Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Intermittent internet problems: pages not loading, connections timing


  • This topic is locked This topic is locked

#1
Fidgetcat

Fidgetcat

    Member

  • Member
  • PipPip
  • 10 posts

Hello, I've been having connection problems on this laptop for some time now. I think they were transferred from my desktop, which has been having similar symptoms as well.

 

Basically, even if ping shows that my connection is completely stable, I sometimes have trouble connecting to... things in general. Webpages need to be refreshed many times before they load, I get repeated failures before I can log into online games, connection times out/can't resolve host name when trying to connect to my MU*s, etc. It's very distressing now because I need to access a VPN server in Japan, but cannot do so because I fall off the network as soon as I am able to connect (IF I am able to, anyway). Obviously, other computers on the network (that are not my desktop) are fine.

 

I really haven't done this sort of thing before, so I'm not sure what info to give. I'm running on a 64-bit setup Windows 7. I use programs like Microsoft's Security Essentials, Malwarebytes, and Spybot to clean my PC, and they don't find anything. I remember doing a few registry tweaks before, but I've since restored to backups. No changes. I'm directly connected to a fairly new router; no wi-fi for me.

 

OTL logfile created on: 5/28/2014 8:01:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lenovo\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy
 
7.95 Gb Total Physical Memory | 5.05 Gb Available Physical Memory | 63.58% Memory free
15.89 Gb Paging File | 12.88 Gb Available in Paging File | 81.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654.20 Gb Total Space | 34.30 Gb Free Space | 5.24% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 12.85 Gb Free Space | 44.33% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: SUMA-TERMINAL | User Name: Lenovo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/28 20:00:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lenovo\Downloads\OTL.exe
PRC - [2014/02/05 17:32:47 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/02/05 17:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/07/10 19:54:32 | 000,049,456 | ---- | M] () -- C:\Users\Lenovo\Desktop\GARNA MSNGR\ggdllhost.exe
PRC - [2012/10/09 07:15:51 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Pen\WacomHost.exe
PRC - [2012/09/14 19:14:54 | 001,771,008 | ---- | M] (Peter Pawlowski) -- C:\Program Files (x86)\foobar2000\foobar2000.exe
PRC - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012/03/03 11:27:17 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2011/02/05 05:30:44 | 003,067,904 | ---- | M] (Gammon Software Solutions) -- C:\Program Files (x86)\MUSHclient\MUSHclient.exe
PRC - [2011/01/29 07:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2011/01/13 02:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/13 02:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/12/21 10:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/21 10:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/25 07:46:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e90dee4f938f7223c05de89a3221b760\System.Runtime.Remoting.ni.dll
MOD - [2014/03/04 22:35:23 | 000,014,280 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2013/08/23 17:10:18 | 000,553,776 | ---- | M] () -- C:\Users\Lenovo\Desktop\GARNA MSNGR\ggspawn.dll
MOD - [2013/07/10 19:54:32 | 000,049,456 | ---- | M] () -- C:\Users\Lenovo\Desktop\GARNA MSNGR\ggdllhost.exe
MOD - [2013/05/12 02:10:14 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll
MOD - [2013/05/12 02:10:14 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll
MOD - [2013/05/12 02:07:37 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/05/12 02:07:32 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/05/12 02:07:22 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/05/12 02:07:18 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\958c2f1db4810a818845f216cbd08d24\System.Xml.ni.dll
MOD - [2013/05/12 02:07:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/05/12 02:07:15 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/05/12 02:07:11 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/09/14 19:13:32 | 001,632,256 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_input_std.dll
MOD - [2012/09/14 19:13:32 | 000,359,936 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll
MOD - [2012/09/14 19:13:28 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll
MOD - [2012/09/14 19:13:10 | 000,915,968 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll
MOD - [2012/09/14 19:13:08 | 000,303,616 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_cdda.dll
MOD - [2012/09/14 19:12:50 | 000,287,744 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll
MOD - [2012/09/14 19:12:44 | 000,491,008 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_converter.dll
MOD - [2012/09/14 19:11:24 | 000,150,016 | ---- | M] () -- C:\Program Files (x86)\foobar2000\shared.dll
MOD - [2012/03/03 11:27:17 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2011/02/17 01:53:14 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2011/02/17 01:51:10 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
MOD - [2010/10/04 06:04:40 | 000,199,310 | ---- | M] () -- C:\Program Files (x86)\MUSHclient\lua5.1.dll
MOD - [2010/04/21 20:48:00 | 000,066,560 | ---- | M] () -- C:\Program Files (x86)\foobar2000\zlib1.dll
MOD - [2009/01/26 11:17:08 | 000,483,328 | ---- | M] () -- C:\Program Files (x86)\MUSHclient\locale\en.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/05/28 18:03:25 | 004,322,872 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) [Auto | Running] -- C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe -- (SEVPNCLIENT)
SRV:64bit: - [2014/01/14 00:24:13 | 000,627,992 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/11/07 23:37:40 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012/05/30 13:11:34 | 000,149,544 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2011/05/13 00:01:46 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/04/09 04:25:36 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/03/13 17:08:37 | 000,381,952 | ---- | M] (Scarlet.Crush Productions) [Auto | Stopped] -- C:\Users\Lenovo\Downloads\ScpServer\bin\ScpService.exe -- (Ds3Service)
SRV - [2014/03/05 19:29:48 | 000,099,616 | ---- | M] (Overwolf LTD) [On_Demand | Stopped] -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -- (OverwolfUpdaterService)
SRV - [2014/02/28 15:23:54 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2014/02/05 17:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/01/22 16:04:00 | 005,267,776 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013/10/04 23:58:24 | 000,087,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe -- (VsEtwService120)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/07/10 09:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/13 09:27:56 | 000,523,632 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012/10/12 08:47:38 | 000,078,072 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2012/10/12 08:38:28 | 000,413,040 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012/10/12 08:37:42 | 000,389,488 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2011/09/14 12:47:22 | 000,270,672 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Sun Broadband\AssistantServices.exe -- (UI Assistant Service)
SRV - [2011/01/13 02:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/21 10:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/21 10:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/16 21:38:16 | 000,339,456 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010/03/12 15:43:38 | 000,241,808 | ---- | M] (Paltiosoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\SoftDenchi\UCManSvc.exe -- (UCManSvc)
SRV - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/28 18:04:47 | 000,028,768 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Neo_0023.sys -- (Neo_VPN)
DRV:64bit: - [2014/03/26 10:05:30 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2014/03/20 08:40:46 | 005,363,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2014/03/04 22:35:23 | 000,033,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013/11/12 08:16:03 | 000,090,424 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2013/11/12 08:16:03 | 000,015,160 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2013/11/12 08:16:02 | 000,014,136 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2013/05/19 15:02:50 | 000,039,168 | ---- | M] (Scarlet.Crush Productions) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScpVBus.sys -- (ScpVBus)
DRV:64bit: - [2013/05/05 11:24:05 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/07/25 04:11:54 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/05/30 13:10:50 | 000,016,168 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2012/04/24 00:37:11 | 000,503,352 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/03/03 11:37:21 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012/03/03 11:37:18 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012/03/03 11:35:00 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2012/03/03 11:35:00 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2012/03/03 11:25:04 | 000,015,456 | ---- | M] (Ensurebit Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\winioex.sys -- (winioex)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/28 19:23:56 | 000,398,896 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/05/13 08:01:34 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/05/10 04:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011/03/26 10:37:12 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/13 01:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/12/13 11:31:00 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/19 10:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/11/19 10:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/06 01:03:08 | 002,637,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/10/20 08:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/08/28 01:43:14 | 000,032,088 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcam_lo.sys -- (JmUsbVideo2)
DRV:64bit: - [2010/08/27 22:01:48 | 000,057,816 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcam.sys -- (JmUsbVideo)
DRV:64bit: - [2010/08/12 14:03:28 | 000,748,648 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192cu.sys -- (RTL8192cu)
DRV:64bit: - [2010/07/21 18:28:50 | 000,017,880 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmccgp.sys -- (JmUsbCcgp)
DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/21 22:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/05/02 00:32:20 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxytaft.csb.edu:80
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.reddit.com/r/Guildwars2"
FF - prefs.js..network.proxy.backup.ftp: "proxytaft.csb.edu"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.socks: "proxytaft.csb.edu"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "proxytaft.csb.edu"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "proxytaft.csb.edu"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "proxytaft.csb.edu"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxytaft.csb.edu"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "proxytaft.csb.edu"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@raidcall.com/RCplugin: C:\Users\Lenovo\AppData\LocalLow\raidcall\plugins\webplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Lenovo\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Users\Lenovo\Desktop\GARNA MSNGR\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\BYOND: C:\Program Files (x86)\BYOND\bin\npbyond.dll (BYOND)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lenovo\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lenovo\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Lenovo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/01 18:15:26 | 000,000,000 | ---D | M]
 
[2012/04/25 00:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lenovo\AppData\Roaming\mozilla\Extensions
[2014/03/08 20:31:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lenovo\AppData\Roaming\mozilla\Firefox\Profiles\nsh02ucg.default\extensions
[2014/05/01 18:15:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/01 18:15:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/07/09 05:07:06 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/05/26 05:15:53 | 001,021,103 | R--- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1  localhost
O1 - Hosts: ::1  localhost #[IPv6]
O1 - Hosts: 127.0.0.1  fr.a2dfp.net
O1 - Hosts: 127.0.0.1  m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1  ad.a8.net
O1 - Hosts: 127.0.0.1  asy.a8ww.net
O1 - Hosts: 127.0.0.1  abcstats.com
O1 - Hosts: 127.0.0.1  a.abv.bg
O1 - Hosts: 127.0.0.1  adserver.abv.bg
O1 - Hosts: 127.0.0.1  adv.abv.bg
O1 - Hosts: 127.0.0.1  bimg.abv.bg
O1 - Hosts: 127.0.0.1  ca.abv.bg
O1 - Hosts: 127.0.0.1  www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1  track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1  accuserveadsystem.com
O1 - Hosts: 127.0.0.1  www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1  achmedia.com
O1 - Hosts: 127.0.0.1  csh.actiondesk.com
O1 - Hosts: 127.0.0.1  www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1  ads.activepower.net
O1 - Hosts: 127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1  cms.ad2click.nl
O1 - Hosts: 127.0.0.1  ad2games.com
O1 - Hosts: 127.0.0.1  ads.ad2games.com
O1 - Hosts: 127.0.0.1  content.ad20.net
O1 - Hosts: 30959 more lines...
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Lenovo\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SoftEther VPN Client UI Helper] C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [cdloader] C:\Users\Lenovo\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [FlashGet 3] C:\Program Files (x86)\FlashGet Network\FlashGet 3\Flashget3.exe (Trend Media Corporation Limited)
O4 - HKCU..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe (Overwolf LTD)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.6.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm ()
O8:64bit: - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5663417-E8C4-444F-81A8-F1C3FC23F872}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/04/15 22:41:22 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013/04/15 22:41:22 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/28 18:04:47 | 000,028,768 | ---- | C] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\Windows\SysNative\drivers\Neo_0023.sys
[2014/05/28 18:03:43 | 000,135,736 | ---- | C] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\Windows\SysNative\vpncmd.exe
[2014/05/28 18:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
[2014/05/28 18:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\SoftEther VPN Client
[2014/05/26 23:44:34 | 005,267,776 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2014/05/26 23:44:27 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2014/05/26 21:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHANTASYSTARONLINE2
[2014/05/26 20:17:35 | 000,000,000 | ---D | C] -- C:\Twikka
[2014/05/26 19:12:47 | 000,000,000 | ---D | C] -- C:\Users\Lenovo\Documents\SEGA
[2014/05/26 19:12:47 | 000,000,000 | ---D | C] -- C:\PHANTASYSTARONLINE2
[2014/05/26 06:16:06 | 000,000,000 | ---D | C] -- C:\Users\Lenovo\Documents\New Unity Project
[2014/05/26 05:38:49 | 000,000,000 | ---D | C] -- C:\Users\Lenovo\AppData\Roaming\Unity
[2014/05/25 22:22:42 | 000,000,000 | ---D | C] -- C:\Users\Lenovo\AppData\Roaming\Apple Computer
[2014/05/25 22:22:42 | 000,000,000 | ---D | C] -- C:\Users\Lenovo\AppData\Local\Apple Computer
[2014/05/25 22:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Unity
[2014/05/25 22:20:33 | 000,000,000 | ---D | C] -- C:\Users\Lenovo\AppData\Local\Unity
[2014/05/25 22:18:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Unity Projects
[2014/05/25 22:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
[2014/05/25 22:11:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unity
[2014/05/09 14:37:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
[2014/05/09 14:37:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
[2014/05/09 04:19:39 | 000,020,992 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2014/05/09 04:19:39 | 000,017,920 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2014/05/09 03:34:00 | 000,000,000 | ---D | C] -- C:\temp
[2014/05/09 03:31:57 | 000,000,000 | ---D | C] -- C:\drivers
[2014/05/08 03:19:49 | 000,000,000 | ---D | C] -- C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Playtrickster
[2014/05/08 03:19:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Playtrickster
[2014/05/08 03:08:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Playtrickster
[2014/05/02 00:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/05/02 00:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/05/02 00:32:20 | 000,021,712 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2014/05/02 00:32:20 | 000,000,000 | ---D | C] -- C:\Users\Lenovo\AppData\Local\eSupport.com
[2014/05/02 00:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
[2014/05/02 00:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eSupport.com
[2014/05/01 18:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/01 09:28:24 | 000,000,000 | ---D | C] -- C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2014/05/01 09:28:24 | 000,000,000 | ---D | C] -- C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2014/04/30 21:46:10 | 000,000,000 | ---D | C] -- C:\Users\Lenovo\AppData\Roaming\NVIDIA
[3 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Lenovo\Documents\*.tmp files -> C:\Users\Lenovo\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/28 19:24:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/28 18:54:38 | 000,030,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/28 18:54:38 | 000,030,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/28 18:47:48 | 000,000,380 | ---- | M] () -- C:\Windows\SysWow64\secustat.dat
[2014/05/28 18:46:30 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/28 18:45:50 | 000,082,550 | ---- | M] () -- C:\Windows\SysNative\fastboot.set
[2014/05/28 18:44:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/28 18:44:25 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/28 18:04:47 | 000,028,768 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\Windows\SysNative\drivers\Neo_0023.sys
[2014/05/28 18:03:43 | 000,135,736 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\Windows\SysNative\vpncmd.exe
[2014/05/28 18:03:39 | 000,001,999 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk
[2014/05/28 18:03:39 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\SoftEther VPN Client Manager.lnk
[2014/05/27 17:30:20 | 000,830,126 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/27 17:30:20 | 000,700,088 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/27 17:30:20 | 000,139,674 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/26 05:15:53 | 001,021,103 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[2014/05/25 22:18:22 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Unity.lnk
[2014/05/25 21:57:55 | 000,001,184 | ---- | M] () -- C:\Windows\SysWow64\secushr.dat
[2014/05/24 13:28:11 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/19 20:44:31 | 006,656,128 | ---- | M] () -- C:\Users\Lenovo\Documents\Anatadakenomono.mp3
[2014/05/17 23:13:02 | 007,125,543 | ---- | M] () -- C:\Users\Lenovo\Documents\CoC_0.8.4.13.swf
[2014/05/16 06:23:17 | 000,018,497 | ---- | M] () -- C:\Users\Lenovo\Documents\Odest_ability_eclipse_10.mp3
[2014/05/16 06:22:35 | 000,020,378 | ---- | M] () -- C:\Users\Lenovo\Documents\Odest_attack_02.mp3
[2014/05/16 06:22:14 | 000,021,423 | ---- | M] () -- C:\Users\Lenovo\Documents\Odest_attack_04.mp3
[2014/05/09 15:55:03 | 000,001,180 | ---- | M] () -- C:\Users\Public\Desktop\WildStar.lnk
[2014/05/09 14:38:27 | 000,018,216 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2014/05/08 03:19:49 | 000,001,030 | ---- | M] () -- C:\Users\Lenovo\Desktop\Playtrickster.lnk
[2014/05/02 00:32:20 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2014/05/02 00:32:19 | 000,001,290 | ---- | M] () -- C:\Users\Public\Desktop\Find Drivers with DriverAgent.lnk
[2014/05/01 09:28:24 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Express Burn.lnk
[3 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Lenovo\Documents\*.tmp files -> C:\Users\Lenovo\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/28 18:03:39 | 000,001,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk
[2014/05/28 18:03:39 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\SoftEther VPN Client Manager.lnk
[2014/05/26 23:44:27 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2014/05/26 05:12:28 | 001,021,230 | R--- | C] () -- C:\Windows\SysWow64\drivers\HOSTS
[2014/05/25 22:18:22 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Unity.lnk
[2014/05/19 20:43:53 | 006,656,128 | ---- | C] () -- C:\Users\Lenovo\Documents\Anatadakenomono.mp3
[2014/05/17 23:12:06 | 007,125,543 | ---- | C] () -- C:\Users\Lenovo\Documents\CoC_0.8.4.13.swf
[2014/05/16 06:23:17 | 000,018,497 | ---- | C] () -- C:\Users\Lenovo\Documents\Odest_ability_eclipse_10.mp3
[2014/05/16 06:22:34 | 000,020,378 | ---- | C] () -- C:\Users\Lenovo\Documents\Odest_attack_02.mp3
[2014/05/16 06:22:07 | 000,021,423 | ---- | C] () -- C:\Users\Lenovo\Documents\Odest_attack_04.mp3
[2014/05/08 03:19:49 | 000,001,030 | ---- | C] () -- C:\Users\Lenovo\Desktop\Playtrickster.lnk
[2014/05/02 00:32:19 | 000,001,290 | ---- | C] () -- C:\Users\Public\Desktop\Find Drivers with DriverAgent.lnk
[2014/05/01 09:28:24 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
[2014/05/01 09:28:24 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Express Burn.lnk
[2014/04/09 19:55:31 | 001,231,427 | ---- | C] () -- C:\Users\Lenovo\hassleGLUT.zip
[2014/03/20 08:40:40 | 000,078,848 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/03/20 08:34:54 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2014/03/20 08:34:54 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2014/02/20 18:14:02 | 000,179,377 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2013/12/02 20:52:34 | 000,001,184 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2013/11/30 19:06:51 | 000,000,380 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2013/11/30 17:42:37 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2013/09/09 02:28:16 | 006,997,041 | ---- | C] () -- C:\Program Files (x86)\MUSHclient.rar
[2013/07/18 20:36:56 | 000,007,489 | ---- | C] () -- C:\Users\Lenovo\AppData\Local\recently-used.xbel
[2013/05/26 03:03:56 | 000,004,608 | ---- | C] () -- C:\Users\Lenovo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/23 13:02:06 | 000,007,605 | ---- | C] () -- C:\Users\Lenovo\AppData\Local\Resmon.ResmonCfg
[2013/04/16 01:32:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/16 01:32:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/16 01:32:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/16 01:32:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/16 01:32:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/15 15:47:30 | 000,814,436 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/15 15:39:14 | 000,000,034 | ---- | C] () -- C:\Windows\AvastEmUpdate.ini
[2013/04/14 15:03:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012/11/20 20:07:26 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/11/20 20:07:26 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/07/03 04:11:02 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\theowl.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 13:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/09/18 06:57:01 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\.purple
[2013/04/15 15:00:39 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\AlarmClock
[2013/05/10 13:56:58 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\AtomZombieData
[2014/03/26 01:27:34 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\Awesomium
[2014/03/29 05:12:33 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\Battle.net
[2013/04/15 15:00:40 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\BitComet
[2014/05/28 18:47:48 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\BITS
[2014/04/10 07:49:10 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\Bleank
[2013/08/16 21:43:59 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\Carbon
[2013/12/19 21:12:18 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\DAEMON Tools Lite
[2014/04/25 17:05:13 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\DarkSoulsII
[2014/02/13 09:17:57 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\Dev-Cpp
[2013/11/13 22:00:11 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\DMCache
[2013/11/30 17:48:09 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\DVDVideoSoft
[2013/04/15 15:00:40 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\EasyCapture
[2013/07/18 21:58:16 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\Emerge Desktop
[2013/04/15 15:00:40 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\Fatshark
[2013/04/15 15:00:45 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\Firestorm
[2013/12/06 17:58:40 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\FlashGet
[2013/11/30 17:41:43 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\FlashGetBHO
[2013/11/30 17:41:48 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\FlashgetSetup
[2013/01/27 14:33:07 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\fltk.org
[2014/05/28 18:49:01 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\foobar2000
[2013/04/15 15:00:45 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\FreeFLVConverter
[2013/11/26 06:36:20 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\GameMaker-Studio
[2013/04/15 15:00:45 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\Garena
[2014/05/23 23:05:38 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\GarenaPlus
[2013/04/16 00:12:27 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\GetRightToGo
[2013/07/16 22:41:36 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\gtk-2.0
[2014/05/11 04:14:24 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\Guild Wars 2
[2013/04/15 15:00:52 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\LolClient
[2013/04/15 15:00:52 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\LolClient2
[2013/12/04 18:54:20 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\LoneSurvivor
[2013/04/15 15:00:52 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\Magic Set Editor
[2013/10/06 21:22:00 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\Mirillis
[2014/03/18 03:14:41 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\mjusbsp
[2014/04/24 15:50:44 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\NCSOFT
[2013/12/20 09:53:28 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\NitroplusCHiRAL
[2014/03/30 19:58:13 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\NuGet
[2013/07/20 02:17:05 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\OBS
[2014/04/10 19:41:06 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\QtProject
[2013/04/15 15:01:00 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\raidcall
[2013/10/12 03:57:19 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\runic games
[2013/04/15 15:01:00 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\ScummVM
[2013/04/15 15:01:06 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\SecondLife
[2014/04/17 10:36:53 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\SoftGrid Client
[2013/04/15 15:01:10 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\TeamViewer
[2013/04/15 15:01:11 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\TeraCopy
[2013/04/15 15:01:11 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\The Windows Club
[2013/08/18 03:38:33 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\TP
[2014/05/21 15:50:45 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\TS3Client
[2013/11/02 02:16:17 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\Ubisoft
[2014/05/26 06:16:14 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\Unity
[2014/05/26 21:15:33 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\uTorrent
[2013/04/15 15:01:12 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\VideoEditor
[2013/07/19 14:31:46 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\VistaStyleBuilder
[2013/04/15 15:01:12 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\Wargaming.net
[2013/04/15 15:01:12 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\Waterfox Limited
[2013/11/02 02:16:23 | 000,000,000 | -HSD | M] -- C:\Users\Lenovo\AppData\Roaming\wyUpdate AU
[2013/04/15 15:01:12 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\xim
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/04/15 15:08:30 | 000,000,000 | ---D | M](C:\Users\Lenovo\Documents\????) -- C:\Users\Lenovo\Documents\마비노기
[2013/01/12 07:30:47 | 000,000,000 | ---D | C](C:\Users\Lenovo\Documents\????) -- C:\Users\Lenovo\Documents\마비노기
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ソフト電池

< End of report >
 


Edited by Fidgetcat, 28 May 2014 - 09:30 AM.

  • 0

Advertisements


#2
Fidgetcat

Fidgetcat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

I can see why this is getting no replies in the malware section... I keep on running this PC through virus scans, boot from CD environment and not, and I get nothing. I've even tried rootkit scans.


  • 0

#3
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi Fidgetcat

If you still need help ~  I'm 23red, and it'll be my pleasure to assist you with your problem.   As we proceed, I'd be grateful if you would note the following:

 

•  Please make sure to carefully read every post completely before doing anything.
 
•  If you're not sure, or if something unexpected happens do not continue! Stop and ask!  It is not a problem.
 
•  Please do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.
 
•  Please stick with me until all malware is gone from your system.  Malware removal is not an instant process, just because you no longer see any symptoms it does not necessarily mean your system is completely clear.

 

•  Please copy/paste to Notepad and save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.

 

Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.

 

•  As I am currently in training, I will be helping you under the supervision of our Expert Teachers.   As such, there will likely be a delay between posts.   I do my best to respond as quick as I can.  I, like everyone else here am also a volunteer and sometimes life keeps me busy  ;)

 

•  Thank you for your understanding and I appreciate your patience.

 

Please allow some time to go through the log you posted.  I'll post back as soon as possible. 

In the mean time, may you please post the contents of the extras.txt generated when OTL was run.  It should be located at C:\Users\Lenovo\Downloads.
While you are in C:\Users\Lenovo\Downloads may you please cut and then paste OTL onto your desktop ~ it runs best from there. 

 

Mahalo :)


  • 0

#4
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi fidgetcat :)

 

Ok, here we go:

 

First Step

 

P2P Warning

 

It's my duty to advise you of potential vulnerabilities ~ Going over your logs I noticed that you have µTorrent and BitComet installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

 

1.  One should really do their best to avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

2.  They are a security risk which can make your computer susceptible to malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

3.  Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

4.  The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, bit torrent ~ however that choice is up to you. If you choose to remove the program, you can do so via Start ~> Control Panel ~> Programs and Features.

if you do not choose to uninstall, please refrain from using them until we are finished here.

 

Step 2

 

OTL Fix

 

Please right click on xotlicon_png_pagespeed_ic_fh_U5UM1EN.jpg  On your Desktop, choose Run as Administrator, accept UAC prompts.

 

Under OTLcustomscansboxtitle.jpg
 in the textbox at the bottom, please paste in the following text:

 

 

 

 

 

 

:Commands
[CREATERESTOREPOINT]
SRV - [2012/10/13 09:27:56 | 000,523,632 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012/10/12 08:47:38 | 000,078,072 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2012/10/12 08:38:28 | 000,413,040 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012/10/12 08:37:42 | 000,389,488 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4 - Startup: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.6.lnk =  File not found
:Files
netsh advfirewall reset /c
netsh advfirewall set allprofiles state ON /c
ipconfig /flushdns /c
:Commands
[resethosts]
[emptytemp]

 

 

 

•  Push the runfixbutton.jpg  button.

•  OTL may ask to reboot the machine. Please do so if asked. 

•  If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

•  Copy and Paste that report in your next reply, please.

 


  • 0

#5
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi,

Do you still need help?

:)
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP