you need it. # DelFix v10.6 - Logfile created 10/04/2014 at 09:06:01 # Updated 11/11/2013 by Xplode # Username : John - LAPTOP # Operating System : Windows 8 (64 bits) ~ Removing disinfection tools ... Deleted : C:\Qoobox Deleted : C:\AdwCleaner Deleted : C:\Users\John\Downloads\AdwCleaner(1).exe Deleted : C:\Users\John\Downloads\adwcleaner.exe Deleted : C:\Users\John\Downloads\ComboFix.exe Deleted : C:\Users\John\Downloads\JRT(1).exe Deleted : C:\Users\John\Downloads\JRT.exe Deleted : C:\Users\John\Downloads\SecurityCheck.exe Deleted : C:\Users\John\Downloads\tdsskiller.exe Deleted : C:\Windows\grep.exe Deleted : C:\Windows\PEV.exe Deleted : C:\Windows\NIRCMD.exe Deleted : C:\Windows\MBR.exe Deleted : C:\Windows\SED.exe Deleted : C:\Windows\SWREG.exe Deleted : C:\Windows\SWSC.exe Deleted : C:\Windows\SWXCACLS.exe Deleted : C:\Windows\Zip.exe Deleted : HKLM\SOFTWARE\AdwCleaner Deleted : HKLM\SOFTWARE\Swearware Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe ~ Resetting system settings ... OK ########## - EOF - ########## Just to clarify; so what might be causing the same advert to appear on a variety of different sites with adblock plus, etc. off
  4. Sure is frustrating! I could always keep popup blocker on permanently and it seems that stops me seeing it, but its just the issue of why/what is it still on my system... Anyway, thanks for the help, here is the cc log: Yes Extension Adblock Plus 2.5.1 Wladimir Palant default Firefox 28.0 C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2rtvp12w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi Yes Extension Adblock Plus Pop-up Addon 0.9.1 Jesse Hakanen default Firefox 28.0 C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2rtvp12w.default\extensions\adblockpopups@jessehakanen.net.xpi Yes Extension Flashblock 1.5.17 The Flashblock Team default Firefox 28.0 C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2rtvp12w.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} Yes Plugin Adobe Acrobat 11.0.6.70 Adobe Systems Inc. default Firefox 28.0 C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll Yes Plugin CANON iMAGE GATEWAY Album Plugin Utility 3.0.5.0 CANON INC. default Firefox 28.0 C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL Yes Plugin Intel® Identity Protection Technology 2.1.42.0 Intel Corporation default Firefox 28.0 C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll Yes Plugin Intel® Identity Protection Technology 2.1.42.0 Intel Corporation default Firefox 28.0 C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll Yes Plugin Shockwave Flash 12.0.0.77 Adobe Systems Incorporated default Firefox 28.0 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll Yes Plugin Windows Live™ Photo Gallery 15.4.3555.308 Microsoft Corporation default Firefox 28.0 C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
  5. Had some problems with that method im afraid. Disabling the startup programmes was ok i think, but when trying to disable the services, mscofig alwasy stopped responding and the system became quite unstable including task manager not running, files not opening and shut down difficult without holding the off button. On restart 3/4 services had been disabled but the rest were still active. I always 'hid microsoft services', before disabling, and kept spyware active. I tried 3/4 times, and on the last occassion just tried to disable afew adobe services to test, and still had the not responding problem. As some programmes/services were disabled i though i would try firefox anyway. It wouldnt run in safe mode by typing 'firefox -safe-mode' from the search tool, so i just re-started it manually in safe mode from the help menu. Not sure if it was worth testing, given the problems, but the popup was still present...
  6. Ah, i see, thanks for the clarification. Yes, thats the one i was referring to, but i didnt realise that the absence of files underneath means its ok. Will try safe mode, and let you know.
  7. Hello, No games downloaded this year i think, and i certainly had never seen League of Angels before the popups occured. I suspect the problem may have occured when i was searching for coverage of a football game, although to my knowledge, i didnt download anything... One thing that may (or may not) be useful: when i was trying to fix the problem myself before contacting Malwarebytes, i downloaded 'spyhunter' and i think 'trojan killer' from a site claiming to give instructions on fixing the problem. Im pretty sure the scans were just giving false results, and of course both wanted money to remove the threat (i didnt pay anything and ignored the scans). Could the download of something from those sites have made the problem worse? I think i have removed everything concerning those downloads though...the popup came up on the independent newspaper site yesterday... Another common factor is the file Adware cleaner wants to remove all the time (please see firefox 'prefs' file from previous scans). Is this file nothing to worry about? Thanks for everything you have tried
  8. Sorry, not sure how to locate it. I have searched manually in the direct folders under C, and found nothing (i am able to view hidden files). I also used search in file explorer but found nothing appart from files containing that phrase in the Farbar logs. How should i find it, please. Thanks
  9. HKLM\System\CurrentControlSet\Services 3ware System32\drivers\3ware.sys LSI 3ware SCSI Storport Driver LSI 5.1.0.47 c:\windows\system32\drivers\3ware.sys 08/03/2012 21:33 Accelerometer \SystemRoot\system32\DRIVERS\Accelerometer.sys HP Accelerometer Hewlett-Packard Company 4.2.9.1 c:\windows\system32\drivers\accelerometer.sys 24/09/2012 16:31 adp94xx System32\drivers\adp94xx.sys Adaptec Windows SAS/SATA Storport Driver Adaptec, Inc. 1.6.6.4 c:\windows\system32\drivers\adp94xx.sys 06/12/2008 00:54 adpahci System32\drivers\adpahci.sys Adaptec Windows SATA Storport Driver Adaptec, Inc. 1.6.6.1 c:\windows\system32\drivers\adpahci.sys 01/05/2007 18:30 adpu320 System32\drivers\adpu320.sys Adaptec StorPort Ultra320 SCSI Driver (X64) Adaptec, Inc. 7.2.0.0 c:\windows\system32\drivers\adpu320.sys 28/02/2007 01:04 amdkmdag \SystemRoot\system32\DRIVERS\atikmdag.sys ATI Radeon Kernel Mode Driver Advanced Micro Devices, Inc. 8.1.1.1248 c:\windows\system32\drivers\atikmdag.sys 18/06/2012 22:21 amdkmdap \SystemRoot\system32\DRIVERS\atikmpag.sys AMD multi-vendor Miniport Driver Advanced Micro Devices, Inc. 8.14.1.6264 c:\windows\system32\drivers\atikmpag.sys 18/06/2012 21:41 amdsata System32\drivers\amdsata.sys AHCI 1.2 Device Driver Advanced Micro Devices 1.1.4.6 c:\windows\system32\drivers\amdsata.sys 11/06/2012 23:19 amdsbs System32\drivers\amdsbs.sys AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform AMD Technologies Inc. 3.7.1540.30 c:\windows\system32\drivers\amdsbs.sys 21/02/2012 19:15 amdxata System32\drivers\amdxata.sys Storage Filter Driver Advanced Micro Devices 1.1.4.6 c:\windows\system32\drivers\amdxata.sys 11/06/2012 23:36 arc System32\drivers\arc.sys Adaptec RAID Storport Driver PMC-Sierra, Inc. 5.2.0.18702 c:\windows\system32\drivers\arc.sys 19/03/2012 18:49 arcsas System32\drivers\arcsas.sys Adaptec SAS RAID WS03 Driver PMC-Sierra, Inc. 5.2.0.18702 c:\windows\system32\drivers\arcsas.sys 19/03/2012 18:51 b06bdrv System32\drivers\bxvbda.sys Broadcom NetXtreme II GigE VBD Broadcom Corporation 7.0.1.36 c:\windows\system32\drivers\bxvbda.sys 24/07/2012 00:30 catchme \??\C:\ComboFix\catchme.sys File not found: C:\ComboFix\catchme.sys dg_ssudbus \SystemRoot\system32\DRIVERS\ssudbus.sys SAMSUNG USB Composite Device Driver (MSS Ver.3) DEVGURU Co., LTD.(www.devguru.co.kr) 2.9.510.0 c:\windows\system32\drivers\ssudbus.sys 23/05/2013 07:33 ebdrv System32\drivers\evbda.sys Broadcom NetXtreme II 10 GigE VBD Broadcom Corporation 7.0.35.95 c:\windows\system32\drivers\evbda.sys 24/07/2012 13:22 esgiguard \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found: C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys F-Secure Gatekeeper \??\C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys F-Secure Gatekeeper F-Secure Corporation 10.80.29.22 c:\program files (x86)\talktalk\security\apps\computersecurity\anti-virus\minifilter\fsgk.sys 27/01/2014 14:38 F-Secure HIPS \??\C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys F-Secure HIPS Driver F-Secure Corporation 5.0.436.0 c:\program files (x86)\talktalk\security\apps\computersecurity\hips\drivers\fshs.sys 15/01/2014 12:05 fsbts system32\Drivers\fsbts.sys fsbts F-Secure Corporation 2.0.18200.23 c:\windows\system32\drivers\fsbts.sys 14/05/2012 12:03 fsni \??\C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Scanning\fsni64.sys F-Secure Network Interceptor Driver, 64bit F-Secure Corporation 1.23.124.0 c:\program files (x86)\talktalk\security\apps\ccf_scanning\fsni64.sys 25/04/2013 03:11 fsvista \??\C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys F-Secure Vista Support Driver F-Secure Corporation 7.70.14120.0 c:\program files (x86)\talktalk\security\apps\computersecurity\anti-virus\minifilter\fsvista.sys 18/03/2008 07:37 hpdskflt system32\DRIVERS\hpdskflt.sys HP Disk Filter - SATA/RAID Hewlett-Packard Company 4.2.9.1 c:\windows\system32\drivers\hpdskflt.sys 24/09/2012 16:31 HpSAMD System32\drivers\HpSAMD.sys Smart Array SAS/SATA Controller Media Driver Hewlett-Packard Company 7.0.12.0 c:\windows\system32\drivers\hpsamd.sys 30/05/2012 23:24 iaStorA System32\drivers\iaStorA.sys Intel Rapid Storage Technology driver - x64 Intel Corporation 11.5.2.1001 c:\windows\system32\drivers\iastora.sys 31/07/2012 19:21 iaStorV System32\drivers\iaStorV.sys Intel Matrix Storage Manager driver - x64 Intel Corporation 8.6.2.1019 c:\windows\system32\drivers\iastorv.sys 11/04/2011 19:48 igfx \SystemRoot\system32\DRIVERS\igdkmd64.sys Intel Graphics Kernel Mode Driver Intel Corporation 9.17.10.2828 c:\windows\system32\drivers\igdkmd64.sys 31/07/2012 23:05 iirsp System32\drivers\iirsp.sys Intel/ICP Raid Storport Driver Intel Corp./ICP vortex GmbH 5.4.22.0 c:\windows\system32\drivers\iirsp.sys 13/12/2005 22:47 IntcDAud \SystemRoot\system32\DRIVERS\IntcDAud.sys Intel® Display Audio Driver Intel® Corporation 6.14.0.3097 c:\windows\system32\drivers\intcdaud.sys 19/06/2012 15:40 LSI_SAS System32\drivers\lsi_sas.sys LSI Fusion-MPT SAS Driver (StorPort) LSI Corporation 1.34.2.6 c:\windows\system32\drivers\lsi_sas.sys 11/05/2012 20:40 LSI_SAS2 System32\drivers\lsi_sas2.sys LSI SAS Gen2 Driver (StorPort) LSI Corporation 2.0.55.84 c:\windows\system32\drivers\lsi_sas2.sys 12/03/2012 21:28 LSI_SCSI System32\drivers\lsi_scsi.sys LSI Fusion-MPT SCSI Driver (StorPort) LSI Corporation 1.34.2.5 c:\windows\system32\drivers\lsi_scsi.sys 22/02/2012 00:59 LSI_SSS System32\drivers\lsi_sss.sys LSI SSS PCIe/Flash Driver (StorPort) LSI Corporation 2.10.55.81 c:\windows\system32\drivers\lsi_sss.sys 22/02/2012 01:00 MBAMProtector \??\C:\Windows\system32\drivers\mbam.sys Malwarebytes Anti-Malware Malwarebytes Corporation 1.60.2.0 c:\windows\system32\drivers\mbam.sys 28/02/2013 21:33 megasas System32\drivers\megasas.sys MEGASAS RAID Controller Driver for Windows LSI Corporation 6.2.8313.0 c:\windows\system32\drivers\megasas.sys 03/04/2012 20:45 MegaSR System32\drivers\MegaSR.sys LSI MegaRAID Software RAID Driver LSI Corporation, Inc. 14.6.1007.2012 c:\windows\system32\drivers\megasr.sys 24/02/2012 19:22 MEIx64 \SystemRoot\System32\drivers\HECIx64.sys Intel® Management Engine Interface Intel Corporation 8.1.0.1263 c:\windows\system32\drivers\hecix64.sys 02/07/2012 23:14 mvumis System32\drivers\mvumis.sys Marvell Flash Controller Driver Marvell Semiconductor, Inc. 1.0.5.7 c:\windows\system32\drivers\mvumis.sys 20/03/2012 08:43 netr28x \SystemRoot\system32\DRIVERS\netr28x.sys Ralink 802.11 Wireless Adapter Driver Ralink Technology, Corp. 5.0.25.0 c:\windows\system32\drivers\netr28x.sys 13/04/2013 03:22 nfrd960 System32\drivers\nfrd960.sys IBM ServeRAID Controller Driver IBM Corporation 7.10.0.0 c:\windows\system32\drivers\nfrd960.sys 06/06/2006 22:11 nvraid System32\drivers\nvraid.sys NVIDIA© nForce RAID Driver NVIDIA Corporation 10.6.0.22 c:\windows\system32\drivers\nvraid.sys 13/09/2011 01:01 nvstor System32\drivers\nvstor.sys NVIDIA© nForce Sata Performance Driver NVIDIA Corporation 10.6.0.22 c:\windows\system32\drivers\nvstor.sys 13/09/2011 00:53 pfc system32\drivers\pfc.sys File not found: system32\drivers\pfc.sys RapportCerberus_59849 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\rapportcerberus64_59849.sys 21/09/2013 22:47 RapportEI64 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys RapportEI64 Trusteer Ltd. 13.5.1304.62 c:\program files (x86)\trusteer\rapport\bin\x64\rapportei64.sys 20/03/2014 15:41 RapportHades64 System32\Drivers\RapportHades64.sys RapportHades64 Trusteer Ltd. 13.5.1304.62 c:\windows\system32\drivers\rapporthades64.sys 20/03/2014 15:41 RapportKE64 System32\Drivers\RapportKE64.sys RapportKE Trusteer Ltd. 13.5.1304.62 c:\windows\system32\drivers\rapportke64.sys 20/03/2014 15:41 RapportPG64 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys RapportPG64 Trusteer Ltd. 13.5.1304.62 c:\program files (x86)\trusteer\rapport\bin\x64\rapportpg64.sys 20/03/2014 15:42 RSP2STOR \SystemRoot\system32\DRIVERS\RtsP2Stor.sys Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7/Win8 Realtek Semiconductor Corp. 6.2.8400.29029 c:\windows\system32\drivers\rtsp2stor.sys 03/07/2012 07:00 RTL8168 \SystemRoot\system32\DRIVERS\Rt630x64.sys Realtek 8101E/8168/8169 NDIS 6.30 64-bit Driver Realtek 8.3.730.2012 c:\windows\system32\drivers\rt630x64.sys 30/07/2012 17:03 secdrv secdrv Macrovision SECURITY Driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. 4.3.86.0 c:\windows\system32\drivers\secdrv.sys 13/09/2006 14:18 SiSRaid2 System32\drivers\SiSRaid2.sys SiS RAID Stor Miniport Driver Silicon Integrated Systems Corp. 5.1.1039.2600 c:\windows\system32\drivers\sisraid2.sys 24/09/2008 19:28 SiSRaid4 System32\drivers\sisraid4.sys SiS AHCI Stor-Miniport Driver Silicon Integrated Systems 5.1.1039.3600 c:\windows\system32\drivers\sisraid4.sys 01/10/2008 22:56 SmbDrv \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys Synaptics SMBus Driver Synaptics Incorporated 16.2.10.12 c:\windows\system32\drivers\smb_driver_amdasf.sys 25/08/2012 00:21 SmbDrvI \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys Synaptics SMBus Driver Synaptics Incorporated 16.2.10.12 c:\windows\system32\drivers\smb_driver_intel.sys 25/08/2012 00:22 ssudmdm \SystemRoot\system32\DRIVERS\ssudmdm.sys @oem20.inf,%ssud.Service.Desc%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DEVGURU Co., LTD.(www.devguru.co.kr) 2.9.510.0 c:\windows\system32\drivers\ssudmdm.sys 23/05/2013 07:33 stexstor System32\drivers\stexstor.sys Promise SuperTrak EX Series Driver for Windows x64 Promise Technology, Inc. 5.1.0.9 c:\windows\system32\drivers\stexstor.sys 19/11/2011 01:27 STHDA \SystemRoot\system32\DRIVERS\stwrt64.sys IDT PC Audio IDT, Inc. 6.10.6417.0 c:\windows\system32\drivers\stwrt64.sys 21/07/2012 14:36 SynTP \SystemRoot\system32\DRIVERS\SynTP.sys Synaptics Touchpad Driver Synaptics Incorporated 16.2.10.12 c:\windows\system32\drivers\syntp.sys 25/08/2012 00:20 viaide System32\drivers\viaide.sys VIA Generic PCI IDE Bus Driver VIA Technologies, Inc. 6.0.6000.170 c:\windows\system32\drivers\viaide.sys 26/07/2012 03:29 vsmraid System32\drivers\vsmraid.sys VIA RAID DRIVER FOR AMD-X86-64 VIA Technologies Inc.,Ltd 7.0.8140.6290 c:\windows\system32\drivers\vsmraid.sys 31/01/2012 20:55 VSTXRAID System32\drivers\vstxraid.sys VIA StorX RAID Controller Driver VIA Corporation 8.0.8220.8080 c:\windows\system32\drivers\vstxraid.sys 26/03/2012 18:42 WirelessButtonDriver \SystemRoot\System32\drivers\WirelessButtonDriver64.sys HP Wireless Button Driver Hewlett-Packard Development Company, L.P. 1.0.6.1 c:\windows\system32\drivers\wirelessbuttondriver64.sys 30/08/2012 04:11 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify igfxcui igfxdev.dll igfxdev Module Intel Corporation 8.15.10.2828 c:\windows\system32\igfxdev.dll 31/07/2012 22:14 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors Canon BJ Language Monitor MP250 series CNMLM9W.DLL IJ Language Monitor CANON INC. 0.3.0.1 c:\windows\system32\cnmlm9w.dll 04/02/2010 05:23 EPSON XP-202 203 206 Series 64MonitorBE E_ILMIME.DLL EPSON Bi-directional Monitor AMD64 SEIKO EPSON CORPORATION 3.3.0.0 c:\windows\system32\e_ilmime.dll 19/04/2011 05:13 EpsonNet Print Port enppmon.dll EpsonNet Print Component SEIKO EPSON CORPORATION 2.6.0.6 c:\windows\system32\enppmon.dll 12/11/2012 07:15 HP Universal Port Monitor hpbprtmon.dll Port Monitor Server DLL Hewlett-Packard 0.3.1282.3554 c:\windows\system32\hpbprtmon.dll 24/07/2012 19:54 HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries mdnsNSP C:\Program Files (x86)\Bonjour\mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 3.0.0.10 c:\program files (x86)\bonjour\mdnsnsp.dll 31/08/2011 06:44 HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64 mdnsNSP C:\Program Files\Bonjour\mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 3.0.0.10 c:\program files\bonjour\mdnsnsp.dll 31/08/2011 06:53 HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls _Wow64cpu Wow64cpu.dll File not found: C:\Windows\syswow64\Wow64cpu.dll _Wow64win Wow64win.dll File not found: C:\Windows\syswow64\Wow64win.dll _Wow64 Wow64.dll File not found: C:\Windows\syswow64\Wow64.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IgfxTray C:\Windows\system32\igfxtray.exe igfxTray Module Intel Corporation 8.15.10.2828 c:\windows\system32\igfxtray.exe 31/07/2012 22:15 HotKeysCmds C:\Windows\system32\hkcmd.exe hkcmd Module Intel Corporation 8.15.10.2828 c:\windows\system32\hkcmd.exe 31/07/2012 22:14 Persistence C:\Windows\system32\igfxpers.exe persistence Module Intel Corporation 8.15.10.2828 c:\windows\system32\igfxpers.exe 31/07/2012 22:14 SysTrayApp C:\Program Files\IDT\WDM\sttray64.exe IDT PC Audio IDT, Inc. 1.0.6417.0 c:\program files\idt\wdm\sttray64.exe 21/07/2012 14:49 SynTPEnh %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe Synaptics TouchPad Enhancements Synaptics Incorporated 16.2.10.12 c:\program files\synaptics\syntp\syntpenh.exe 25/08/2012 01:02 CanonMyPrinter C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon Canon My Printer CANON INC. 2.1.2.0 c:\program files\canon\myprinter\bjmyprt.exe 19/10/2009 06:59 CanonSolutionMenu C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon CNSLMAIN CANON INC. 1.4.3.0 c:\program files (x86)\canon\solutionmenu\cnslmain.exe 03/09/2009 13:37 HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run RemoteControl10 "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" PowerDVD RC Service CyberLink Corp. 7.0.2314.0 c:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe 28/03/2012 11:22 HP CoolSense C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey HP CoolSense Hewlett-Packard Development Company, L.P. 2.1.0.51 c:\program files (x86)\hewlett-packard\hp coolsense\coolsense.exe 05/11/2012 09:13 Adobe ARM "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Adobe Reader and Acrobat Manager Adobe Systems Incorporated 1.701.3.3014 c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe 21/11/2013 17:56 F-Secure Hoster (44515) "C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe" -app -hosterid:1 F-Secure Host Process F-Secure Corporation 1.4.35127.0 c:\program files (x86)\talktalk\security\fshoster32.exe 01/10/2012 11:23 F-Secure Manager "C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE" /splash F-Secure Settings and Statistics F-Secure Corporation 8.30.43098.0 c:\program files (x86)\talktalk\security\apps\computersecurity\common\fsm32.exe 28/09/2012 13:07 EEventManager "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" EEventManager Application SEIKO EPSON CORPORATION 3.0.0.1 c:\program files (x86)\epson software\event manager\eeventmanager.exe 31/10/2011 06:23 HP Quick Launch C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe HP Message Service Hewlett-Packard Development Company, L.P. 3.0.6.0 c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe 07/09/2012 10:31 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce NCPluginUpdater "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update NCPluginUpdater Hewlett-Packard 1.0.0.0 c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\ncpluginupdater.exe 22/10/2013 03:52 HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components Adobe Reader User Settings "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings Acrobat Install On Demand Adobe Systems, Inc. 11.0.4.63 c:\program files (x86)\adobe\reader 11.0\esl\aiodlite.dll 05/09/2013 13:29 HKCU\Software\Microsoft\Windows\CurrentVersion\Run Steam "C:\Program Files (x86)\Steam\steam.exe" -silent Steam Client Bootstrapper Valve Corporation 2.13.4.49 c:\program files (x86)\steam\steam.exe 25/02/2014 22:45 EPLTarget\P0000000000000001 C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-202 203 206 Series" EPSON Status Monitor 3 SEIKO EPSON CORPORATION 7.0.3.0 c:\windows\system32\spool\drivers\x64\3\e_iatiime.exe 29/02/2012 08:26 Task Scheduler \Adobe Flash Player Updater "C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe" Adobe© Flash© Player Update Service 12.0 r0 Adobe Systems Incorporated 12.0.0.77 c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe 03/03/2014 22:44 \CCleanerSkipUAC "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) CCleaner Piriform Ltd 4.12.0.4657 c:\program files\ccleaner\ccleaner.exe 13/03/2014 19:02 \HPCeeScheduleForJohn "C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe" HPCeeScheduleForJohn (null) HP Ceement Hewlett-Packard 6.0.1.7 c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe 14/09/2010 06:11 \MirageAgent "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe" YouCam Mirage CyberLink 1.0.0.526 c:\program files (x86)\cyberlink\youcam\ycmmirage.exe 26/05/2010 03:59 \Norton WSC Integration "C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe" /taskschd File not found: C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe \Synaptics TouchPad Enhancements "\Program Files\Synaptics\SynTP\SynTPEnh.exe" Synaptics TouchPad Enhancements Synaptics Incorporated 16.2.10.12 c:\program files\synaptics\syntp\syntpenh.exe 25/08/2012 01:02 \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe" /taskrestart HP Support Assistant Hewlett-Packard Company 7.0.39.15 c:\program files (x86)\hewlett-packard\hp support framework\hpsf.exe 27/09/2012 14:40 \Hewlett-Packard\HP Support Assistant\PC Health Analysis "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe" /L Analysis HP Support Assistant Hewlett-Packard Company 7.0.39.15 c:\program files (x86)\hewlett-packard\hp support framework\hpsf.exe 27/09/2012 14:40 \Hewlett-Packard\HP Support Assistant\Update Check "C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe" /s /p 1 HPSFUpdater Hewlett-Packard Company 7.3.0.10 c:\programdata\hewlett-packard\hp support framework\resources\updater7\hpsfupdater.exe 12/12/2013 23:17 \Hewlett-Packard\HP Support Assistant\WarrantyChecker "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe" HPWarrantyChecker Hewlett-Packard 3.4.2.2 c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe 10/02/2014 23:23 \Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe" /DeviceScanR6 HPWarrantyChecker Hewlett-Packard 3.4.2.2 c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe 10/02/2014 23:23 \Microsoft\Windows\NetTrace\GatherNetworkInfo "%windir%\system32\gatherNetworkInfo.vbs" c:\windows\system32\gathernetworkinfo.vbs 02/06/2012 15:31 \Norton Internet Security\Norton Error Analyzer "C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe" /analyze File not found: C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe \Norton Internet Security\Norton Error Processor "C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe" /submit File not found: C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Canon Easy-WebPrint EX BHO HKCR\CLSID\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} Easy-WebPrint EX CANON INC. 1.3.5.0 c:\program files (x86)\canon\easy-webprint ex\ewpexbho.dll 14/06/2012 03:32 HP Network Check Helper HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} HP Network Check IE Plug-in Hewlett-Packard 7.3.1.0 c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckplugin.dll 28/08/2013 09:28 HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Canon Easy-WebPrint EX BHO HKCR\CLSID\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} Easy-WebPrint EX CANON INC. 1.3.5.0 c:\program files (x86)\canon\easy-webprint ex\ewpexbho.dll 14/06/2012 03:32 HP Network Check Helper HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} HP Network Check IE Plug-in Hewlett-Packard 7.3.1.0 c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckplugin.dll 28/08/2013 09:28 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers F-Prot Shell Extension HKCR\CLSID\{23814B80-52A2-11d0-BC1A-004095606CB9} FSAV Shell Extension Dll F-Secure Corporation 8.80.15180.0 c:\program files (x86)\talktalk\security\apps\computersecurity\common\fpshx.dll 08/10/2012 09:24 HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers FSAV Shell Extension HKCR\CLSID\{23814B80-52A2-11d0-BC1A-004095606CB9} FSAV Shell Extension Dll F-Secure Corporation 8.80.15180.0 c:\program files (x86)\talktalk\security\apps\computersecurity\common\fpshx.dll 08/10/2012 09:24 HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers MBAMShlExt HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} Malwarebytes Anti-Malware Malwarebytes Corporation 1.70.0.0 c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll 14/12/2012 21:52 HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers F-Prot Shell Extension HKCR\CLSID\{23814B80-52A2-11D0-BC1A-004095606CB9} FSAV Shell Extension Dll F-Secure Corporation 8.80.15180.0 c:\program files (x86)\talktalk\security\apps\computersecurity\common\fpshx.dll 08/10/2012 09:24 HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers igfxcui HKCR\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} igfxpph Module Intel Corporation 8.15.10.2828 c:\windows\system32\igfxpph.dll 31/07/2012 22:14 HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers PDF Shell Extension HKCR\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627} PDF Shell Extension Adobe Systems, Inc. 11.0.3.37 c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll 11/05/2013 10:34 HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers MBAMShlExt HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} Malwarebytes Anti-Malware Malwarebytes Corporation 1.70.0.0 c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll 14/12/2012 21:52 F-Prot Shell Extension HKCR\CLSID\{23814B80-52A2-11d0-BC1A-004095606CB9} FSAV Shell Extension Dll F-Secure Corporation 8.80.15180.0 c:\program files (x86)\talktalk\security\apps\computersecurity\common\fpshx.dll 08/10/2012 09:24 HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers FSAV Shell Extension HKCR\CLSID\{23814B80-52A2-11d0-BC1A-004095606CB9} FSAV Shell Extension Dll F-Secure Corporation 8.80.15180.0 c:\program files (x86)\talktalk\security\apps\computersecurity\common\fpshx.dll 08/10/2012 09:24 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar Canon Easy-WebPrint EX HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} Easy-WebPrint EX CANON INC. 1.3.5.0 c:\program files (x86)\canon\easy-webprint ex\ewpexhlp.dll 14/06/2012 03:31 HKLM\Software\Microsoft\Internet Explorer\Extensions HP Network Check C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe NCLauncherFromIE Hewlett-Packard 7.0.0.0 c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\nclauncherfromie.exe 09/07/2012 23:46 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions HP Network Check C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe NCLauncherFromIE Hewlett-Packard 7.0.0.0 c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\nclauncherfromie.exe 09/07/2012 23:46 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 msacm.l3acm C:\Windows\System32\l3codeca.acm MPEG Layer-3 Audio Codec for MSACM Fraunhofer Institut Integrierte Schaltungen IIS 1.9.0.401 c:\windows\system32\l3codeca.acm 26/07/2012 03:13 HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32 msacm.l3acm C:\Windows\SysWOW64\l3codeca.acm MPEG Layer-3 Audio Codec for MSACM Fraunhofer Institut Integrierte Schaltungen IIS 1.9.0.401 c:\windows\syswow64\l3codeca.acm 26/07/2012 03:19 vidc.cvid iccvid.dll Cinepak© Codec Radius Inc. 1.10.0.12 c:\windows\syswow64\iccvid.dll 26/07/2012 03:19 HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance CyberLink Audio Wizard HKCR\CLSID\{1986FDCF-F657-4866-A83C-998B943A6321} CyberLink Audio Wizard Filter CyberLink Corp. 1.0.0.4414 c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudwizard.ax 14/08/2009 14:26 CyberLink Line21 Decoder (PDVD10) HKCR\CLSID\{24C79DBF-961B-4DF9-8440-3BEE8C76F1E1} CyberLink Line21 Decoder Filter CyberLink Corp. 4.0.0.10324 c:\program files (x86)\cyberlink\powerdvd10\videofilter\clline21.ax 24/07/2009 03:21 CyberLink DVD Navigator (PDVD10) HKCR\CLSID\{2AF76B80-2BDA-4731-932D-3FCFA9276B11} CyberLink DVD Navigation Filter CyberLink Corp. 8.1.4208.0 c:\program files (x86)\cyberlink\powerdvd10\navfilter\clnavx.ax 08/06/2012 09:59 CyberLink AudioCD Filter (PDVD10) HKCR\CLSID\{2D6F8EBB-80A6-4CF1-8C86-F2A8932DED3F} CyberLink AudioCD Filter CyberLink Corp. 5.0.0.7823 c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudiocd.ax 23/06/2009 15:00 Audition Null Audio HKCR\CLSID\{2EEB323F-1389-48B5-8D33-3CA84B6C1861} Adobe© AuditionT SCSI CD Interface Adobe Systems©, Incorporated 1.5.0.0 c:\program files (x86)\adobe\audition 1.5\videodump.ax 04/05/2004 22:26 CyberLink Matroska Splitter(PDVD10) HKCR\CLSID\{35F0AE98-673B-465F-A4D6-9F18A01F2454} CyberLink Matroska Splitter CyberLink Corp. 1.0.0.1902 c:\program files (x86)\cyberlink\powerdvd10\navfilter\clmkvsplter.ax 02/07/2010 10:20 CyberLink TimeStretch Filter (PDVD10) HKCR\CLSID\{36F74DF0-12FF-4881-8A55-E7CE4D12688E} CLAuTS.ax CyberLink Corp. 2.0.0.3404 c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clauts.ax 04/10/2010 04:39 CyberLink RealMedia Splitter(PDVD10) HKCR\CLSID\{38A6AC0C-4B7C-4922-8ADC-D22C55B86666} CyberLink RealMedia Splitter CyberLink Corp. 1.0.0.1706 c:\program files (x86)\cyberlink\powerdvd10\navfilter\clrmsplitter.ax 06/05/2010 10:42 CyberLink MPEG Splitter HKCR\CLSID\{4A55271F-A2C7-4EE5-BDCE-154FEB954E1C} CyberLink MPEG Splitter CyberLink Corp. 3.4.0.3408 c:\program files (x86)\cyberlink\powerdvd10\navfilter\clsplter.ax 08/10/2010 09:23 CyberLink Audio Decoder (PDVD10) HKCR\CLSID\{501099E1-5C05-4ED3-B0CB-371F97F5412C} CyberLink Audio Decoder Filter CyberLink Corp. 9.0.0.1722 c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claud.ax 22/05/2012 09:03 CyberLink Video/SP Decoder (PDVD10) HKCR\CLSID\{516F1EFA-42F4-436E-801C-B752EB9343EB} CyberLink Video/SP Filter CyberLink Corp. 8.4.0.2505 c:\program files (x86)\cyberlink\powerdvd10\videofilter\clvsd.ax 05/01/2011 12:11 CyberLink HD/BD Mixer (PDVD10) HKCR\CLSID\{5193BE4B-0FAF-4E3E-A7F8-5CB7140D7B7E} CLHBMixer 2.0.0.5211 c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clhbmixer.ax 11/04/2012 11:03 CyberLink Audio Effect (PDVD10) HKCR\CLSID\{5EFC04B3-68C0-4BFF-8BD4-61037272D70D} CyberLink Audio Effect Filter CyberLink Corporation 6.0.0.7225 c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudfx.ax 25/12/2009 09:54 CyberLink Digest Filter (PDVD10) HKCR\CLSID\{7A4A08EA-409C-4618-AE4A-FC7584FDCB7A} DigestFilter Dynamic Link Library 1.0.0.4028 c:\program files (x86)\cyberlink\powerdvd10\digestfilter.dll 28/04/2010 13:54 Cyberlink SubTitle Importor (PDVD10) HKCR\CLSID\{8BF03152-F394-4C94-A2EB-44D6B80C9E91} CLSubTitle.ax CyberLink Corp. 2.0.0.1823 c:\program files (x86)\cyberlink\powerdvd10\videofilter\clsubtitle.ax 23/06/2011 08:22 CyberLink HAM Decoder HKCR\CLSID\{A93F76CF-4B73-4B67-89ED-7E0AF90BBFED} CyberLink Video Decoder Filter CyberLink Corp. 1.0.8390.4214 c:\program files (x86)\cyberlink\powerdvd10\videofilter\clcvd.ax 14/06/2012 08:37 CyberLink Tzan Filter (PDVD10) HKCR\CLSID\{B5F41335-A18B-4362-A406-F09E43658116} CyberLink Tzan Filter CyberLink Corp. 3.5.0.4515 c:\program files (x86)\cyberlink\powerdvd10\videofilter\cltzan.ax 15/09/2011 07:04 CyberLink RealVideo Decoder(PDVD10) HKCR\CLSID\{C548BB6C-0E62-4A25-AE4E-DE41856BC682} CyberLink RealMedia Video Decoder CyberLink Corp. 1.0.0.1225 c:\program files (x86)\cyberlink\powerdvd10\videofilter\clrmvd.ax 25/12/2009 04:42 Cyberlink SubTitle Importor 2.0 (PDVD10) HKCR\CLSID\{C88A3744-DE30-4316-BAFB-269C8A25856C} CLSubTitle.ax CyberLink Corp. 2.0.0.1823 c:\program files (x86)\cyberlink\powerdvd10\videofilter\clsubtitle.ax 23/06/2011 08:22 CyberLink Video Decoder (PDVD10) HKCR\CLSID\{D00E73D7-06F5-44F9-8BE4-B7DB191E9E7E} CyberLink Video Decoder Filter CyberLink Corp. 1.0.8390.4214 c:\program files (x86)\cyberlink\powerdvd10\videofilter\clcvd.ax 14/06/2012 08:37 Audition VideoDump HKCR\CLSID\{D88B0736-3DBF-44BF-92FF-2F3A9231C7FF} Adobe© AuditionT SCSI CD Interface Adobe Systems©, Incorporated 1.5.0.0 c:\program files (x86)\adobe\audition 1.5\videodump.ax 04/05/2004 22:26 CyberLink MPEG-4 Splitter (PDVD10) HKCR\CLSID\{DB17C0D7-EA02-4CC0-94A3-C8E07B1510F9} CyberLink MPEG-4 Splitter CyberLink Corp. 1.1.0.2906 c:\program files (x86)\cyberlink\powerdvd10\navfilter\clm4splt.ax 06/05/2010 11:39 CyberLink RealAudio Decoder(PDVD10) HKCR\CLSID\{DB5D8193-CB8D-4C72-98A5-1C147E075EDF} CyberLink RealMedia Audio Decoder CyberLink Corp. 1.0.0.1225 c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clrmaud.ax 25/12/2009 04:44 CyberLink FLV Splitter(PDVD10) HKCR\CLSID\{ECA099DE-D413-4500-B401-6C4FF1EB9580} CyberLink FLV Splitter CyberLink Corp. 1.0.0.3327 c:\program files (x86)\cyberlink\powerdvd10\navfilter\clflvsplitter.ax 27/09/2011 08:30 CyberLink Audio Watermark Detector HKCR\CLSID\{F0219FAD-541A-4FCD-9E8E-22E4C14CA8BA} Audio Watermark Detector CyberLink 1.0.0.516 c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clawmdetector.ax 16/05/2012 03:01 Cyberlink Demuxer 2.0 HKCR\CLSID\{F07E981B-0EC4-4665-A671-C24955D11A38} CLDemuxer2 Cyberlink 2.0.6.2518 c:\program files (x86)\cyberlink\powerdvd10\navfilter\cldemuxer2.ax 18/01/2011 13:29 ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\2rtvp12w.default\Cache emptied successfully C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\gogw9ajz.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1 folders=3 0 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\John\AppData\Local\Temp will be emptied at reboot C:\Users\Public\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\John\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on 02/04/2014 at 19:52:55.26 ======================
  10. Yeah, its persistent! Sorry for taking up a lot of time... I guess it might not have been detected/removed previously, and adblocker just stopped it appearing whilst surfing. I dont believe ive ever seen it when adblocker etc. are on. Or maybe it is getting reinstalled onto my system somehow...just guessing. I had a few minor issues whilst running Zoek. I redownloaded it, then moved the files to desktop from downloaded zip, before turning off my F Secure anti virus. On moving to the desktop, F secure quarentined zoek.exe, and marked it as 'trojan.generic.11134926'. I ran one of the other files, zoek.com, anyway after switching off F Secure, and had to select 'this programme installed correctly', to get it to work. If you would like me to re-run the process and do something different, please let me know. Anyway, the scan seemed to work fine: Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by John on 02/04/2014 at 19:22:40.00. Microsoft Windows 8 6.2.9200 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\John\Desktop\zoek.com [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2014-03-27-200126.log 57204 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== 7 Wonders II ABBYY FineReader 9.0 Sprint Adobe Audition 1.5 Adobe Flash Player 12 Plugin Adobe Reader XI (11.0.06) Aloha TriPeaks Assassin's Creed Brotherhood Assassin's Creed II Assassin's Creed Revelations Bejeweled 3 Bonjour Build-a-lot 4 - Power Source Canon Easy-WebPrint EX Canon MP Navigator EX 3.0 Canon MP250 series MP Drivers Canon MP250 series User Registration Canon Utilities Easy-PhotoPrint EX Canon Utilities My Printer Canon Utilities Solution Menu CCleaner Chuzzle Deluxe Computer Security 12.71.102.0 (release) Connected Music powered by Universal Music Group version 1.0 Cradle of Rome 2 Crazy Chicken Soccer CyberLink LabelPrint CyberLink Media Suite 10 CyberLink PhotoDirector CyberLink PowerDirector 10 CyberLink PowerDVD CyberLink YouCam D3DX10 Download Navigator Energy Star Epson Easy Photo Print 2 Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) Epson Event Manager EPSON Scan EPSON XP-202 203 206 Series Printer Uninstall EpsonNet Print Europa Universalis III F-Secure CCF Reputation F-Secure CCF Scanning 1.23.124.8831 (release) F-Secure Network CCF 1.02.126 Farm Frenzy Final Drive Fury Football Manager 2010 Governor of Poker 2 Premium Edition Hewlett-Packard ACLM.NET v1.2.1.1 HP 3D DriveGuard HP Connected Music (Meridian - installer) HP CoolSense HP Customer Experience Enhancements HP Documentation HP Games HP Postscript Converter HP Quick Launch HP Recovery Manager HP Registration Service HP Software Framework HP Support Assistant HP Utility Center HP Wireless Button Driver IDT Audio Intel® Management Engine Components Intel® Processor Graphics Intel® SDK for OpenCL - CPU Only Runtime Package Intel© Trusted Connect Service Client Jewel Match 3 Jewel Quest II Jewel Quest Solitaire 2 Mahjongg Artifacts Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Application Error Reporting Microsoft Office Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Word 2002 Microsoft Works Microsoft Works 2005 Setup Launcher Microsoft Works Suite Add-in for Microsoft Word More Games from WildTangent Games Mozilla Firefox 28.0 (x86 en-US) Mozilla Maintenance Service MSVCRT Mystery of Mortlake Mansion Network Guide EPSON XP-202 203 206 Series Online Safety 2.71.927.655 Polar Bowler Power2Go Ralink RT5390R 802.11bgn Wi-Fi Adapter Ranch Rush 2 - Premium Edition Rapport Realtek Ethernet Controller Driver Realtek PCIE Card Reader Shockwave Flash Sid Meier's Civilization 4 - Beyond the Sword Sid Meier's Civilization 4 Sid Meier's Civilization V Sid Meier's Civilization V SDK Steam Super Safe Boost swMSM Synaptics Pointing Device Driver Trinklit Supreme Tropico 3 1.02 Trusteer Endpoint Protection Ubisoft Game Launcher Update Installer for WildTangent Games App User's Guide EPSON XP-202 203 206 Series Virtual Families Wedding Dash Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Language Selector Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Works Upgrade Zuma's Revenge ==== Running Processes ====================== C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSMA32.EXE C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\fssm32.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSLAUNCH.EXE C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 6037 MB CPU Info: Intel® Core i5-3210M CPU @ 2.50GHz CPU Speed: 2520.5 MHz Sound Card: Speakers and Headphones (IDT Hi | Display Adapters: Intel® HD Graphics 4000 | Intel® HD Graphics 4000 | Intel® HD Graphics 4000 Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Ralink RT5390R 802.11bgn Wi-Fi Adapter | Realtek PCIe FE Family Controller CD / DVD Drives: 1x (E: | ) E: hp DVD-RAM UJ8D1 Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 910.6GB | D: 20.1GB Hard Disks - Free: C: 802.6GB | D: 2.5GB Manufacturer *: Insyde BIOS Info: AT/AT COMPATIBLE | | HPQOEM - 1 Time Zone: GMT Standard Time Motherboard *: Hewlett-Packard 183F Country: United Kingdom Language: ENG ==== System Specs (Software) ====================== Anti-Virus: Computer Security On-access scanning disabled (Outdated) Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Spyware: Computer Security disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Firefox 28.0 Internet Explorer Version: 10.0.9200.16843 Mozilla Firefox version: 28.0 (x86 en-US) Adobe Reader version: 11.0.06.70 Flash Player version: 12.0.0.77 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-03-24 21:07:00 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe 2014-03-24 21:07:00 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe 2014-03-24 21:07:00 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe 2014-03-24 21:07:00 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe 2014-03-24 21:07:00 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe ====== C:\Users\John\AppData\Local\Temp ==== 2014-04-01 08:33:51 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\erunt\ERUNT.EXE ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-03-22 21:56:56 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\Windows\Sysnative\bootdelete.exe ====== C:\Windows\Sysnative\drivers ===== 2014-03-27 09:48:38 27452E46F34A8B3184AECDD806411C64 316312 ----a-w- C:\Windows\Sysnative\drivers\RapportKE64.sys 2014-03-27 09:48:38 0A3C6EDA42DF8AEAC27DF67491403706 273592 ----a-w- C:\Windows\Sysnative\drivers\RapportHades64.sys 2014-03-25 14:44:51 CD51E1D0D638F1E07A6EDC98CD7F5DDA 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-03-13 09:30:04 CEBD9CDAADA11FAECCA82E4C06BCDD8E 248240 ----a-w- C:\Windows\Sysnative\drivers\WdFilter.sys 2014-03-13 09:30:04 07D19A55CD27B330534D2DDEA60D5FC6 35856 ----a-w- C:\Windows\Sysnative\drivers\WdBoot.sys ====== C:\Windows\Tasks ====== 2014-03-27 10:10:06 A840AA09A260578CFD038545A4370285 3718 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Flash Player Updater 2014-03-27 10:10:06 364941FF03E527106AE4806B95DAA069 830 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-26 09:23:56 94B0A177AAEBB11444F7CA096927FB92 3130 ----a-w- C:\Windows\Sysnative\Tasks\{5638B9E7-A3B6-4481-BE5C-6DFCEB5ED30E} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-03-22 14:45:23 -------- d-----w- C:\Program Files\Enigma Software Group ======= C:\PROGRA~2 ===== 2014-03-27 15:14:52 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service 2014-03-27 09:47:56 -------- d-----w- C:\PROGRA~2\Trusteer 2014-03-22 14:44:30 -------- d-----w- C:\PROGRA~2\COMMON~1\Wise Installation Wizard ======= C: ===== 2014-03-22 14:45:55 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat ====== C:\Users\John\AppData\Roaming ====== 2014-03-27 19:59:04 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2014-03-27 19:59:03 -------- d-----w- C:\Users\Public\AppData\Local\temp 2014-03-27 19:59:03 -------- d-----w- C:\Users\John\AppData\Local\Temp 2014-03-27 19:59:03 -------- d-----w- C:\Users\Default\AppData\Local\temp 2014-03-27 19:59:03 -------- d-----w- C:\Users\Default User\AppData\Local\temp 2014-03-27 15:15:00 -------- d-----w- C:\Users\John\AppData\Roaming\Mozilla 2014-03-27 00:08:27 -------- d-----w- C:\Users\John\AppData\Local\CrashDumps 2014-03-24 20:32:55 45A5F456D034239FA3FEE9808FBB1B9D 30 ----a-w- C:\Users\John\AppData\Roaming\mbam.context.scan 2014-03-24 09:13:25 -------- d-----w- C:\Users\John\AppData\Local\Mozilla ====== C:\Users\John ====== 2014-04-01 08:33:38 519A940A2CDAADE35F1EC164CB81DD82 1038974 ----a-w- C:\Users\John\Downloads\JRT(1).exe 2014-04-01 08:22:56 DF06DC5837316EA78746E3F790A950ED 1950720 ----a-w- C:\Users\John\Downloads\AdwCleaner(1).exe 2014-03-27 20:00:48 -------- d-----w- C:\Windows\serviceprofiles\Localservice\winhttp 2014-03-27 14:52:29 35148C1FA372A4A7AB08017462D53A23 282880 ----a-w- C:\Users\John\Downloads\Firefox Setup Stub 28.0(1).exe 2014-03-27 10:18:51 9FB8F412822E4BC9055A5DB9B13BD51F 272664 ----a-w- C:\Users\John\Downloads\RapportSetup(1).exe 2014-03-27 10:03:34 CE75E341F4739282A6F08566C46660D6 282808 ----a-w- C:\Users\John\Downloads\Firefox Setup Stub 28.0 (1).exe 2014-03-27 09:58:52 CE75E341F4739282A6F08566C46660D6 282808 ----a-w- C:\Users\John\Downloads\Firefox Setup Stub 28.0.exe 2014-03-27 09:47:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection 2014-03-27 09:46:10 9FB8F412822E4BC9055A5DB9B13BD51F 272664 ----a-w- C:\Users\John\Downloads\RapportSetup.exe 2014-03-27 09:17:13 B55D431B5EEC32FF6E7B7111DABD5711 4134240 ----a-w- C:\Users\John\Downloads\tdsskiller.exe 2014-03-27 09:12:26 519A940A2CDAADE35F1EC164CB81DD82 1038974 ----a-w- C:\Users\John\Downloads\JRT.exe 2014-03-27 09:08:38 DF06DC5837316EA78746E3F790A950ED 1950720 ----a-w- C:\Users\John\Downloads\adwcleaner.exe 2014-03-24 21:33:10 -------- d-----w- C:\Users\Public\AppData 2014-03-24 09:13:17 -------- d-----w- C:\ProgramData\Mozilla 2014-03-22 17:15:01 -------- d-----w- C:\ProgramData\GridinSoft ====== C: exe-files == 2014-03-30 15:45:46 90D2A0B7532B8FC1620119FA4AA94D35 29400 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_GettingStartedwithWindows8.exe 2014-03-27 15:14:52 13EFFCD1B16F980CE675DAB4350BEF11 106212 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe === C: other files == 2014-04-01 08:33:49 FA8EF24C45882E2E487D2C92B9A5D812 154776 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\misc.bat 2014-04-01 08:33:49 CC6C23C02BE66014AD87F2678BBB3A1D 8117 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\modules.bat 2014-04-01 08:33:49 C9494C05F5248940AEE0D0A8C4EA89D9 152746 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\firefox.bat 2014-04-01 08:33:49 C4A5476A9D54B400F1623A2EE7DDA5C5 13955 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\chrome.bat 2014-04-01 08:33:49 B964B792D3692699CD7D4FDB63EE470E 1239 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\FWPolicy.bat 2014-04-01 08:33:49 B45931E5313CB14CAA0F2BC3DA30E6FC 29648 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\ask.bat 2014-04-01 08:33:49 A6FA546D1C05F16D81289FF3F4509B04 10261 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\JRT.bat 2014-04-01 08:33:49 8A3564586382DC01EF66AE44D2AFFA3F 16063 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\get.bat 2014-04-01 08:33:49 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\ev_clear.bat 2014-04-01 08:33:49 75C9C20DD9839BF287B43B0E179822DC 31414 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\iexplore.bat 2014-04-01 08:33:49 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\delorphans.bat 2014-04-01 08:33:49 58605DA3492FB918D3D40B1FB88046AE 39471 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\prelim.bat 2014-04-01 08:33:49 372EA6F783198102CF5779072EE78C79 24751 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\searchlnk.bat 2014-04-01 08:33:49 1FBF882AA934A741530741FC134872A3 1243 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\TDL4.bat 2014-04-01 08:33:49 1E4063013FBCA2332B6E7265C667B53E 9724 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\runvalues.bat 2014-04-01 08:33:49 14D6EE8B672684E2232FB430D8C4A928 18668 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\medfos.bat 2014-04-01 08:33:49 0768E560CCD86C18F35FAD29DCEA7B80 1820 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\delfolders.bat 2014-03-27 15:17:29 DB9C19AF00AF59299146FAE53285022E 128676 ----a-w- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2rtvp12w.default\extensions\adblockpopups@jessehakanen.net.xpi 2014-03-27 15:17:05 7E1C072961BE0D108C81AB91BD89D687 957290 ----a-w- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2rtvp12w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi 2014-03-27 09:48:39 AB51E1F08C8E789D6C9E8B94D15BE9A9 340432 ----a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys 2014-03-27 09:48:39 83E7AA6B7A0BD16E5D19A725F50D7901 233336 ----a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys 2014-03-27 09:48:39 48B7B7BD033DC916748ADA22CE1D72A1 63320 ----a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys 2014-03-27 09:48:39 000D82CC258E2D341605A6F350C4D1E6 606672 ----a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys 2014-03-27 09:48:38 27452E46F34A8B3184AECDD806411C64 316312 ----a-w- C:\Windows\System32\Drivers\RapportKE64.sys 2014-03-27 09:48:38 0A3C6EDA42DF8AEAC27DF67491403706 273592 ----a-w- C:\Windows\System32\Drivers\RapportHades64.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT EPLTarget\P0000000000000000 /M XP-202 203 206 Series" [HKEY_USERS\S-1-5-21-1935344830-3333155245-2583117102-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"="C:\Program Files (x86)\Steam\steam.exe -silent" "EPLTarget\P0000000000000001"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT EPLTarget\P0000000000000001 /M XP-202 203 206 Series" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT EPLTarget\P0000000000000000 /M XP-202 203 206 Series" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "HP CoolSense"="C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "F-Secure Hoster (44515)"="C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe -app -hosterid:1" "F-Secure Manager"="C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE /splash" "EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" "HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"="C:\Program Files (x86)\Steam\steam.exe -silent" "EPLTarget\P0000000000000001"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT EPLTarget\P0000000000000001 /M XP-202 203 206 Series" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" "CanonSolutionMenu"="C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon" "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update" ==== Startup Folders ====================== 2013-01-16 19:03:04 1999 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [27/03/2014 11:10] C:\Windows\tasks\HPCeeScheduleForJohn.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [13/09/2010 22:15] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\HPCeeScheduleForJohn" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe"] "C:\Windows\SysNative\tasks\Synaptics TouchPad Enhancements" [\Program Files\Synaptics\SynTP\SynTPEnh.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe] ==== Firefox Extensions ====================== ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2rtvp12w.default - Flashblock - %ProfilePath%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} - Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2rtvp12w.default 95812430959AE88CDD0301AB3A71913B - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://g.uk.msn.com/HPNOT13/2" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://g.uk.msn.com/HPNOT13/2" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/710-29550-11896-25/4" ==== HijackThis Entries ====================== O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [F-Secure Hoster (44515)] "C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe" -app -hosterid:1 O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-202 203 206 Series" O4 - HKUS\S-1-5-18\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-202 203 206 Series" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-202 203 206 Series" (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: @oem87.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Unknown owner - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Sysinternals Autoruns Log ====================== C:\Users\John\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Protection Status C:\Program Files\windows sidebar\gadgets\F-Secure.Gadget See your computer's protection status. This requires supported security software. F-secure Corporation C:\Program Files\windows sidebar\gadgets\F-Secure.Gadget\Gadget.xml 18/10/2012 17:43 HKLM\System\CurrentControlSet\Services ABBYY.Licensing.FineReader.Sprint.9.0 "C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe" -service This service is required for the operation of the ABBYY FineReader 9.0 Express Edition licensing mechanism. ABBYY 1.0.0.375 c:\program files (x86)\common files\abbyy\finereadersprint\9.00\licensing\networklicenseserver.exe 14/05/2009 15:07 AdobeARMservice "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" Adobe Acrobat Updater keeps your Adobe software up to date. Adobe Systems Incorporated 1.701.3.3014 c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe 21/11/2013 17:55 AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes. Adobe Systems Incorporated 12.0.0.77 c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe 03/03/2014 22:44 Bonjour Service "C:\Program Files\Bonjour\mDNSResponder.exe" Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence. Apple Inc. 3.0.0.10 c:\program files\bonjour\mdnsresponder.exe 31/08/2011 06:52 cphs %SystemRoot%\SysWow64\IntelCpHeciSvc.exe Intel® Content Protection HECI Service - enables communication with the Content Protection FW Intel Corporation 1.0.1.14 c:\windows\syswow64\intelcphecisvc.exe 22/12/2011 07:45 EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe eEBAPI Core Process module SEIKO EPSON CORPORATION 2.3.4.0 c:\program files (x86)\common files\epson\ebapi\eebsvc.exe 19/12/2006 13:53 EpsonScanSvc C:\Windows\system32\EscSvc64.exe Epson Scanner Service (64bit) Seiko Epson Corporation 1.0.2.1 c:\windows\system32\escsvc64.exe 12/12/2011 03:27 fshoster "C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe" -hosterid:0 F-Secure Dll Hoster Service F-Secure Corporation 1.4.35127.0 c:\program files (x86)\talktalk\security\fshoster32.exe 01/10/2012 11:23 FSMA "C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSMA32.EXE" F-Secure Management Agent F-Secure Corporation 8.30.43098.0 c:\program files (x86)\talktalk\security\apps\computersecurity\common\fsma32.exe 28/09/2012 13:09 FSORSPClient "C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe" F-Secure ORSP Service F-Secure Corporation 1.1.25.2280 c:\program files (x86)\talktalk\security\apps\ccf_reputation\fsorsp.exe 05/06/2013 19:49 GamesAppService "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" WT Games App Services WildTangent, Inc. 4.0.4918.0 c:\program files (x86)\wildtangent games\app\gamesappservice.exe 04/10/2010 23:15 HP Support Assistant Service "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" HP Support Assistant Service Hewlett-Packard Company 7.0.39.14 c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe 27/09/2012 12:55 hpqwmiex "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" HP Software Framework WMI Service Hewlett-Packard Company 4.6.10.1 c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe 06/09/2012 16:18 hpsrv %SystemRoot%\system32\Hpservice.exe HpService Hewlett-Packard Company 4.2.9.1 c:\windows\system32\hpservice.exe 24/09/2012 16:32 HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe HP Quick Launch WMI Service Hewlett-Packard Development Company, L.P. 3.0.1.0 c:\program files (x86)\hewlett-packard\hp quick launch\hpwmisvc.exe 07/09/2012 07:51 IconMan_R "C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe" Realtek Card Reader Patch Tool. Realsil Microelectronics Inc. 1.5.0.0 c:\program files (x86)\realtek\realtek pcie card reader\riconman.exe 13/07/2012 10:02 Intel® Capability Licensing Service Interface "C:\Program Files\Intel\iCLS Client\HeciServer.exe" Version: 1.24.388.1 Intel® Corporation 1.24.388.1 c:\program files\intel\icls client\heciserver.exe 20/04/2012 13:16 Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe Intel© Manageability Engine Service (Intel© ME Service) Intel Corporation 8.1.0.1256 c:\program files (x86)\intel\intel® management engine components\fwservice\intelmefwservice.exe 27/06/2012 20:39 jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe Intel® Dynamic Application Loader Host Interface Service - Allows applications to access the local Intel ® DAL Intel Corporation 8.1.0.1252 c:\program files (x86)\intel\intel® management engine components\dal\jhi_service.exe 25/06/2012 18:43 LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces. Intel Corporation 8.1.0.1252 c:\program files (x86)\intel\intel® management engine components\lms\lms.exe 25/06/2012 18:36 MBAMScheduler "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" Malwarebytes Anti-Malware scheduler Malwarebytes Corporation 1.70.0.0 c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe 28/02/2013 21:38 MBAMService "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" Malwarebytes Anti-Malware service Malwarebytes Corporation 1.70.0.0 c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe 28/02/2013 21:38 MozillaMaintenance "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled. File not found: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe PnkBstrA C:\Windows\system32\PnkBstrA.exe PunkBuster Service Component [v1034] http://www.evenbalance.com c:\windows\syswow64\pnkbstra.exe 17/11/2010 06:25 RapportMgmtService "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" Trusteer Endpoint Protection Central Management and Monitoring Service Trusteer Ltd. 3.5.1304.62 c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe 20/03/2014 15:20 STacSV C:\Program Files\IDT\WDM\STacSV64.exe Manages audio jack configurations. IDT, Inc. 1.0.6417.0 c:\program files\idt\wdm\stacsv64.exe 21/07/2012 14:48 Steam Client Service "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService Steam Client Service monitors and updates Steam content Valve Corporation 2.13.4.49 c:\program files (x86)\common files\steam\steamservice.exe 25/02/2014 22:44 UNS "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device. Intel Corporation 8.1.0.1252 c:\program files (x86)\intel\intel® management engine components\uns\uns.exe 25/06/2012 18:38
  11. Took awhile to test, but the popup came up in safe mode yesterday...about the same time as i experienced it the day before. It also occured in safe mode when i tested it last week if i remember correctly. Thanks
  12. Hello, It seems like its present only on firefox. Its difficult to be sure about IE, as the popup is not very frequent and i always use firefox, but i have tested Explorer for a bit. Here are the logs: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.04.01.02 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16843 John :: LAPTOP [administrator] 01/04/2014 08:47:04 mbam-log-2014-04-01 (08-47-04).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 228456 Time elapsed: 4 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) # AdwCleaner v3.022 - Report created 01/04/2014 at 09:25:51 # Updated 13/03/2014 by Xplode # Operating System : Windows 8 (64 bits) # Username : John - LAPTOP # Running from : C:\Users\John\Downloads\AdwCleaner(1).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16843 -\\ Mozilla Firefox v28.0 (en-US) [ File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2rtvp12w.default\prefs.js ] ************************* AdwCleaner[R0].txt - [744 octets] - [01/04/2014 09:24:32] AdwCleaner[s0].txt - [666 octets] - [01/04/2014 09:25:51] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [725 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.3 (03.23.2014:1) OS: Windows 8 x64 Ran by John on 01/04/2014 at 9:34:55.48 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 01/04/2014 at 9:42:04.84 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  13. Hello Kevin, Thanks for your continued help, and i will certainly read through the guidance you have suggested. Firstly, the Rapport team confirmed the reports were nothing to be concerned about. There seem to be many IP addresses not whitelisted since the recent update. Good point re; rapport, i cant say i have given it much thought, other than the fact banks seem very keen on customers having it, and i have not, so far, found it instrusive or difficult to maintain. But neither am i convinced of its worth yet.. Im afriad i turned ad blocker off today, and received my first league of angels popup this evening after quite a long time of computer use. I may be wrong or it could be coincidence, but it seems to often first occur at a certain time of evening. Here is the log if you need it at this stage? Results of screen317's Security Check version 0.99.81 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Computer Security Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Flash Player 12.0.0.77 Adobe Reader XI Mozilla Firefox (28.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````
  14. Yeah, hopefully nothing wrong. I guess il contact Rapport asking if they can explain this sudden activity. Im curious about the popup. Do you think it would still be there if i removed popup blocker? and if so, what causes it to remain on my system + sites which were fine before? Site vulnerability/FF vulnerability? Thanks for the advice. Please note, i may not be able to reply over the next few days if there is something, but will be in contact if i notice anything else suspicious later.
  15. Hello, Have changed all the passwords i can remember, and restarted. I still get the IP report from Rapport saying it doesnt match my bank site: Mar 28 2014 08:17: IP address 23.74.190.196 doesn't match Mar 28 2014 08:17: IP address 23.74.190.196 doesn't match Mar 28 2014 08:17: IP address 23.74.190.196 doesn't match When trying to change my Amazon password, i got these reports: "The following password submissions were protected by the character replacement feature. Trusteer Endpoint Protection has prevented access to the original keystrokes from most common keyloggers. This does not necessarily mean you have keyloggers on your PC. However, applications on your PC that tried to log keystrokes while you were entering information to the websites below have failed." Mar 27 2014 22:31: Password field on amazon.co.uk. Anti-keylogging activated. Mar 27 2014 22:31: Password field on amazon.co.uk. Anti-keylogging activated. Mar 27 2014 22:21: Password field on amazon.co.uk. Anti-keylogging activated. Here are some other IP addresses that Rapport has picked up when i tested the bank site yesterday (in case it is relevant): Mar 27 2014 15:27: IP address 23.52.12.240 doesn't match Mar 27 2014 15:27: IP address 92.122.118.131 doesn't match Mar 27 2014 15:27: IP address 23.52.12.240 doesn't match
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.