Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Slow page loading and Hotmail account hijacked

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Slow page loading and Hotmail account hijacked

Unread postby Undinist » June 6th, 2013, 12:29 pm

Thanks in advance to anyone who can resolve this for me :)

Problem Description

Web pages, including ones which normally load in seconds, are sometimes loading at normal speeds but are often taking several minutes or failing to load. I'm using a Wi-Fi connection to my router on my landline at home. My laptop is the only device connected to the router that I know of. The laptop is performing well in other respects. Earlier today I was one of two people connected to a router in a coffee shop. My page loading was as slow as it is at home but the other guy had no problems. Speedtest says I'm getting 16 Mbps. I'm running tbbmeter and the volume of data being downloaded is tiny. (Months ago my router was mysteriously downloading about 1 GB per hour, but not to my laptop. I never found out the cause. I did malware clean-ups with 3 or 4 different tools and the problem went away.)

The slow page-loading problem has happened at least twice this year. I was running Panda Cloud Antivirus and the Windows Firewall. Each time I did clean-ups with Malwarebytes, ASC and Combofix (without a helper.) The problem went away but I never found the cause. Maybe the answer was in the Combofix log, but I never got an expert opinion on it. I still have ComboFix logs from April 8 and 9.

After the problem went away I switched from Panda to MSE but the problem returned yesterday. This time around I have done no clean-ups at all.

Earlier today my Hotmail account was hijacked. There is a ton of spam in my Sent folder. It was all sent at 14.54 hrs today. I was using what I thought was a secure password, 11 characters of numerals and mixed case letters. I've since changed it.

DDS Log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2
Run by Nick at 15:53:56 on 2013-06-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3997.1532 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kAlienware.exe
C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\Rtlservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\thinkbroadband.com\tbbMeter\tbbmeter.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
mRun: [FAStartup] <no file>
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} - hxxp://www.homeswapper.co.uk/HemsnewWeb ... 0680000000
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/ ... emLite.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1227A23A-9A91-485B-88C7-F0A7E0248CF5} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C8C5D718-624C-449E-BA81-F674636260AF} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C8C5D718-624C-449E-BA81-F674636260AF}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{C8C5D718-624C-449E-BA81-F674636260AF}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{C8C5D718-624C-449E-BA81-F674636260AF}\2445F40756E6A7F6E656D235471627265736B637 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{C8C5D718-624C-449E-BA81-F674636260AF}\3736F6F64756273616666656E2765756374737 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C8C5D718-624C-449E-BA81-F674636260AF}\45865602242756164625F6F6D6 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{EE00774A-B153-4504-862F-3FB90F334D90} : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{EE00774A-B153-4504-862F-3FB90F334D90}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{EE00774A-B153-4504-862F-3FB90F334D90}\2445F40756E6A7F6E656D284 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{EE00774A-B153-4504-862F-3FB90F334D90}\F54586560234C6F65746 : DHCPNameServer = 10.1.5.153 10.1.5.154
Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli FAPassSync
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\rjpjn0lm.default\
FF - prefs.js: browser.startup.homepage - hxxp://groups.yahoo.com/group/freecycle ... ssages?o=1
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 109&UM=&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-05-15 23:25; ascsurfingprotection@iobit.com; C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\rjpjn0lm.default\extensions\ascsurfingprotection@iobit.com
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-4-28 17720]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdflt.sys [2012-10-6 19504]
R1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2012-11-26 89640]
R1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2012-11-26 114728]
R1 NNSHTTPS;NNSHTTPS;C:\Windows\System32\drivers\NNSHttps.sys [2013-1-9 95712]
R1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2012-11-26 114216]
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\Windows\System32\drivers\NNSNAHSL.sys [2012-10-22 33320]
R1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2012-11-26 94248]
R1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2012-11-26 118312]
R1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2012-11-26 306216]
R1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2012-11-26 116776]
R1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2012-11-26 114216]
R1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2012-11-28 232488]
R1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2012-11-26 105000]
R1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2012-11-9 204328]
R1 RapportCerberus_53984;RapportCerberus_53984;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus64_53984.sys [2013-5-28 588048]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-4-30 229040]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-3-5 98208]
R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-4 2409800]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-5 13336]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-4-28 821592]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2012-10-6 60928]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2012-11-9 167976]
R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2012-11-9 119848]
R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2012-11-9 123944]
R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2012-11-9 133160]
R2 QDLService2kAlienware;Qualcomm Gobi 2000 Download Service (Alienware);C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kAlienware.exe [2010-3-15 330488]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-4-30 1124632]
R2 Realtek11nCU;Realtek11nCU;C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2012-10-25 36864]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2012-10-6 25648]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 PSSDK42;PSSDK42;C:\Windows\System32\drivers\pssdk42.sys [2012-10-9 53312]
R3 PSSDKLBF;PSSDKLBF;C:\Windows\System32\drivers\pssdklbf.sys [2012-10-9 65600]
S0 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2012-10-5 20392]
S2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2012-10-5 20984]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2012-10-5 328232]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-10-5 39464]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-9-19 102368]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-25 238848]
S3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-4-28 21384]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-18 143472]
S3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2013-4-28 58360]
S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2013-4-22 236688]
S3 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-4-30 357712]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-8 19456]
S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-4-28 33224]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192cu.sys [2012-10-13 848384]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-8 57856]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-4-28 21904]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-6 1255736]
S4 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-1-4 465216]
S4 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2012-11-28 69160]
S4 tbbLoaderService;tbbLoaderService;C:\Program Files (x86)\thinkbroadband.com\tbbMeter\tbbLoaderService.exe [2010-10-9 14848]
.
=============== Created Last 30 ================
.
2013-06-06 13:46:41 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EBCA2E4D-D43C-4F07-B992-52E9137707A2}\mpengine.dll
2013-06-05 17:41:00 29288 ----a-w- C:\Windows\System32\nvhdap64.dll
2013-06-05 17:41:00 155752 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2013-06-05 17:24:42 7493224 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2013-06-05 17:24:01 255080 ----a-w- C:\Windows\System32\nvcod1919.dll
2013-06-05 17:24:01 255080 ----a-w- C:\Windows\System32\nvcod.dll
2013-06-05 17:24:01 2162792 ----a-w- C:\Windows\System32\nvapi64.dll
2013-06-05 16:49:55 -------- d-----w- C:\Users\Nick\AppData\Local\Akamai
2013-06-05 16:46:20 -------- d-----w- C:\NVIDIA
2013-06-05 16:35:02 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-05 05:57:54 9460464 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-28 12:58:04 -------- d-----w- C:\Program Files (x86)\GRETECH
2013-05-24 13:17:33 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-23 19:21:46 -------- d-----w- C:\Users\Nick\AppData\Roaming\Philipp Winterberg
2013-05-23 19:21:40 -------- d-----w- C:\Program Files (x86)\Free RAR Extract Frog
2013-05-21 14:32:08 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-21 14:32:07 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{03E69BE9-D87D-4B7C-BB60-469063F5B681}\gapaengine.dll
2013-05-16 19:14:21 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-05-16 16:37:22 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{594DC557-36BE-47AE-84E0-A7AC5E29C288}\mpengine.dll
2013-05-16 16:25:40 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-16 16:17:10 9195912 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-05-16 16:08:21 -------- d-----w- C:\Program Files (x86)\GUMC447.tmp
2013-05-16 15:06:09 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-05-11 10:24:08 -------- d-----w- C:\Program Files (x86)\GUM9DAD.tmp
.
==================== Find3M ====================
.
2013-06-06 14:33:03 65600 ----a-w- C:\Windows\System32\drivers\pssdklbf.sys
2013-06-06 14:33:03 53312 ----a-w- C:\Windows\System32\drivers\pssdk42.sys
2013-05-16 17:17:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-16 17:17:13 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-30 00:28:50 236688 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 15:55:00.82 ===============

Attach Log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 05/10/2012 22:15:42
System Uptime: 06/06/2013 09:03:18 (6 hours ago)
.
Motherboard: Alienware | | 0VWGCV
Processor: Genuine Intel(R) CPU U7300 @ 1.30GHz | U2E1 | 1729/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 368.911 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\CPL0002\2&DABA3FF&1
Manufacturer:
Name:
PNP Device ID: ACPI\CPL0002\2&DABA3FF&1
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: facap, FastAccess Video Capture
Device ID: ROOT\IMAGE\0000
Manufacturer: Sensible Vision
Name: facap, FastAccess Video Capture
PNP Device ID: ROOT\IMAGE\0000
Service: FACAP
.
==== System Restore Points ===================
.
RP120: 23/05/2013 15:42:44 - Windows Update
RP121: 27/05/2013 16:43:56 - Windows Update
RP122: 30/05/2013 17:20:42 - Windows Update
RP123: 03/06/2013 17:21:49 - Windows Update
RP124: 05/06/2013 17:34:05 - Installed Java 7 Update 21
.
==== Installed Programs ======================
.
Accelerometer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Advanced SystemCare 6
Akamai NetSession Interface
µTorrent
Call of Duty(R) 2
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP Navigator EX 4.0
Canon MP270 series MP Drivers
Canon MP270 series User Registration
Canon MP495 series MP Drivers
Canon MP495 series User Registration
Canon My Printer
Canon Solution Menu EX
Command Center
DW WLAN Card Utility
Free RAR Extract Frog
GOM Player
Google Chrome
Google Drive
Google Earth Plug-in
Google Update Helper
InstallVC90Support
Intel(R) Control Center
Intel(R) Rapid Storage Technology
IObit Malware Fighter
Java 7 Update 21
Java Auto Updater
JMicron 1394 Filter Driver
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
NVIDIA Control Panel 263.08
NVIDIA Graphics Driver 263.08
NVIDIA HD Audio Driver 1.1.13.1
NVIDIA Install Application
OpenOffice.org 3.4.1
Panda Cloud Antivirus
Picasa 3
Qualcomm Gobi 2000 Package for Alienware
QuickTime
Rapport
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver and Utility
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Sid Meier's Civilization V
Smart Defrag 2
Steam
Synaptics Pointing Device Driver
tbbMeter
tbbMeter Loader Service
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 2.0.5
WIDCOMM Bluetooth Software
Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (01/20/2010 6.3.0.3500)
Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (01/28/2010 6.3.0.3800)
Windows Driver Package - Broadcom HIDClass (09/11/2009 6.3.0.1500)
.
==== Event Viewer Messages From Past Week ========
.
05/06/2013 19:07:41, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
05/06/2013 19:07:39, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Alienware Fusion Service service to connect.
05/06/2013 19:07:39, Error: Service Control Manager [7000] - The Alienware Fusion Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/06/2013 19:06:52, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
05/06/2013 19:06:52, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
05/06/2013 19:03:44, Error: Service Control Manager [7001] - The Intel(R) Rapid Storage Technology service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
05/06/2013 19:01:11, Error: Service Control Manager [7001] - The Server service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
05/06/2013 19:01:11, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
.
==== End Of File ===========================
Undinist
Regular Member
 
Posts: 15
Joined: June 6th, 2013, 11:00 am
Advertisement
Register to Remove

Re: Slow page loading and Hotmail account hijacked

Unread postby Gary R » June 8th, 2013, 11:41 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Slow page loading and Hotmail account hijacked

Unread postby Gary R » June 8th, 2013, 11:59 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Undinist

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

µTorrent
IObit Malware Fighter
Panda Cloud Antivirus


Use of P2P programs is the fastest way to an infected machine that I know, in return for our help this forum insists on the removal of all P2P/torrent type programs.

IOBit have a well established reputation for stealing other people's intellectual property and incorporating it into their products, I strongly suggest you remove their program from your machine.

You have Microsoft Security Essential installed as your primary Anti-Virus product, so the installation of another AV will cause conflicts, and result in less not more protection for your computer, for this reason you should uninstall Panda Cloud AV.

Once all are uninstalled, reboot your computer.

You have what looks to be an incompletely removed "conduit" toolbar on your computer which is probably the source of most of your problems, we'll need to run a few scans to see how much of it remains, and then when we've established that, we'll need to remove them and see how things run.

First

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Search.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

Next

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

Please download SystemLook from one of the links below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems

  • Double-click SystemLook.exe to run it.
  • Copy and paste the contents of the following codebox into the main textfield: (click the select all button next to the codebox to select the entire script)
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *conduit*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *conduit*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    babylon
    conduit
    
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Summary of the logs I need from you in your next post:
  • AdwCleaner[R1].txt
  • OTL.txt
  • Extras.txt
  • SystemLook.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Slow page loading and Hotmail account hijacked

Unread postby Undinist » June 8th, 2013, 12:23 pm

Gary, thank you so much for spending your time helping me on this sunny Saturday, it's fantastic. Back later.
Undinist
Regular Member
 
Posts: 15
Joined: June 6th, 2013, 11:00 am

Re: Slow page loading and Hotmail account hijacked

Unread postby Undinist » June 9th, 2013, 8:25 pm

# AdwCleaner v2.303 - Logfile created 06/10/2013 at 01:15:48
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Nick - M11X
# Boot Mode : Normal
# Running from : C:\Users\Nick\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Users\Nick\AppData\Local\Babylon
Folder Found : C:\Users\Nick\AppData\Local\Conduit
Folder Found : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Folder Found : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Folder Found : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Found : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Found : C:\Users\Nick\AppData\LocalLow\Conduit
Folder Found : C:\Users\Nick\AppData\Roaming\Babylon
Folder Found : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\rjpjn0lm.default\extensions\software@loadtubes.com

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Key Found : HKCU\Software\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\PIP
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\rjpjn0lm.default\prefs.js

Found : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CU[...]
Found : user_pref("smartbar.machineId", "YGUNOB6ZFUUNVJHFYEJUMGMY4IYNQL/K3K6YHOKZCOVYE8UH49GAU9EYIG9BVHQHWCC[...]

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.4000] : urls_to_restore_on_startup = [ "hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=0853e989-3f9d-434f-b9f9-12ab9914b14a&searchtype=hp" ]

*************************

AdwCleaner[R1].txt - [3314 octets] - [10/06/2013 01:15:48]

########## EOF - C:\AdwCleaner[R1].txt - [3374 octets] ##########
Undinist
Regular Member
 
Posts: 15
Joined: June 6th, 2013, 11:00 am

Re: Slow page loading and Hotmail account hijacked

Unread postby Undinist » June 9th, 2013, 8:47 pm

OTL logfile created on: 10/06/2013 01:19:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nick\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.90 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 65.07% Memory free
7.80 Gb Paging File | 6.21 Gb Available in Paging File | 79.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.64 Gb Total Space | 367.90 Gb Free Space | 79.01% Space Free | Partition Type: NTFS
Drive D: | 232.82 Gb Total Space | 4.10 Gb Free Space | 1.76% Space Free | Partition Type: FAT32

Computer Name: M11X | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/10 01:19:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Downloads\OTL.exe
PRC - [2013/05/16 17:08:21 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013/04/30 01:28:38 | 002,115,864 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/04/30 01:28:38 | 001,124,632 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/12/27 09:01:34 | 001,925,120 | R--- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2010/08/13 17:33:38 | 001,362,544 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
PRC - [2010/05/21 14:34:38 | 000,013,624 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
PRC - [2010/05/21 14:33:48 | 000,063,304 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2010/04/04 19:44:10 | 000,095,560 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
PRC - [2010/04/04 19:44:08 | 001,992,008 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
PRC - [2010/04/04 19:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
PRC - [2010/03/15 14:17:56 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kAlienware.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/24 09:33:58 | 002,883,584 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/16 17:55:20 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll
MOD - [2013/05/16 17:48:07 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
MOD - [2013/05/16 17:47:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/16 17:47:30 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013/05/16 17:47:13 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013/05/16 17:47:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/01/10 22:26:29 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/10 22:26:27 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll
MOD - [2013/01/10 22:04:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 22:04:17 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/10 22:03:22 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 22:02:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 22:02:32 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 22:02:23 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/11/03 09:45:21 | 000,557,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\46125\RapportMS.dll
MOD - [2012/10/06 22:15:25 | 000,027,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LightFX\1.0.92.0__bebb3c8816410241\LightFX.dll
MOD - [2012/10/06 22:15:25 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.dll
MOD - [2012/10/06 22:15:25 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.Core\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.Core.dll
MOD - [2012/10/06 22:15:24 | 004,790,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.92.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll
MOD - [2012/10/06 22:15:24 | 000,443,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.92.0__bebb3c8816410241\AlienwareAlienFXTools.dll
MOD - [2012/10/06 22:15:23 | 000,075,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.92.0__bebb3c8816410241\AlienLabsTools.dll
MOD - [2012/10/06 22:15:23 | 000,037,712 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.92.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
MOD - [2012/10/06 22:15:23 | 000,025,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.92.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll
MOD - [2012/10/06 22:15:22 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x514\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x514.dll
MOD - [2012/10/06 22:15:22 | 000,028,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll
MOD - [2012/10/06 22:15:22 | 000,027,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll
MOD - [2012/10/06 22:15:22 | 000,024,904 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.92.0__bebb3c8816410241\AlienFX.Communication.XPS.dll
MOD - [2012/10/06 22:15:21 | 000,037,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll
MOD - [2012/10/06 22:15:21 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll
MOD - [2012/10/06 22:15:21 | 000,019,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll
MOD - [2012/10/06 22:15:21 | 000,017,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.92.0__bebb3c8816410241\AlienFX.Communication.Core.dll
MOD - [2012/10/06 22:15:20 | 000,011,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.92.0__bebb3c8816410241\AlienFX.Communication.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/08/13 17:33:38 | 001,362,544 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
MOD - [2010/04/04 19:45:06 | 000,089,416 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
MOD - [2010/04/04 19:44:12 | 000,059,208 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2010/04/04 19:42:44 | 000,247,624 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
MOD - [2010/02/24 09:33:58 | 002,883,584 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
MOD - [2009/12/18 11:07:06 | 000,577,536 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/05/21 10:39:22 | 000,014,648 | ---- | M] (Alienware) [Auto | Stopped] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2010/04/04 19:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe -- (FAService)
SRV:64bit: - [2010/02/02 14:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2010/01/28 18:04:38 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 23:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/30 01:28:38 | 001,124,632 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/04/28 15:35:58 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/15 19:47:10 | 000,465,216 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2010/10/09 10:18:00 | 000,014,848 | ---- | M] (thinkbroadband.com) [Disabled | Stopped] -- C:\Program Files (x86)\thinkbroadband.com\tbbMeter\tbbLoaderService.exe -- (tbbLoaderService)
SRV - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nCU)
SRV - [2010/04/05 20:55:01 | 000,116,104 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:17:56 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kAlienware.exe -- (QDLService2kAlienware)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/02/10 08:18:30 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/06 15:33:03 | 000,065,600 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdklbf.sys -- (PSSDKLBF)
DRV:64bit: - [2013/06/06 15:33:03 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk42.sys -- (PSSDK42)
DRV:64bit: - [2013/04/30 01:28:50 | 000,236,688 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2013/02/18 10:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/01/09 21:46:02 | 000,095,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSHttps.sys -- (NNSHTTPS)
DRV:64bit: - [2012/11/28 14:04:05 | 000,232,488 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSStrm.sys -- (NNSSTRM)
DRV:64bit: - [2012/11/28 14:04:04 | 000,069,160 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\NNSPihsw.sys -- (NNSPIHSW)
DRV:64bit: - [2012/11/26 16:49:11 | 000,105,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNStlsc.sys -- (NNSTLSC)
DRV:64bit: - [2012/11/26 16:49:10 | 000,116,776 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPrv.sys -- (NNSPRV)
DRV:64bit: - [2012/11/26 16:49:10 | 000,114,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV:64bit: - [2012/11/26 16:49:09 | 000,306,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSProt.sys -- (NNSPROT)
DRV:64bit: - [2012/11/26 16:49:09 | 000,118,312 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPop3.sys -- (NNSPOP3)
DRV:64bit: - [2012/11/26 16:49:08 | 000,094,248 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSpicc.sys -- (NNSPICC)
DRV:64bit: - [2012/11/26 16:49:07 | 000,114,728 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSHttp.sys -- (NNSHTTP)
DRV:64bit: - [2012/11/26 16:49:07 | 000,114,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSIds.sys -- (NNSIDS)
DRV:64bit: - [2012/11/26 16:49:07 | 000,089,640 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSAlpc.sys -- (NNSALPC)
DRV:64bit: - [2012/11/09 19:01:13 | 000,204,328 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC)
DRV:64bit: - [2012/11/09 19:01:13 | 000,133,160 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt)
DRV:64bit: - [2012/11/09 19:01:13 | 000,123,944 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc)
DRV:64bit: - [2012/11/09 19:01:12 | 000,167,976 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt)
DRV:64bit: - [2012/11/09 19:01:12 | 000,119,848 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile)
DRV:64bit: - [2012/11/07 09:00:05 | 000,058,360 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
DRV:64bit: - [2012/10/22 12:09:23 | 000,033,320 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSNAHSL.sys -- (NNSNAHSL)
DRV:64bit: - [2012/09/19 11:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(http://www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 16:17:34 | 007,370,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/02/11 02:36:14 | 000,848,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192cu.sys -- (RTL8192cu)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/10 08:18:40 | 000,025,648 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2010/02/02 14:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2010/02/02 14:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/02/02 14:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/01/22 10:26:50 | 000,305,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/20 18:19:34 | 000,328,232 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/01/20 18:19:26 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/01/13 22:41:12 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/13 22:41:06 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/05 14:43:40 | 000,019,504 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009/12/14 22:10:04 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/11/10 15:18:32 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2009/08/18 08:23:32 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/26 15:43:42 | 000,016,752 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EMSC.sys -- (EMSC)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/25 03:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV - [2013/05/28 13:12:56 | 000,588,048 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus64_53984.sys -- (RapportCerberus_53984)
DRV - [2013/04/30 01:28:50 | 000,357,712 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2013/04/30 01:28:50 | 000,229,040 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 15:43:42 | 000,013,680 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\EMSC.sys -- (EMSC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-278811305-3920256780-2860793559-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-278811305-3920256780-2860793559-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-278811305-3920256780-2860793559-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-278811305-3920256780-2860793559-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-278811305-3920256780-2860793559-1000\..\SearchScopes,DefaultScope = {D8E1883F-D665-41E7-9D36-D53BA9CEDA84}
IE - HKU\S-1-5-21-278811305-3920256780-2860793559-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-278811305-3920256780-2860793559-1000\..\SearchScopes\{D8E1883F-D665-41E7-9D36-D53BA9CEDA84}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-278811305-3920256780-2860793559-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-278811305-3920256780-2860793559-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://groups.yahoo.com/group/freecyclelambeth/messages?o=1"
FF - prefs.js..extensions.enabledAddons: alertbox%40ajitk.com:0.4.8.20130402
FF - prefs.js..extensions.enabledAddons: software%40loadtubes.com:1.01
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN05549634542160109&UM=&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/24 14:17:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/10/09 23:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Extensions
[2013/05/16 16:52:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\rjpjn0lm.default\extensions
[2013/05/16 16:59:37 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\rjpjn0lm.default\extensions\ascsurfingprotection@iobit.com
[2013/05/16 16:52:35 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\rjpjn0lm.default\extensions\software@loadtubes.com
[2013/04/27 20:04:05 | 000,180,693 | ---- | M] () (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\rjpjn0lm.default\extensions\alertbox@ajitk.com.xpi
[2013/05/24 14:17:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/24 14:52:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.8.6_0\
CHR - Extension: Google Docs = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube Options = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.121_0\
CHR - Extension: uTorrentBar = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\10.16.2.509_0\
CHR - Extension: YouTube = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: uTorrentControl_v2 = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.2.509_0\
CHR - Extension: Smartr Inbox for Gmail = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gakklmehjhhdfjjgnmpkjoemjmeomnli\0.72_0\
CHR - Extension: AdBlock = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: TinEye Reverse Image Search = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0\
CHR - Extension: Rapportive = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin\1.4.1_0\
CHR - Extension: Facebook Invite Them All = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jladghljinmlokelojmdmblikkifabea\4.5_0\
CHR - Extension: Save as PDF = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc\1.7_0\
CHR - Extension: FVD Video Downloader = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.1.6_0\
CHR - Extension: Print Friendly & PDF = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj\2.3_0\
CHR - Extension: Synology Download Station for Google Chrome\u2122 = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\onhbegdkgonhlokobjefolhpoidcnida\1.6.3_0\
CHR - Extension: Gmail = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/04/08 23:57:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-278811305-3920256780-2860793559-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-278811305-3920256780-2860793559-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-278811305-3920256780-2860793559-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} http://www.homeswapper.co.uk/HemsnewWeb ... 0680000000 (Image Uploader Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/ ... emLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1227A23A-9A91-485B-88C7-F0A7E0248CF5}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8C5D718-624C-449E-BA81-F674636260AF}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE00774A-B153-4504-862F-3FB90F334D90}: DhcpNameServer = 192.168.22.22 192.168.22.23
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll) - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/23 11:29:42 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/10 01:01:47 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/06/10 01:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/06/10 01:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/06/09 03:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\XP32
[2013/06/09 03:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Win764
[2013/06/09 03:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Win732
[2013/06/09 03:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Vista64
[2013/06/09 03:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Vista32
[2013/06/09 03:05:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alienware On-Screen Display
[2013/06/05 18:24:42 | 007,493,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013/06/05 18:24:01 | 002,162,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013/06/05 18:24:01 | 000,255,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1919.dll
[2013/06/05 18:24:01 | 000,255,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2013/06/05 17:49:55 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Akamai
[2013/06/05 17:46:20 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013/06/05 17:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/06/05 17:35:02 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/06/05 17:35:02 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/06/05 17:35:02 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/31 11:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/05/28 13:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2013/05/28 13:58:16 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\GRETECH
[2013/05/28 13:58:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
[2013/05/24 14:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/23 20:21:46 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Philipp Winterberg
[2013/05/23 20:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free RAR Extract Frog
[2013/05/23 20:21:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free RAR Extract Frog
[2013/05/16 20:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/05/16 19:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/16 17:26:37 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/16 17:26:37 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/16 17:26:36 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/16 17:26:35 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/16 17:26:35 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/16 17:26:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/16 17:26:35 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/05/16 17:26:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/16 17:26:35 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/16 17:26:35 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/16 17:26:35 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/05/16 17:26:35 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/16 17:26:32 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/16 17:26:32 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/16 17:26:31 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/16 17:25:39 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/16 17:25:39 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/16 17:25:34 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/05/16 17:25:34 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/05/16 17:25:33 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/16 17:25:33 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/16 17:25:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/05/16 17:17:10 | 009,195,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/05/16 16:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/10 01:17:34 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/10 01:17:34 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/10 01:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/10 01:13:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/10 01:10:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/10 01:09:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/10 01:08:45 | 3143,225,344 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/10 01:05:06 | 000,696,920 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/10 01:05:06 | 000,607,416 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/10 01:05:06 | 000,103,558 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/10 01:03:03 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-M11X-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/06/10 01:01:32 | 000,002,235 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/06/09 03:04:16 | 000,200,704 | ---- | M] (Dell) -- C:\Windows\SysNative\CCBiosSupportAPI.dll
[2013/06/06 15:33:03 | 000,065,600 | ---- | M] (microOLAP Technologies LTD) -- C:\Windows\SysNative\drivers\pssdklbf.sys
[2013/06/06 15:33:03 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) -- C:\Windows\SysNative\drivers\pssdk42.sys
[2013/05/28 13:58:21 | 000,001,209 | ---- | M] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2013/05/23 21:59:21 | 000,002,279 | ---- | M] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/16 20:26:50 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/05/16 18:17:13 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/16 18:17:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/16 18:17:07 | 009,195,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/05/16 17:42:07 | 000,368,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/15 17:27:16 | 000,011,577 | ---- | M] () -- C:\Users\Nick\Documents\healthhistory.odt
[2013/05/13 22:11:08 | 000,020,320 | ---- | M] () -- C:\Users\Nick\Documents\Food.odt
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/10 01:03:03 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-M11X-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/06/10 01:01:32 | 000,002,235 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/06/09 02:54:27 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2013/06/05 18:24:34 | 000,007,261 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013/05/28 13:58:21 | 000,001,209 | ---- | C] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2013/05/24 14:52:44 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/16 20:26:50 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/05/16 20:14:25 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/05/16 19:13:46 | 000,002,279 | ---- | C] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/16 20:07:17 | 000,000,293 | ---- | C] () -- C:\Windows\game.ini
[2013/02/02 07:10:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/02 07:10:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/02 07:10:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/02 07:10:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/02 07:10:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/13 01:21:16 | 000,123,668 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/01/13 01:17:18 | 000,048,640 | ---- | C] () -- C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/06 19:54:39 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2012/10/05 22:53:55 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/10/05 22:53:55 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2012/10/05 22:53:55 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/10/05 22:53:53 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/10/05 22:25:21 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/10 10:16:39 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/05/10 10:16:39 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/02/02 00:47:16 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Babylon
[2012/11/13 13:17:23 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Canon
[2013/02/02 07:25:29 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\convert
[2012/10/09 23:21:21 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\FireShot
[2013/05/16 19:18:02 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\IObit
[2013/01/25 02:17:21 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\K-Meleon
[2013/05/16 16:52:36 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\OpenOffice.org
[2013/05/16 16:52:36 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Panda Security
[2013/05/23 20:21:46 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Philipp Winterberg
[2013/05/02 23:26:59 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\TuneUp Software
[2013/06/10 01:07:10 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >
Undinist
Regular Member
 
Posts: 15
Joined: June 6th, 2013, 11:00 am

Re: Slow page loading and Hotmail account hijacked

Unread postby Undinist » June 9th, 2013, 8:48 pm

OTL Extras logfile created on: 10/06/2013 01:19:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nick\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.90 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 65.07% Memory free
7.80 Gb Paging File | 6.21 Gb Available in Paging File | 79.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.64 Gb Total Space | 367.90 Gb Free Space | 79.01% Space Free | Partition Type: NTFS
Drive D: | 232.82 Gb Total Space | 4.10 Gb Free Space | 1.76% Space Free | Partition Type: FAT32

Computer Name: M11X | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-278811305-3920256780-2860793559-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{293220C5-1104-489D-84EF-FDD39A24A83C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2C92E3B5-AF59-48DE-90B5-5371C3D56441}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2AC14631-5510-4AD0-B48D-55DE82C8A291}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink\common\ramediaserver.exe |
"{357FAAED-94BD-4447-B798-682C88D70E36}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{404895E0-3EA8-4F7D-A489-E0AE562BB897}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink\common\raui.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{50E2E766-C8D8-4131-BA64-E5A4F94220ED}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink\common\raui.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{59E65046-F516-42A2-9989-72A7C293EF9D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{63BB11D4-16C9-436A-B856-034A80D09DDE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{79DD4F09-3292-4664-84E5-301970FC7FED}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink\common\ramediaserver.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AEA50216-E590-4B0A-A6BA-FB4AC6A7E486}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink\common\raui.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D22D26EB-4992-4335-A3D9-E6B39BB38E8B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8A278DE-E190-4ABB-BCDA-459D3BCACBCC}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink\common\raui.exe |
"TCP Query User{51699401-CFB6-41FD-BCC7-01F4DA5B8B9A}C:\users\nick\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\nick\appdata\local\akamai\netsession_win.exe |
"TCP Query User{5D1C1A6D-2305-4B38-8A34-168855E8A071}C:\users\nick\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\nick\appdata\local\akamai\netsession_win.exe |
"UDP Query User{45A7F081-EEE4-42EA-8CE4-3BC0F944B722}C:\users\nick\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\nick\appdata\local\akamai\netsession_win.exe |
"UDP Query User{D77CA19F-E5C2-46B5-8896-A2DE2A33ED15}C:\users\nick\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\nick\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 263.08
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 263.08
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DEE69E05-EF81-4B86-8385-BE448339227F}" = Panda Cloud Antivirus
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3366905E6EFF86120E12E2DB3F8F2EDC3B7F5003" = Windows Driver Package - Broadcom HIDClass (09/11/2009 6.3.0.1500)
"5BB2352543C023211B5CDA6229832626C218EB7F" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (01/28/2010 6.3.0.3800)
"79B5284AC8847651E6939E5B2FB1A473E6C9D19B" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (01/20/2010 6.3.0.3500)
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0ABBF310-94E4-4AE8-A6BD-10345A3F6439}" = Google Drive
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6B9C32DB-DBCD-45A8-B901-3A92A99A2474}" = InstallVC90Support
"{79F5C843-112C-4562-9F5C-29D255C91379}" = tbbMeter
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{831E13F4-3D72-4427-9C4C-A998E5952E7E}" = Alienware On-Screen Display
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D12314F45EB}" = REALTEK Wireless LAN Driver and Utility
"{9E3E3D64-5A2A-4CEF-A500-EB71188DBA90}" = OpenOffice.org 3.4.1
"{9F49F6B3-CB50-45E0-8D62-5465CA96064E}" = Qualcomm Gobi 2000 Package for Alienware
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{EA561FC0-A965-11E2-94D3-B8AC6F98CCE3}" = Google Earth Plug-in
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FDC85EE3-EDAA-47C9-9885-2A26FC41DC22}" = tbbMeter Loader Service
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"Canon MP270 series User Registration" = Canon MP270 series User Registration
"Canon MP495 series User Registration" = Canon MP495 series User Registration
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Free RAR Extract Frog" = Free RAR Extract Frog
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"InstallShield_{831E13F4-3D72-4427-9C4C-A998E5952E7E}" = Alienware On-Screen Display
"InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Picasa 3" = Picasa 3
"Rapport_msi" = Rapport
"Smart Defrag 2_is1" = Smart Defrag 2
"Steam App 8930" = Sid Meier's Civilization V
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"VLC media player" = VLC media player 2.0.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-278811305-3920256780-2860793559-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 16/05/2013 13:23:43 | Computer Name = M11X | Source = Application Error | ID = 1000
Description = Faulting application name: RapportService.exe, version: 3.5.1208.34,
time stamp: 0x515ab9c2 Faulting module name: MSVCR80.dll, version: 8.0.50727.762,
time stamp: 0x45712238 Exception code: 0xc0000005 Fault offset: 0x000173fa Faulting
process id: 0x84c Faulting application start time: 0x01ce525a16aafaa5 Faulting application
path: C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe Faulting module
path: C:\Program Files (x86)\Trusteer\Rapport\bin\MSVCR80.dll Report Id: 5b474812-be4d-11e2-9404-0026b9b693c3

Error - 16/05/2013 13:25:12 | Computer Name = M11X | Source = Application Error | ID = 1000
Description = Faulting application name: RapportService.exe, version: 3.5.1208.34,
time stamp: 0x515ab9c2 Faulting module name: MSVCR80.dll, version: 8.0.50727.762,
time stamp: 0x45712238 Exception code: 0xc0000005 Fault offset: 0x0001de30 Faulting
process id: 0x10ac Faulting application start time: 0x01ce525a4a96a012 Faulting application
path: C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe Faulting module
path: C:\Program Files (x86)\Trusteer\Rapport\bin\MSVCR80.dll Report Id: 90402d1d-be4d-11e2-9404-0026b9b693c3

Error - 17/05/2013 01:26:53 | Computer Name = M11X | Source = Application Error | ID = 1000
Description = Faulting application name: CivilizationV_DX11.exe, version: 1.0.2.44,
time stamp: 0x510a1a7a Faulting module name: lua51_Win32.dll, version: 0.0.0.0,
time stamp: 0x4b19357e Exception code: 0xc0000005 Fault offset: 0x0000bd36 Faulting
process id: 0xbe0 Faulting application start time: 0x01ce5283d5520f83 Faulting application
path: C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\CivilizationV_DX11.exe
Faulting
module path: C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization
V\lua51_Win32.dll Report Id: 61a4ec7f-beb2-11e2-bd6b-0026b9b693c3

Error - 20/05/2013 19:20:28 | Computer Name = M11X | Source = Chrome | ID = 1
Description =

Error - 27/05/2013 11:18:49 | Computer Name = M11X | Source = Application Hang | ID = 1002
Description = The program CivilizationV_DX11.exe version 1.0.2.44 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: a04 Start
Time: 01ce5ad6e032ec32 Termination Time: 19141 Application Path: C:\Program Files
(x86)\Steam\steamapps\common\Sid Meier's Civilization V\CivilizationV_DX11.exe Report
Id:

Error - 27/05/2013 20:17:50 | Computer Name = M11X | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.5.0, time stamp:
0x50c91d8b Faulting module name: vlc.exe, version: 2.0.5.0, time stamp: 0x50c91d8b
Exception
code: 0xc0000005 Fault offset: 0x00001665 Faulting process id: 0x834 Faulting application
start time: 0x01ce5b38af381115 Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting
module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Report Id: 07872525-c72c-11e2-bd83-0026b9b693c3

Error - 05/06/2013 12:55:35 | Computer Name = M11X | Source = Application Error | ID = 1000
Description = Faulting application name: RunDll32.EXE_NVPrxy64.DLL, version: 6.1.7600.16385,
time stamp: 0x4a5bc9e0 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process
id: 0xe6c Faulting application start time: 0x01ce620d6d86d1f0 Faulting application
path: C:\Windows\system32\RunDll32.EXE Faulting module path: unknown Report Id: bd20b9e1-ce00-11e2-802d-0026b9b693c3

Error - 05/06/2013 12:55:51 | Computer Name = M11X | Source = Application Error | ID = 1000
Description = Faulting application name: RunDll32.EXE_NVPrxy64.DLL, version: 6.1.7600.16385,
time stamp: 0x4a5bc9e0 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process
id: 0x2b8 Faulting application start time: 0x01ce620d890596fb Faulting application
path: C:\Windows\system32\RunDll32.EXE Faulting module path: unknown Report Id: c6d113be-ce00-11e2-802d-0026b9b693c3

Error - 05/06/2013 12:55:55 | Computer Name = M11X | Source = Application Error | ID = 1000
Description = Faulting application name: RunDll32.EXE_NVPrxy64.DLL, version: 6.1.7600.16385,
time stamp: 0x4a5bc9e0 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process
id: 0xc64 Faulting application start time: 0x01ce620d8b160877 Faulting application
path: C:\Windows\system32\RunDll32.EXE Faulting module path: unknown Report Id: c8e8a95c-ce00-11e2-802d-0026b9b693c3

Error - 05/06/2013 12:55:58 | Computer Name = M11X | Source = Application Error | ID = 1000
Description = Faulting application name: RunDll32.EXE_NVPrxy64.DLL, version: 6.1.7600.16385,
time stamp: 0x4a5bc9e0 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process
id: 0x4e0 Faulting application start time: 0x01ce620d8d2b3cb5 Faulting application
path: C:\Windows\system32\RunDll32.EXE Faulting module path: unknown Report Id: caf6b979-ce00-11e2-802d-0026b9b693c3

[ System Events ]
Error - 09/06/2013 09:26:06 | Computer Name = M11X | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 0 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 09/06/2013 09:26:06 | Computer Name = M11X | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 1 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 09/06/2013 09:26:58 | Computer Name = M11X | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Alienware
Fusion Service service to connect.

Error - 09/06/2013 09:26:58 | Computer Name = M11X | Source = Service Control Manager | ID = 7000
Description = The Alienware Fusion Service service failed to start due to the following
error: %%1053

Error - 09/06/2013 09:26:59 | Computer Name = M11X | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 09/06/2013 20:08:49 | Computer Name = M11X | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 0 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 09/06/2013 20:08:49 | Computer Name = M11X | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 1 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 09/06/2013 20:10:26 | Computer Name = M11X | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Alienware
Fusion Service service to connect.

Error - 09/06/2013 20:10:26 | Computer Name = M11X | Source = Service Control Manager | ID = 7000
Description = The Alienware Fusion Service service failed to start due to the following
error: %%1053

Error - 09/06/2013 20:10:28 | Computer Name = M11X | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom


< End of report >
Undinist
Regular Member
 
Posts: 15
Joined: June 6th, 2013, 11:00 am

Re: Slow page loading and Hotmail account hijacked

Unread postby Undinist » June 9th, 2013, 8:52 pm

SystemLook 04.09.10 by jpshortstuff
Log created at 01:51 on 10/06/2013 by Nick
Administrator - Elevation successful

No Context: OTL Extras logfile created on: 10/06/2013 01:19:47 - Run 1

No Context: OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nick\Downloads

No Context: 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

No Context: Internet Explorer (Version = 9.10.9200.16576)

No Context: Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

No Context:

No Context: 3.90 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 65.07% Memory free

No Context: 7.80 Gb Paging File | 6.21 Gb Available in Paging File | 79.54% Paging File free

No Context: Paging file location(s): ?:\pagefile.sys [binary data]

No Context:

No Context: %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

No Context: Drive C: | 465.64 Gb Total Space | 367.90 Gb Free Space | 79.01% Space Free | Partition Type: NTFS

No Context: Drive D: | 232.82 Gb Total Space | 4.10 Gb Free Space | 1.76% Space Free | Partition Type: FAT32

No Context:

No Context: Computer Name: M11X | User Name: Nick | Logged in as Administrator.

No Context: Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

No Context: Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

No Context:

No Context: ========== Extra Registry (SafeList) ==========

No Context:

No Context:

No Context: ========== File Associations ==========

No Context:

No Context: 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

No Context: .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

No Context: .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

No Context:

No Context: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

No Context: .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

No Context: .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

No Context:

No Context: [HKEY_USERS\S-1-5-21-278811305-3920256780-2860793559-1000\SOFTWARE\Classes\<extension>]

No Context: .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

No Context:

No Context: ========== Shell Spawning ==========

No Context:

No Context: 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

No Context: batfile [open] -- "%1" %*

No Context: cmdfile [open] -- "%1" %*

No Context: comfile [open] -- "%1" %*

No Context: exefile [open] -- "%1" %*

No Context: helpfile [open] -- Reg Error: Key error.

No Context: htmlfile [edit] -- Reg Error: Key error.

No Context: htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

No Context: htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

No Context: htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

No Context: http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

No Context: https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

No Context: inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

No Context: InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

No Context: InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

No Context: piffile [open] -- "%1" %*

No Context: regfile [merge] -- Reg Error: Key error.

No Context: scrfile [config] -- "%1"

No Context: scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

No Context: scrfile [open] -- "%1" /S

No Context: txtfile [edit] -- Reg Error: Key error.

No Context: Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

No Context: Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

No Context: Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

No Context: Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

No Context: Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

No Context: Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

No Context: Folder [explore] -- Reg Error: Value error.

No Context: Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

No Context: Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

No Context: CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

No Context:

No Context: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

No Context: batfile [open] -- "%1" %*

No Context: cmdfile [open] -- "%1" %*

No Context: comfile [open] -- "%1" %*

No Context: cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

No Context: exefile [open] -- "%1" %*

No Context: helpfile [open] -- Reg Error: Key error.

No Context: htmlfile [edit] -- Reg Error: Key error.

No Context: htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

No Context: htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

No Context: http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

No Context: https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

No Context: inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

No Context: piffile [open] -- "%1" %*

No Context: regfile [merge] -- Reg Error: Key error.

No Context: scrfile [config] -- "%1"

No Context: scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

No Context: scrfile [open] -- "%1" /S

No Context: txtfile [edit] -- Reg Error: Key error.

No Context: Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

No Context: Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

No Context: Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

No Context: Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

No Context: Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

No Context: Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

No Context: Folder [explore] -- Reg Error: Value error.

No Context: Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

No Context: Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

No Context: CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

No Context:

No Context: ========== Security Center Settings ==========

No Context:

No Context: 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

No Context: "cval" = 1

No Context: "FirewallDisableNotify" = 0

No Context: "AntiVirusDisableNotify" = 0

No Context: "UpdatesDisableNotify" = 0

No Context:

No Context: 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

No Context:

No Context: 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

No Context: "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

No Context: "AntiVirusOverride" = 0

No Context: "AntiSpywareOverride" = 0

No Context: "FirewallOverride" = 0

No Context:

No Context: 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

No Context:

No Context: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

No Context:

No Context: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

No Context:

No Context: ========== System Restore Settings ==========

No Context:

No Context: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

No Context: "DisableSR" = 0

No Context:

No Context: ========== Firewall Settings ==========

No Context:

No Context: 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

No Context:

No Context: 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

No Context:

No Context: 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

No Context:

No Context: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

No Context:

No Context: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

No Context:

No Context: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

No Context:

No Context: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

No Context: "DisableNotifications" = 0

No Context: "EnableFirewall" = 1

No Context:

No Context: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

No Context: "DisableNotifications" = 0

No Context: "EnableFirewall" = 1

No Context:

No Context: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

No Context:

No Context: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

No Context: "DisableNotifications" = 0

No Context: "EnableFirewall" = 1

No Context:

No Context: ========== Authorized Applications List ==========

No Context:

No Context: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

No Context:

No Context: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

No Context:

No Context:

No Context: ========== Vista Active Open Ports Exception List ==========

No Context:

No Context: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

No Context: "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |

No Context: "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |

No Context: "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |

No Context: "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

No Context: "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

No Context: "{293220C5-1104-489D-84EF-FDD39A24A83C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

No Context: "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |

No Context: "{2C92E3B5-AF59-48DE-90B5-5371C3D56441}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |

No Context: "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

No Context: "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

No Context: "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

No Context: "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |

No Context: "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |

No Context: "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

No Context: "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |

No Context: "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

No Context: "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |

No Context: "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |

No Context: "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |

No Context: "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

No Context: "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

No Context: "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |

No Context: "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

No Context:

No Context: ========== Vista Active Application Exception List ==========

No Context:

No Context: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

No Context: "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

No Context: "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

No Context: "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

No Context: "{2AC14631-5510-4AD0-B48D-55DE82C8A291}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink\common\ramediaserver.exe |

No Context: "{357FAAED-94BD-4447-B798-682C88D70E36}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |

No Context: "{404895E0-3EA8-4F7D-A489-E0AE562BB897}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink\common\raui.exe |

No Context: "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

No Context: "{50E2E766-C8D8-4131-BA64-E5A4F94220ED}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink\common\raui.exe |

No Context: "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

No Context: "{59E65046-F516-42A2-9989-72A7C293EF9D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

No Context: "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

No Context: "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

No Context: "{63BB11D4-16C9-436A-B856-034A80D09DDE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

No Context: "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

No Context: "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

No Context: "{79DD4F09-3292-4664-84E5-301970FC7FED}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink\common\ramediaserver.exe |

No Context: "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

No Context: "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

No Context: "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

No Context: "{AEA50216-E590-4B0A-A6BA-FB4AC6A7E486}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink\common\raui.exe |

No Context: "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |

No Context: "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

No Context: "{D22D26EB-4992-4335-A3D9-E6B39BB38E8B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |

No Context: "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

No Context: "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

No Context: "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

No Context: "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

No Context: "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

No Context: "{F8A278DE-E190-4ABB-BCDA-459D3BCACBCC}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink\common\raui.exe |

No Context: "TCP Query User{51699401-CFB6-41FD-BCC7-01F4DA5B8B9A}C:\users\nick\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\nick\appdata\local\akamai\netsession_win.exe |

No Context: "TCP Query User{5D1C1A6D-2305-4B38-8A34-168855E8A071}C:\users\nick\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\nick\appdata\local\akamai\netsession_win.exe |

No Context: "UDP Query User{45A7F081-EEE4-42EA-8CE4-3BC0F944B722}C:\users\nick\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\nick\appdata\local\akamai\netsession_win.exe |

No Context: "UDP Query User{D77CA19F-E5C2-46B5-8896-A2DE2A33ED15}C:\users\nick\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\nick\appdata\local\akamai\netsession_win.exe |

No Context:

No Context: ========== HKEY_LOCAL_MACHINE Uninstall List ==========

No Context:

No Context: 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

No Context: "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

No Context: "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers

No Context: "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers

No Context: "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software

No Context: "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

No Context: "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

No Context: "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

No Context: "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

No Context: "{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center

No Context: "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 263.08

No Context: "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 263.08

No Context: "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1

No Context: "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

No Context: "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client

No Context: "{DEE69E05-EF81-4B86-8385-BE448339227F}" = Panda Cloud Antivirus

No Context: "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

No Context: "3366905E6EFF86120E12E2DB3F8F2EDC3B7F5003" = Windows Driver Package - Broadcom HIDClass (09/11/2009 6.3.0.1500)

No Context: "5BB2352543C023211B5CDA6229832626C218EB7F" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (01/28/2010 6.3.0.3800)

No Context: "79B5284AC8847651E6939E5B2FB1A473E6C9D19B" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (01/20/2010 6.3.0.3500)

No Context: "DW WLAN Card Utility" = DW WLAN Card Utility

No Context: "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

No Context: "Microsoft Security Client" = Microsoft Security Essentials

No Context: "SynTPDeinstKey" = Synaptics Pointing Device Driver

No Context:

No Context: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

No Context: "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

No Context: "{0ABBF310-94E4-4AE8-A6BD-10345A3F6439}" = Google Drive

No Context: "{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver

No Context: "{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive

No Context: "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

No Context: "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21

No Context: "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology

No Context: "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

No Context: "{6B9C32DB-DBCD-45A8-B901-3A92A99A2474}" = InstallVC90Support

No Context: "{79F5C843-112C-4562-9F5C-29D255C91379}" = tbbMeter

No Context: "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

No Context: "{831E13F4-3D72-4427-9C4C-A998E5952E7E}" = Alienware On-Screen Display

No Context: "{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer

No Context: "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

No Context: "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

No Context: "{9C049499-055C-4a0c-A916-1D12314F45EB}" = REALTEK Wireless LAN Driver and Utility

No Context: "{9E3E3D64-5A2A-4CEF-A500-EB71188DBA90}" = OpenOffice.org 3.4.1

No Context: "{9F49F6B3-CB50-45E0-8D62-5465CA96064E}" = Qualcomm Gobi 2000 Package for Alienware

No Context: "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

No Context: "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)

No Context: "{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2

No Context: "{EA561FC0-A965-11E2-94D3-B8AC6F98CCE3}" = Google Earth Plug-in

No Context: "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

No Context: "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center

No Context: "{FDC85EE3-EDAA-47C9-9885-2A26FC41DC22}" = tbbMeter Loader Service

No Context: "{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC

No Context: "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

No Context: "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

No Context: "Advanced SystemCare 6_is1" = Advanced SystemCare 6

No Context: "Canon MP270 series User Registration" = Canon MP270 series User Registration

No Context: "Canon MP495 series User Registration" = Canon MP495 series User Registration

No Context: "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

No Context: "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program

No Context: "CanonMyPrinter" = Canon My Printer

No Context: "CanonSolutionMenuEX" = Canon Solution Menu EX

No Context: "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

No Context: "Easy-WebPrint EX" = Canon Easy-WebPrint EX

No Context: "Free RAR Extract Frog" = Free RAR Extract Frog

No Context: "GOM Player" = GOM Player

No Context: "Google Chrome" = Google Chrome

No Context: "InstallShield_{831E13F4-3D72-4427-9C4C-A998E5952E7E}" = Alienware On-Screen Display

No Context: "InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center

No Context: "InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2

No Context: "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

No Context: "Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)

No Context: "MozillaMaintenanceService" = Mozilla Maintenance Service

No Context: "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0

No Context: "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0

No Context: "Picasa 3" = Picasa 3

No Context: "Rapport_msi" = Rapport

No Context: "Smart Defrag 2_is1" = Smart Defrag 2

No Context: "Steam App 8930" = Sid Meier's Civilization V

No Context: "Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup

No Context: "VLC media player" = VLC media player 2.0.5

No Context:

No Context: ========== HKEY_USERS Uninstall List ==========

No Context:

No Context: [HKEY_USERS\S-1-5-21-278811305-3920256780-2860793559-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

No Context: "Akamai" = Akamai NetSession Interface

No Context:

No Context: ========== Last 20 Event Log Errors ==========

No Context:

No Context: [ Application Events ]

No Context: Error - 16/05/2013 13:23:43 | Computer Name = M11X | Source = Application Error | ID = 1000

No Context: Description = Faulting application name: RapportService.exe, version: 3.5.1208.34,

No Context: time stamp: 0x515ab9c2 Faulting module name: MSVCR80.dll, version: 8.0.50727.762,

No Context: time stamp: 0x45712238 Exception code: 0xc0000005 Fault offset: 0x000173fa Faulting

No Context: process id: 0x84c Faulting application start time: 0x01ce525a16aafaa5 Faulting application

No Context: path: C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe Faulting module

No Context: path: C:\Program Files (x86)\Trusteer\Rapport\bin\MSVCR80.dll Report Id: 5b474812-be4d-11e2-9404-0026b9b693c3

No Context:

No Context: Error - 16/05/2013 13:25:12 | Computer Name = M11X | Source = Application Error | ID = 1000

No Context: Description = Faulting application name: RapportService.exe, version: 3.5.1208.34,

No Context: time stamp: 0x515ab9c2 Faulting module name: MSVCR80.dll, version: 8.0.50727.762,

No Context: time stamp: 0x45712238 Exception code: 0xc0000005 Fault offset: 0x0001de30 Faulting

No Context: process id: 0x10ac Faulting application start time: 0x01ce525a4a96a012 Faulting application

No Context: path: C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe Faulting module

No Context: path: C:\Program Files (x86)\Trusteer\Rapport\bin\MSVCR80.dll Report Id: 90402d1d-be4d-11e2-9404-0026b9b693c3

No Context:

No Context: Error - 17/05/2013 01:26:53 | Computer Name = M11X | Source = Application Error | ID = 1000

No Context: Description = Faulting application name: CivilizationV_DX11.exe, version: 1.0.2.44,

No Context: time stamp: 0x510a1a7a Faulting module name: lua51_Win32.dll, version: 0.0.0.0,

No Context: time stamp: 0x4b19357e Exception code: 0xc0000005 Fault offset: 0x0000bd36 Faulting

No Context: process id: 0xbe0 Faulting application start time: 0x01ce5283d5520f83 Faulting application

No Context: path: C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\CivilizationV_DX11.exe

No Context: Faulting

No Context: module path: C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization

No Context: V\lua51_Win32.dll Report Id: 61a4ec7f-beb2-11e2-bd6b-0026b9b693c3

No Context:

No Context: Error - 20/05/2013 19:20:28 | Computer Name = M11X | Source = Chrome | ID = 1

No Context: Description =

No Context:

No Context: Error - 27/05/2013 11:18:49 | Computer Name = M11X | Source = Application Hang | ID = 1002

No Context: Description = The program CivilizationV_DX11.exe version 1.0.2.44 stopped interacting

No Context: with Windows and was closed. To see if more information about the problem is available,

No Context: check the problem history in the Action Center control panel. Process ID: a04 Start

No Context: Time: 01ce5ad6e032ec32 Termination Time: 19141 Application Path: C:\Program Files

No Context: (x86)\Steam\steamapps\common\Sid Meier's Civilization V\CivilizationV_DX11.exe Report

No Context: Id:

No Context:

No Context: Error - 27/05/2013 20:17:50 | Computer Name = M11X | Source = Application Error | ID = 1000

No Context: Description = Faulting application name: vlc.exe, version: 2.0.5.0, time stamp:

No Context: 0x50c91d8b Faulting module name: vlc.exe, version: 2.0.5.0, time stamp: 0x50c91d8b

No Context: Exception

No Context: code: 0xc0000005 Fault offset: 0x00001665 Faulting process id: 0x834 Faulting application

No Context: start time: 0x01ce5b38af381115 Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

No Context: Faulting

No Context: module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Report Id: 07872525-c72c-11e2-bd83-0026b9b693c3

No Context:

No Context: Error - 05/06/2013 12:55:35 | Computer Name = M11X | Source = Application Error | ID = 1000

No Context: Description = Faulting application name: RunDll32.EXE_NVPrxy64.DLL, version: 6.1.7600.16385,

No Context: time stamp: 0x4a5bc9e0 Faulting module name: unknown, version: 0.0.0.0, time stamp:

No Context: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process

No Context: id: 0xe6c Faulting application start time: 0x01ce620d6d86d1f0 Faulting application

No Context: path: C:\Windows\system32\RunDll32.EXE Faulting module path: unknown Report Id: bd20b9e1-ce00-11e2-802d-0026b9b693c3

No Context:

No Context: Error - 05/06/2013 12:55:51 | Computer Name = M11X | Source = Application Error | ID = 1000

No Context: Description = Faulting application name: RunDll32.EXE_NVPrxy64.DLL, version: 6.1.7600.16385,

No Context: time stamp: 0x4a5bc9e0 Faulting module name: unknown, version: 0.0.0.0, time stamp:

No Context: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process

No Context: id: 0x2b8 Faulting application start time: 0x01ce620d890596fb Faulting application

No Context: path: C:\Windows\system32\RunDll32.EXE Faulting module path: unknown Report Id: c6d113be-ce00-11e2-802d-0026b9b693c3

No Context:

No Context: Error - 05/06/2013 12:55:55 | Computer Name = M11X | Source = Application Error | ID = 1000

No Context: Description = Faulting application name: RunDll32.EXE_NVPrxy64.DLL, version: 6.1.7600.16385,

No Context: time stamp: 0x4a5bc9e0 Faulting module name: unknown, version: 0.0.0.0, time stamp:

No Context: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process

No Context: id: 0xc64 Faulting application start time: 0x01ce620d8b160877 Faulting application

No Context: path: C:\Windows\system32\RunDll32.EXE Faulting module path: unknown Report Id: c8e8a95c-ce00-11e2-802d-0026b9b693c3

No Context:

No Context: Error - 05/06/2013 12:55:58 | Computer Name = M11X | Source = Application Error | ID = 1000

No Context: Description = Faulting application name: RunDll32.EXE_NVPrxy64.DLL, version: 6.1.7600.16385,

No Context: time stamp: 0x4a5bc9e0 Faulting module name: unknown, version: 0.0.0.0, time stamp:

No Context: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process

No Context: id: 0x4e0 Faulting application start time: 0x01ce620d8d2b3cb5 Faulting application

No Context: path: C:\Windows\system32\RunDll32.EXE Faulting module path: unknown Report Id: caf6b979-ce00-11e2-802d-0026b9b693c3

No Context:

No Context: [ System Events ]

No Context: Error - 09/06/2013 09:26:06 | Computer Name = M11X | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35

No Context: Description = Performance power management features on processor 0 in group 0 are

No Context: disabled due to a firmware problem. Check with the computer manufacturer for updated

No Context: firmware.

No Context:

No Context: Error - 09/06/2013 09:26:06 | Computer Name = M11X | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35

No Context: Description = Performance power management features on processor 1 in group 0 are

No Context: disabled due to a firmware problem. Check with the computer manufacturer for updated

No Context: firmware.

No Context:

No Context: Error - 09/06/2013 09:26:58 | Computer Name = M11X | Source = Service Control Manager | ID = 7009

No Context: Description = A timeout was reached (30000 milliseconds) while waiting for the Alienware

No Context: Fusion Service service to connect.

No Context:

No Context: Error - 09/06/2013 09:26:58 | Computer Name = M11X | Source = Service Control Manager | ID = 7000

No Context: Description = The Alienware Fusion Service service failed to start due to the following

No Context: error: %%1053

No Context:

No Context: Error - 09/06/2013 09:26:59 | Computer Name = M11X | Source = Service Control Manager | ID = 7026

No Context: Description = The following boot-start or system-start driver(s) failed to load:

No Context: cdrom

No Context:

No Context: Error - 09/06/2013 20:08:49 | Computer Name = M11X | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35

No Context: Description = Performance power management features on processor 0 in group 0 are

No Context: disabled due to a firmware problem. Check with the computer manufacturer for updated

No Context: firmware.

No Context:

No Context: Error - 09/06/2013 20:08:49 | Computer Name = M11X | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35

No Context: Description = Performance power management features on processor 1 in group 0 are

No Context: disabled due to a firmware problem. Check with the computer manufacturer for updated

No Context: firmware.

No Context:

No Context: Error - 09/06/2013 20:10:26 | Computer Name = M11X | Source = Service Control Manager | ID = 7009

No Context: Description = A timeout was reached (30000 milliseconds) while waiting for the Alienware

No Context: Fusion Service service to connect.

No Context:

No Context: Error - 09/06/2013 20:10:26 | Computer Name = M11X | Source = Service Control Manager | ID = 7000

No Context: Description = The Alienware Fusion Service service failed to start due to the following

No Context: error: %%1053

No Context:

No Context: Error - 09/06/2013 20:10:28 | Computer Name = M11X | Source = Service Control Manager | ID = 7026

No Context: Description = The following boot-start or system-start driver(s) failed to load:

No Context: cdrom

No Context:

No Context:

No Context: < End of report >

-= EOF =-
Undinist
Regular Member
 
Posts: 15
Joined: June 6th, 2013, 11:00 am

Re: Slow page loading and Hotmail account hijacked

Unread postby Gary R » June 10th, 2013, 2:13 am

I don't know what you've done wrong, but the SystemLook log you've posted is not what I expected to see, please follow the instructions below, and post me a new SystemLook log ........

Please download SystemLook from the link below and save it to your Desktop.

For 64 bit Systems

  • Double-click SystemLook.exe to run it.
  • Now copy and paste the contents of the code box below into the main textfield of SystemLook (do not copy the word code or select all).
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *conduit*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *conduit*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    babylon
    conduit
    
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Slow page loading and Hotmail account hijacked

Unread postby Undinist » June 10th, 2013, 7:53 am

Oops...

SystemLook 04.09.10 by jpshortstuff
Log created at 12:36 on 10/06/2013 by Nick
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*babylon*"
No files found.

Searching for "*conduit*"
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\10.16.2.509_0\ConduitAbstractionLayerBack.js --a---- 492148 bytes [19:57 22/05/2013] [19:57 22/05/2013] C7203025CB1929E0ECB9F75A24406246
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\10.16.2.509_0\ConduitAbstractionLayerFront.js --a---- 253522 bytes [19:57 22/05/2013] [19:57 22/05/2013] 3296CEFD0F8C176F6AA4D47756AC66C2
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\10.16.2.509_0\js\conduitEnv.js --a---- 93693 bytes [19:57 22/05/2013] [19:57 22/05/2013] 9DB75E864BEA1C6855D203898ED5A7A2
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\10.16.2.509_0\plugins\ConduitChromeApiPlugin.dll --a---- 838944 bytes [19:57 22/05/2013] [19:57 22/05/2013] 23D66C35034CE67BC98DEE1535C48366
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\10.16.2.509_0\tb\al\aboutBox\images\conduit-logo-OLD.png --a---- 1305 bytes [19:57 22/05/2013] [19:57 22/05/2013] 5F8EF9A0B050532B90B2645E9627E3F9
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\10.16.2.509_0\tb\al\aboutBox\images\conduit-logo.png --a---- 3926 bytes [19:57 22/05/2013] [19:57 22/05/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\10.16.2.509_0\tb\al\options\images\conduit-logo.png --a---- 3926 bytes [19:57 22/05/2013] [19:57 22/05/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.2.509_0\ConduitAbstractionLayerBack.js --a---- 492148 bytes [19:57 22/05/2013] [19:57 22/05/2013] C7203025CB1929E0ECB9F75A24406246
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.2.509_0\ConduitAbstractionLayerFront.js --a---- 253522 bytes [19:57 22/05/2013] [19:57 22/05/2013] 3296CEFD0F8C176F6AA4D47756AC66C2
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.2.509_0\js\conduitEnv.js --a---- 93693 bytes [19:58 22/05/2013] [19:58 22/05/2013] 9DB75E864BEA1C6855D203898ED5A7A2
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.2.509_0\plugins\ConduitChromeApiPlugin.dll --a---- 838944 bytes [19:58 22/05/2013] [19:58 22/05/2013] 23D66C35034CE67BC98DEE1535C48366
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.2.509_0\tb\al\aboutBox\images\conduit-logo-OLD.png --a---- 1305 bytes [19:58 22/05/2013] [19:58 22/05/2013] 5F8EF9A0B050532B90B2645E9627E3F9
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.2.509_0\tb\al\aboutBox\images\conduit-logo.png --a---- 3926 bytes [19:58 22/05/2013] [19:58 22/05/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.2.509_0\tb\al\options\images\conduit-logo.png --a---- 3926 bytes [19:58 22/05/2013] [19:58 22/05/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage --a---- 4096 bytes [22:15 30/12/2012] [22:15 30/12/2012] D1239FC4AB6D647FE6BD84AED319D0D7

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*babylon*"
C:\ProgramData\Babylon d------ [23:47 01/02/2013]
C:\Users\All Users\Babylon d------ [23:47 01/02/2013]
C:\Users\Nick\AppData\Local\Babylon d------ [23:47 01/02/2013]
C:\Users\Nick\AppData\Roaming\Babylon d------ [23:47 01/02/2013]

Searching for "*conduit*"
C:\Program Files (x86)\Conduit d------ [16:07 30/12/2012]
C:\Users\Nick\AppData\Local\Conduit d------ [16:07 30/12/2012]
C:\Users\Nick\AppData\LocalLow\Conduit d------ [16:07 30/12/2012]

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
No data found.

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-278811305-3920256780-2860793559-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-278811305-3920256780-2860793559-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-278811305-3920256780-2860793559-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\bejbohlohkkgompgecdcbbglkpjfjgdj\Repository]
"ConduitUserID"="UN97654701862484229"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\bejbohlohkkgompgecdcbbglkpjfjgdj\Repository]
"gadgetsContextHash_129295695672325903___bejbohlohkkgompgecdcbbglkpjfjgdj"="%7B%22appId%22%3A%22129295695672325903%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2223.0.1271.97%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT2786678%22%2C%22name%22%3A%22uTorrentBar%22%2C%22downloadUrl%22%3A%22http%3A//uTorrentBar.OurToolbar.com/%22%2C%22version%22%3A%2210.13.20.29%22%2C%22cID%22%3A%22bejbohlohkkgompgecdcbbglkpjfjgdj%22%7D%2C%22appId%22%3A%22129295695672325903%22%2C%22onBeforeLoadData%22%3A%22%7B%5C%22view%
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\bejbohlohkkgompgecdcbbglkpjfjgdj\Repository]
"CT2786678.embeddedsData"="%5B%7B%22appId%22%3A%22129295695672325903%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22onBeforeLoadData%22%3A%22%7B%5C%22view%5C%22%3A%7B%5C%22html%5C%22%3A%5C%22%3Ctable%20id%3D%5C%5C%5C%22main%5C%5C%5C%22%20class%3D%5C%5C%5C%22mainwrapper%5C%5C%5C%22%20cellpadding%3D%5C%5C%5C%220%5C%5C%5C%22%20cellspacing%3D%5C%5C%5C%220%5C%5C%5C%22%3E%5C%5Cn%20%20%20%20%3Ctbody%3E%3Ctr%3E%5C%5Cn%20%20%20%20%20%20%20%20%3C%21--%20don%27t%20remove%20the%20width%3D%5C%5C%5C%22100%25%5C%5C%5C%22%20bug%20in%20chrome%20the%20width%20become%20in%20px--%3E%5C%5Cn%20%20%20%20%20%20%20%20%3Ctd%20id%3D%5C%5C%5C%22textboxWrapper%5C%5C%5C%22%20width%3D%5C%5C%5C%22100%25%5C%5C%5C%22%20style%3D%5C%5C%5C%
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\bejbohlohkkgompgecdcbbglkpjfjgdj\Repository]
"CT2786678.1000234.weatherData"="%7B%22icon%22%3A%2229.png%22%2C%22temperature%22%3A%2211%B0C%22%2C%22temperatureClear%22%3A%2211%B0C%22%2C%22highTemperature%22%3A%2211%B0C%22%2C%22lowTemperature%22%3A%229%B0C%22%2C%22feelsLike%22%3A%2211%B0C%22%2C%22condition%22%3A%22Partly%20Cloudy%22%2C%22tUnit%22%3A%22c%22%2C%22cityName%22%3A%22London%2C%20United%20Kingdom%22%2C%22lastUpdated%22%3A%2212/30/12%2010%3A20%20PM%20Local%20Time%22%2C%22humidity%22%3A%2276%25%22%2C%22visibility%22%3A%226%20mi%22%2C%22pressure%22%3A%221010.8%20mb%22%2C%22pressureDescription%22%3A%22steady%22%2C%22windFrom%22%3A%22SW%22%2C%22windSpeed%22%3A%2220%20mph%22%2C%22hasCurrentCondition%22%3Atrue%2C%22night%22%3Atrue%2C%22severaAlertsCount%22%3A0%2C%22loaded%22%3Atrue%2C%22day1%22%3A%7B%22icon%22%3A%2212.png%22%2C%22highTemperature%22%3A%2211%B0C%22%2C%22lowTemperature%22%3A%223%B0C%22%2C%22condition%22%3A%22Rain%20/%20Wind%
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\ejpbbhjlbipncjklfjjaedaieimbmdda\Repository]
"CT3220468.embeddedsData"="%5B%7B%22appId%22%3A%22129813684258939747%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22onBeforeLoadData%22%3A%22%7B%5C%22view%5C%22%3A%7B%5C%22html%5C%22%3A%5C%22%3Ctable%20id%3D%5C%5C%5C%22main%5C%5C%5C%22%20class%3D%5C%5C%5C%22mainwrapper%5C%5C%5C%22%20cellpadding%3D%5C%5C%5C%220%5C%5C%5C%22%20cellspacing%3D%5C%5C%5C%220%5C%5C%5C%22%3E%5C%5Cn%20%20%20%20%3Ctbody%3E%3Ctr%3E%5C%5Cn%20%20%20%20%20%20%20%20%3C%21--%20don%27t%20remove%20the%20width%3D%5C%5C%5C%22100%25%5C%5C%5C%22%20bug%20in%20chrome%20the%20width%20become%20in%20px--%3E%5C%5Cn%20%20%20%20%20%20%20%20%3Ctd%20id%3D%5C%5C%5C%22textboxWrapper%5C%5C%5C%22%20width%3D%5C%5C%5C%22100%25%5C%5C%5C%22%20style%3D%5C%5C%5C%
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\ejpbbhjlbipncjklfjjaedaieimbmdda\Repository]
"ConduitUserID"="UN66070635872893047"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\ejpbbhjlbipncjklfjjaedaieimbmdda\Repository]
"CT3220468.http___facebook_conduitapps_com.APP_WIN_FEATURES"="aHNjcm9sbCUzRDAlMkN2c2Nyb2xsJTNEMCUyQ29wZW5wb3NpdGlvbiUzRGFsaWdubWVudCUzQSUy
OEIlM0JMJTI5JTJDc2F2ZWxvY2F0aW9uJTNEMCUyQyUyMHNhdmVyZXNpemVkc2l6ZSUzRDAlMkNj
bG9zZW9uZXh0ZXJuYWxjbGljayUzRDAlMkN0aXRsZWJhciUzRDElMkNjbG9zZWJ1dHRvbiUzRDEl
MkNyZXNpemFibGUlM0RubwA="
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\ejpbbhjlbipncjklfjjaedaieimbmdda\Repository]
"gadgetsContextHash_e5311156-ae6e-456b-8566-aa89efbde1d4___ejpbbhjlbipncjklfjjaedaieimbmdda"="%7B%22appId%22%3A%221000515%22%2C%22viewId%22%3A%220.37188626429997385%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2223.0.1271.97%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3220468%22%2C%22name%22%3A%22uTorrentControl_v2%22%2C%22icon%22%3A%22chrome-extension%3A//ejpbbhjlbipncjklfjjaedaieimbmdda/toolbarImages/http___storage_conduit_com_53_307_CT3072253_Images_634520779497696087.png%22%2C%22downloadUrl%22%3A%22http%3A//uTorrentControlv2.OurToolbar.com/%22%2C%22version%22%3A%2210.13.20.29%22%2C%22cID%22%3A%22ejpbbhjlbipncjklfjjaedaieimbmdda/%22%2C%22locale%22%3A%22en%22%7D%2C%22app%22%3A%
[HKEY_CURRENT_USER\Software\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Community Alerts]
"Path"="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_USERS\S-1-5-21-278811305-3920256780-2860793559-1000\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\S-1-5-21-278811305-3920256780-2860793559-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\bejbohlohkkgompgecdcbbglkpjfjgdj\Repository]
"ConduitUserID"="UN97654701862484229"
[HKEY_USERS\S-1-5-21-278811305-3920256780-2860793559-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\bejbohlohkkgompgecdcbbglkpjfjgdj\Repository]
"gadgetsContextHash_129295695672325903___bejbohlohkkgompgecdcbbglkpjfjgdj"="%7B%22appId%22%3A%22129295695672325903%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2223.0.1271.97%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT2786678%22%2C%22name%22%3A%22uTorrentBar%22%2C%22downloadUrl%22%3A%22http%3A//uTorrentBar.OurToolbar.com/%22%2C%22version%22%3A%2210.13.20.29%22%2C%22cID%22%3A%22bejbohlohkkgompgecdcbbglkpjfjgdj%22%7D%2C%22appId%22%3A%22129295695672325903%22%2C%22
[HKEY_USERS\S-1-5-21-278811305-3920256780-2860793559-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\bejbohlohkkgompgecdcbbglkpjfjgdj\Repository]
"CT2786678.embeddedsData"="%5B%7B%22appId%22%3A%22129295695672325903%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22onBeforeLoadData%22%3A%22%7B%5C%22view%5C%22%3A%7B%5C%22html%5C%22%3A%5C%22%3Ctable%20id%3D%5C%5C%5C%22main%5C%5C%5C%22%20class%3D%5C%5C%5C%22mainwrapper%5C%5C%5C%22%20cellpadding%3D%5C%5C%5C%220%5C%5C%5C%22%20cellspacing%3D%5C%5C%5C%220%5C%5C%5C%22%3E%5C%5Cn%20%20%20%20%3Ctbody%3E%3Ctr%3E%5C%5Cn%20%20%20%20%20%20%20%20%3C%21--%20don%27t%20remove%20the%20width%3D%5C%5C%5C%22100%25%5C%5C%5C%22%20bug%20in%20chrome%20the%20width%20become%20in%20px--%3E%5C%5Cn%20%20%20%20%20%20%20%20%3Ctd%20id%3D%5C%5C%5C%22textboxWrapper%5C%5C%5C%22%20width%3D%5C%5C%5C%22
[HKEY_USERS\S-1-5-21-278811305-3920256780-2860793559-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\bejbohlohkkgompgecdcbbglkpjfjgdj\Repository]
"CT2786678.1000234.weatherData"="%7B%22icon%22%3A%2229.png%22%2C%22temperature%22%3A%2211%B0C%22%2C%22temperatureClear%22%3A%2211%B0C%22%2C%22highTemperature%22%3A%2211%B0C%22%2C%22lowTemperature%22%3A%229%B0C%22%2C%22feelsLike%22%3A%2211%B0C%22%2C%22condition%22%3A%22Partly%20Cloudy%22%2C%22tUnit%22%3A%22c%22%2C%22cityName%22%3A%22London%2C%20United%20Kingdom%22%2C%22lastUpdated%22%3A%2212/30/12%2010%3A20%20PM%20Local%20Time%22%2C%22humidity%22%3A%2276%25%22%2C%22visibility%22%3A%226%20mi%22%2C%22pressure%22%3A%221010.8%20mb%22%2C%22pressureDescription%22%3A%22steady%22%2C%22windFrom%22%3A%22SW%22%2C%22windSpeed%22%3A%2220%20mph%22%2C%22hasCurrentCondition%22%3Atrue%2C%22night%22%3Atrue%2C%22severaAlertsCount%22%3A0%2C%22loaded%22%3Atrue%2C%22day1%22%3A%7B%22icon%22%3A%2212.png%22%2C%22highTemperature%22%3A%2211%B0C%22%2C%22lowTemperature%22%3A%223%B0C%22%
[HKEY_USERS\S-1-5-21-278811305-3920256780-2860793559-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\ejpbbhjlbipncjklfjjaedaieimbmdda\Repository]
"CT3220468.embeddedsData"="%5B%7B%22appId%22%3A%22129813684258939747%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22onBeforeLoadData%22%3A%22%7B%5C%22view%5C%22%3A%7B%5C%22html%5C%22%3A%5C%22%3Ctable%20id%3D%5C%5C%5C%22main%5C%5C%5C%22%20class%3D%5C%5C%5C%22mainwrapper%5C%5C%5C%22%20cellpadding%3D%5C%5C%5C%220%5C%5C%5C%22%20cellspacing%3D%5C%5C%5C%220%5C%5C%5C%22%3E%5C%5Cn%20%20%20%20%3Ctbody%3E%3Ctr%3E%5C%5Cn%20%20%20%20%20%20%20%20%3C%21--%20don%27t%20remove%20the%20width%3D%5C%5C%5C%22100%25%5C%5C%5C%22%20bug%20in%20chrome%20the%20width%20become%20in%20px--%3E%5C%5Cn%20%20%20%20%20%20%20%20%3Ctd%20id%3D%5C%5C%5C%22textboxWrapper%5C%5C%5C%22%20width%3D%5C%5C%5C%22
[HKEY_USERS\S-1-5-21-278811305-3920256780-2860793559-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\ejpbbhjlbipncjklfjjaedaieimbmdda\Repository]
"ConduitUserID"="UN66070635872893047"
[HKEY_USERS\S-1-5-21-278811305-3920256780-2860793559-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\ejpbbhjlbipncjklfjjaedaieimbmdda\Repository]
"CT3220468.http___facebook_conduitapps_com.APP_WIN_FEATURES"="aHNjcm9sbCUzRDAlMkN2c2Nyb2xsJTNEMCUyQ29wZW5wb3NpdGlvbiUzRGFsaWdubWVudCUzQSUy
OEIlM0JMJTI5JTJDc2F2ZWxvY2F0aW9uJTNEMCUyQyUyMHNhdmVyZXNpemVkc2l6ZSUzRDAlMkNj
bG9zZW9uZXh0ZXJuYWxjbGljayUzRDAlMkN0aXRsZWJhciUzRDElMkNjbG9zZWJ1dHRvbiUzRDEl
MkNyZXNpemFibGUlM0RubwA="
[HKEY_USERS\S-1-5-21-278811305-3920256780-2860793559-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\ejpbbhjlbipncjklfjjaedaieimbmdda\Repository]
"gadgetsContextHash_e5311156-ae6e-456b-8566-aa89efbde1d4___ejpbbhjlbipncjklfjjaedaieimbmdda"="%7B%22appId%22%3A%221000515%22%2C%22viewId%22%3A%220.37188626429997385%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2223.0.1271.97%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3220468%22%2C%22name%22%3A%22uTorrentControl_v2%22%2C%22icon%22%3A%22chrome-extension%3A//ejpbbhjlbipncjklfjjaedaieimbmdda/toolbarImages/http___storage_conduit_com_53_307_CT3072253_Images_634520779497696087.png%22%2C%22downloadUrl%22%3A%22http%3A//uTorrentControlv2.OurToolbar.com/%22%2C%22version%22%3A%2210.13.20.29%22%2C%22cID%22%3A%22ejpbbhjlbipncjklfjjaedaieimbmdda/%22%2C%22
[HKEY_USERS\S-1-5-21-278811305-3920256780-2860793559-1000\Software\Conduit]

-= EOF =-
Undinist
Regular Member
 
Posts: 15
Joined: June 6th, 2013, 11:00 am

Re: Slow page loading and Hotmail account hijacked

Unread postby Gary R » June 10th, 2013, 9:56 am

OK, lets get started removing your infection then .....

If you haven't already done so (and your OTL logs suggests you haven't) then ....

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

µTorrent
IObit Malware Fighter
Panda Cloud Antivirus
Google Chrome


Reboot your computer when finished.

We'll re-install Google Chrome once your computer is clean.

Next

  • Double click AdwCleaner.exe to run it.
  • Click Delete.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
SRV - [2013/01/15 19:47:10 | 000,465,216 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
DRV:64bit: - [2013/01/09 21:46:02 | 000,095,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSHttps.sys -- (NNSHTTPS)
DRV:64bit: - [2012/11/28 14:04:05 | 000,232,488 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSStrm.sys -- (NNSSTRM)
DRV:64bit: - [2012/11/28 14:04:04 | 000,069,160 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\NNSPihsw.sys -- (NNSPIHSW)
DRV:64bit: - [2012/11/26 16:49:11 | 000,105,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNStlsc.sys -- (NNSTLSC)
DRV:64bit: - [2012/11/26 16:49:10 | 000,116,776 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPrv.sys -- (NNSPRV)
DRV:64bit: - [2012/11/26 16:49:10 | 000,114,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV:64bit: - [2012/11/26 16:49:09 | 000,306,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSProt.sys -- (NNSPROT)
DRV:64bit: - [2012/11/26 16:49:09 | 000,118,312 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPop3.sys -- (NNSPOP3)
DRV:64bit: - [2012/11/26 16:49:08 | 000,094,248 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSpicc.sys -- (NNSPICC)
DRV:64bit: - [2012/11/26 16:49:07 | 000,114,728 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSHttp.sys -- (NNSHTTP)
DRV:64bit: - [2012/11/26 16:49:07 | 000,114,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSIds.sys -- (NNSIDS)
DRV:64bit: - [2012/11/26 16:49:07 | 000,089,640 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSAlpc.sys -- (NNSALPC)
DRV:64bit: - [2012/11/09 19:01:13 | 000,204,328 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC)
DRV:64bit: - [2012/11/09 19:01:13 | 000,133,160 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt)
DRV:64bit: - [2012/11/09 19:01:13 | 000,123,944 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc)
DRV:64bit: - [2012/11/09 19:01:12 | 000,167,976 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt)
DRV:64bit: - [2012/11/09 19:01:12 | 000,119,848 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile)
DRV:64bit: - [2012/11/07 09:00:05 | 000,058,360 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
DRV:64bit: - [2012/10/22 12:09:23 | 000,033,320 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSNAHSL.sys -- (NNSNAHSL)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN05549634542160109&UM=&q="
[2013/05/16 16:59:37 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\rjpjn0lm.default\extensions\ascsurfingprotection@iobit.com
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[2013/05/16 19:18:02 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\IObit
[2013/06/10 01:07:10 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\uTorrent

:Files
C:\ProgramData\Babylon
C:\Users\All Users\Babylon
C:\Users\Nick\AppData\Local\Babylon
C:\Users\Nick\AppData\Roaming\Babylon
C:\Program Files (x86)\Conduit
C:\Users\Nick\AppData\Local\Conduit
C:\Users\Nick\AppData\LocalLow\Conduit
ipconfig /flushdns /c

:Reg
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-278811305-3920256780-2860793559-1000\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit]
[-HKEY_CURRENT_USER\Software\Conduit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
[-HKEY_USERS\S-1-5-21-278811305-3920256780-2860793559-1000\Software\AppDataLow\Software\Conduit]
[-HKEY_USERS\S-1-5-21-278811305-3920256780-2860793559-1000\Software\Conduit]

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Summary of the logs I need from you in your next post:
  • AdwCleaner[s1].txt
  • OTL fix log
  • Let me know how your computer is behaving now please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Slow page loading and Hotmail account hijacked

Unread postby Undinist » June 10th, 2013, 1:14 pm

# AdwCleaner v2.303 - Logfile created 06/10/2013 at 18:09:49
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Nick - M11X
# Boot Mode : Normal
# Running from : C:\Users\Nick\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Deleted on reboot : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Nick\AppData\Local\Babylon
Folder Deleted : C:\Users\Nick\AppData\Local\Conduit
Folder Deleted : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Folder Deleted : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Deleted : C:\Users\Nick\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Nick\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\rjpjn0lm.default\extensions\software@loadtubes.com

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\rjpjn0lm.default\prefs.js

C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\rjpjn0lm.default\user.js ... Deleted !

Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.machineId", "YGUNOB6ZFUUNVJHFYEJUMGMY4IYNQL/K3K6YHOKZCOVYE8UH49GAU9EYIG9BVHQHWCC[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.3984] : urls_to_restore_on_startup = [ "hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&u[...]

*************************

AdwCleaner[R1].txt - [3443 octets] - [10/06/2013 01:15:48]
AdwCleaner[S1].txt - [3124 octets] - [10/06/2013 18:09:49]

########## EOF - C:\AdwCleaner[S1].txt - [3184 octets] ##########
Undinist
Regular Member
 
Posts: 15
Joined: June 6th, 2013, 11:00 am

Re: Slow page loading and Hotmail account hijacked

Unread postby Undinist » June 10th, 2013, 1:26 pm

All processes killed
========== OTL ==========
Error: No service named AdvancedSystemCareService6 was found to stop!
Service\Driver key AdvancedSystemCareService6 not found.
File C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe not found.
Service NNSHTTPS stopped successfully!
Service NNSHTTPS deleted successfully!
C:\Windows\SysNative\drivers\NNSHttps.sys moved successfully.
Service NNSSTRM stopped successfully!
Service NNSSTRM deleted successfully!
C:\Windows\SysNative\drivers\NNSStrm.sys moved successfully.
Service NNSPIHSW stopped successfully!
Service NNSPIHSW deleted successfully!
C:\Windows\SysNative\drivers\NNSPihsw.sys moved successfully.
Service NNSTLSC stopped successfully!
Service NNSTLSC deleted successfully!
C:\Windows\SysNative\drivers\NNStlsc.sys moved successfully.
Service NNSPRV stopped successfully!
Service NNSPRV deleted successfully!
C:\Windows\SysNative\drivers\NNSPrv.sys moved successfully.
Service NNSSMTP stopped successfully!
Service NNSSMTP deleted successfully!
C:\Windows\SysNative\drivers\NNSSmtp.sys moved successfully.
Service NNSPROT stopped successfully!
Service NNSPROT deleted successfully!
C:\Windows\SysNative\drivers\NNSProt.sys moved successfully.
Service NNSPOP3 stopped successfully!
Service NNSPOP3 deleted successfully!
C:\Windows\SysNative\drivers\NNSPop3.sys moved successfully.
Service NNSPICC stopped successfully!
Service NNSPICC deleted successfully!
C:\Windows\SysNative\drivers\NNSpicc.sys moved successfully.
Service NNSHTTP stopped successfully!
Service NNSHTTP deleted successfully!
C:\Windows\SysNative\drivers\NNSHttp.sys moved successfully.
Service NNSIDS stopped successfully!
Service NNSIDS deleted successfully!
C:\Windows\SysNative\drivers\NNSIds.sys moved successfully.
Service NNSALPC stopped successfully!
Service NNSALPC deleted successfully!
C:\Windows\SysNative\drivers\NNSAlpc.sys moved successfully.
Error: Unable to stop service PSINKNC!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSINKNC deleted successfully.
C:\Windows\SysNative\drivers\PSINKNC.sys moved successfully.
Service PSINProt stopped successfully!
Service PSINProt deleted successfully!
C:\Windows\SysNative\drivers\PSINProt.sys moved successfully.
Service PSINProc stopped successfully!
Service PSINProc deleted successfully!
C:\Windows\SysNative\drivers\PSINProc.sys moved successfully.
Service PSINAflt stopped successfully!
Service PSINAflt deleted successfully!
C:\Windows\SysNative\drivers\PSINAflt.sys moved successfully.
Service PSINFile stopped successfully!
Service PSINFile deleted successfully!
C:\Windows\SysNative\drivers\PSINFile.sys moved successfully.
Service PSKMAD stopped successfully!
Service PSKMAD deleted successfully!
C:\Windows\SysNative\drivers\PSKMAD.sys moved successfully.
Service NNSNAHSL stopped successfully!
Service NNSNAHSL deleted successfully!
C:\Windows\SysNative\drivers\NNSNAHSL.sys moved successfully.
Error: No service named SmartDefragDriver was found to stop!
Service\Driver key SmartDefragDriver not found.
File C:\Windows\SysNative\drivers\SmartDefragDriver.sys not found.
Prefs.js: ascsurfingprotection%40iobit.com:1.0 removed from extensions.enabledAddons
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN05549634542160109&UM=&q=" removed from keyword.URL
Folder C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\rjpjn0lm.default\extensions\ascsurfingprotection@iobit.com\ not found.
C:\Program Files (x86)\GUM9DAD.tmp folder deleted successfully.
C:\Program Files (x86)\GUMC447.tmp folder deleted successfully.
C:\Users\Nick\AppData\Roaming\IObit\Smart Defrag 2 folder moved successfully.
C:\Users\Nick\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\Nick\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\Nick\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.
C:\Users\Nick\AppData\Roaming\IObit\Advanced SystemCare V6\Log folder moved successfully.
C:\Users\Nick\AppData\Roaming\IObit\Advanced SystemCare V6\Internet Booster folder moved successfully.
C:\Users\Nick\AppData\Roaming\IObit\Advanced SystemCare V6\Driver Manager\DriverBackup folder moved successfully.
C:\Users\Nick\AppData\Roaming\IObit\Advanced SystemCare V6\Driver Manager folder moved successfully.
C:\Users\Nick\AppData\Roaming\IObit\Advanced SystemCare V6\Downloader folder moved successfully.
C:\Users\Nick\AppData\Roaming\IObit\Advanced SystemCare V6\DiskCheck folder moved successfully.
C:\Users\Nick\AppData\Roaming\IObit\Advanced SystemCare V6\Boottime folder moved successfully.
C:\Users\Nick\AppData\Roaming\IObit\Advanced SystemCare V6\Backup folder moved successfully.
C:\Users\Nick\AppData\Roaming\IObit\Advanced SystemCare V6 folder moved successfully.
C:\Users\Nick\AppData\Roaming\IObit folder moved successfully.
C:\Users\Nick\AppData\Roaming\uTorrent\share folder moved successfully.
C:\Users\Nick\AppData\Roaming\uTorrent\ie folder moved successfully.
C:\Users\Nick\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Nick\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Nick\AppData\Roaming\uTorrent folder moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\Babylon not found.
File\Folder C:\Users\All Users\Babylon not found.
File\Folder C:\Users\Nick\AppData\Local\Babylon not found.
File\Folder C:\Users\Nick\AppData\Roaming\Babylon not found.
File\Folder C:\Program Files (x86)\Conduit not found.
File\Folder C:\Users\Nick\AppData\Local\Conduit not found.
File\Folder C:\Users\Nick\AppData\LocalLow\Conduit not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Nick\Downloads\cmd.bat deleted successfully.
C:\Users\Nick\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-278811305-3920256780-2860793559-1000\Software\Trolltech\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ not found.
Registry key HKEY_CURRENT_USER\Software\Conduit\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\ not found.
Registry key HKEY_USERS\S-1-5-21-278811305-3920256780-2860793559-1000\Software\AppDataLow\Software\Conduit\ not found.
Registry key HKEY_USERS\S-1-5-21-278811305-3920256780-2860793559-1000\Software\Conduit\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nick
->Temp folder emptied: 251524550 bytes
->Temporary Internet Files folder emptied: 177643545 bytes
->Java cache emptied: 1300514 bytes
->FireFox cache emptied: 139680291 bytes
->Google Chrome cache emptied: 433924288 bytes
->Flash cache emptied: 2238 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39020567 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1456197 bytes
RecycleBin emptied: 223568732 bytes

Total Files Cleaned = 1,209.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 06102013_181622

Files\Folders moved on Reboot...
C:\Users\Nick\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Nick\AppData\Local\Temp\JavaDeployReg.log moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NRLQLIVX\google_co_uk[2].htm moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CTMPEB3Y\viewtopic[2].htm moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4HFILY2N\DroidSans[1].woff moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Undinist
Regular Member
 
Posts: 15
Joined: June 6th, 2013, 11:00 am

Re: Slow page loading and Hotmail account hijacked

Unread postby Undinist » June 10th, 2013, 1:46 pm

Wow, this thing is FLYING now - can't remember when it's ever been this quick. Thank you! What problems did you find? And why haven't my AV programs been finding them?

Is it possible to use uTorrent safely?
Undinist
Regular Member
 
Posts: 15
Joined: June 6th, 2013, 11:00 am

Re: Slow page loading and Hotmail account hijacked

Unread postby Gary R » June 10th, 2013, 5:27 pm

The infection you had was one of the "bandoo media" toolbars, which usually come bundled with other software, and don't necessarily advertise that fact when you install it.

The reason many AVs do not flag or remove it is because for some reason they classify it as legitimate. Quite why they do that is beyond me, since IMO any software that cannot be simply uninstalled, cannot be legitimate.

Before I give your machine the all clear, and tell you how to safely remove all the programs we've been using to clean your computer, I'd like you to run an online AV scan for me, so that we can be sure that there's nothing else on your machine that I might of missed.

The scan is very thorough, but it will take quite a while to run.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware