Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ctfile.rfc [Solved]


  • This topic is locked This topic is locked

#1
Lauren32

Lauren32

    New Member

  • Member
  • Pip
  • 8 posts
I have found a hidden file on my computer. It is called ctfile.rfc. I am not having any problems. Is this file OK or should I remove it?
  • 0

Advertisements


#2
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi Lauren32,

Welcome to Geeks to Go! :)

It is my pleasure to help you find the answer to your question. I see that you have posted this same question on other forums such as here and here. Posting the same question on multiple forums does take time away from others who need our help as well and I see that Le Boule has answered your post on the MS Community forum and it wouldn't hurt to follow through with the instructions provided though I did find that the file is not of the malicious nature as displayed at VirScan.org nor was found to be malicious in any way on Virus Total. Following is a description of what that file is and what it's purpose is:

ctfile.rfc

Donna :)
  • 0

#3
Lauren32

Lauren32

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hallo Donna. Many thanks for your helpful reply and I note your advice not to send same question to other sites. Having found out more about this ctfile.rft I have another problem. I recently had my computer repaired and the repairman set the internet to work network. I have changed it to public network but I still have to change it to work network to get the updates for the antivirus programme he put on. My concern is that via this ctfile he put on he will be able to access the passwords on my computer. Do you think this is possible? Thanks from Lauren
  • 0

#4
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi Lauren,

You're very welcome! :)

Since I am still in training, from here on out, I will have to run my thoughts past my instructor before I can post them to you which may delay my responses just a tad. This is an advantage for you though since you'll have two pairs of eyes looking out for your best interests.

My concern is that via this ctfile he put on he will be able to access the passwords on my computer. Do you think this is possible?


That could be a possibility if the paid version is installed which includes online automatic synchronization and the service tech has created the acct for which he has access to all the account information when the online account was set up for you. If you did not install this software you have every right to uninstall it!

Following is an excellent comparison chart of the three versions that are available for download:

Roboform

You can also click on the circled arrows to the right under How it works in the left pane in the link I provided to learn more about the software, if you would like.

You mentioned above that the tech also installed an antivirus program. To make this easier, I'm going to ask you to provide the following logs so we can get a better idea of what were are dealing with.

Please download OTL to your Desktop
  • Double click on the Posted Image to run it on XP. On Vista/Win7 and above, Right click and choose Run as administrator.
  • Make sure all other windows are closed and allow it to run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic
  • OTL.txt <-- Will be opened, maximized
  • Extras.txt <-- Will be minimized on task bar.
Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Donna :)
  • 0

#5
Lauren32

Lauren32

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hallo Donna. I am having a problem sending info as I keep getting HTTP403 forbidden. I will try sending it as attachments. My history is I am in Nepal temporarily, my computer crashed in March, the repairman took it away and put in a new hard drive ( didn't have time to erase info on old one). Then I noticed in Win Patrol I had this new hidden file. Thanks so much for your help. Lauren Attached File  Extras.Txt   31.79KB   162 downloads

OTL logfile created on: 16/05/2013 11:00:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dell\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 45.29% Memory free
3.86 Gb Paging File | 2.59 Gb Available in Paging File | 67.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 121.97 Gb Total Space | 86.97 Gb Free Space | 71.30% Space Free | Partition Type: NTFS
Drive D: | 176.02 Gb Total Space | 175.29 Gb Free Space | 99.59% Space Free | Partition Type: NTFS

Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/16 10:59:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
PRC - [2013/04/27 04:09:42 | 000,423,144 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/03/08 04:25:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2010/05/08 17:33:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010/05/08 17:33:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2009/07/02 08:00:06 | 000,623,984 | ---- | M] (Dell) -- C:\Program Files (x86)\Battery Meter\BTMeter.exe
PRC - [2009/06/11 03:08:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PRC - [2009/05/28 04:09:54 | 000,247,080 | ---- | M] (Dell) -- C:\Program Files (x86)\WSED\WSED.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/10 07:31:38 | 000,600,868 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2009/06/27 04:28:42 | 000,577,536 | ---- | M] () -- C:\Windows\SysWOW64\EMSC.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/08 04:25:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/14 07:26:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/04/01 02:46:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/04/10 12:43:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/05/08 17:33:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009/06/11 03:08:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/14 21:25:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2012/03/14 21:25:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012/03/14 21:25:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/03/01 12:39:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/05/23 03:34:30 | 000,083,456 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010/05/01 05:38:10 | 000,252,928 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010/03/25 22:53:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/03/21 00:41:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2009/07/14 07:37:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 07:37:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 07:37:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 07:33:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 07:32:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 07:30:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:09:56 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/07/14 02:09:38 | 007,342,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/05 03:16:52 | 000,136,192 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/06/30 00:38:44 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/27 04:28:42 | 000,016,752 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EMSC.sys -- (EMSC)
DRV:64bit: - [2009/06/11 02:19:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/11 02:19:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 02:19:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 02:19:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 02:16:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 05:31:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 07:04:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/27 04:28:42 | 000,013,680 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\EMSC.sys -- (EMSC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D E8 CC 2D 64 3F CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {9297E642-4B79-4B79-996D-5105C1B7FCC4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9297E642-4B79-4B79-996D-5105C1B7FCC4}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/23 13:09:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/04/22 19:51:55 | 000,000,000 | ---D | M]

[2013/04/23 13:09:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\Extensions
[2013/04/23 13:09:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/10 12:43:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/04/10 12:42:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/04/10 12:42:54 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/11 02:45:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BTMeter] C:\Program Files (x86)\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [WSED] C:\Program Files (x86)\WSED\WSED.exe (Dell)
O4 - HKCU..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FD022DC-CDEA-42B0-8A26-496985B6ADEA}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82778767-6D2C-47DC-A8EB-729637003D54}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBE72A17-37E8-4FB9-9EB2-238C43437433}: NameServer = 116.68.209.16 116.68.212.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4832534-0ED8-4CF8-9C05-50CA71931DDA}: NameServer = 116.68.209.16 116.68.212.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E91E4D66-07FD-475E-B9C8-B840C563114C}: NameServer = 116.68.209.16 116.68.212.10
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7d6f1017-b54d-11e2-b5c5-0ceee6d18349}\Shell - "" = AutoRun
O33 - MountPoints2\{7d6f1017-b54d-11e2-b5c5-0ceee6d18349}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c7373ca6-acaf-11e2-b858-0ceee6d18349}\Shell - "" = AutoRun
O33 - MountPoints2\{c7373ca6-acaf-11e2-b858-0ceee6d18349}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e5aec16d-abbd-11e2-b092-0ceee6d18349}\Shell - "" = AutoRun
O33 - MountPoints2\{e5aec16d-abbd-11e2-b092-0ceee6d18349}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e5aec17a-abbd-11e2-b092-0ceee6d18349}\Shell - "" = AutoRun
O33 - MountPoints2\{e5aec17a-abbd-11e2-b092-0ceee6d18349}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/16 10:59:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
[2013/05/02 06:24:59 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Adobe
[2013/05/02 06:24:59 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Adobe
[2013/04/30 13:31:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/04/30 13:18:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/04/30 13:18:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/04/30 13:17:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/04/30 12:53:02 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\Downloads
[2013/04/30 12:37:20 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\WinPatrol
[2013/04/30 12:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2013/04/30 12:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/04/30 12:37:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2013/04/25 13:12:49 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\AUDIO
[2013/04/24 14:37:57 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\VAJRAYANA
[2013/04/24 14:37:13 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\TEXT
[2013/04/24 13:53:02 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\KEN HOLMES
[2013/04/24 13:43:00 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\PHOTOS
[2013/04/24 13:21:14 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\DHARMASUN
[2013/04/24 13:18:09 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\SUTRAS
[2013/04/24 13:18:08 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\SADHANA
[2013/04/24 13:18:06 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\Prayers & Praises
[2013/04/24 13:18:02 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\Health
[2013/04/24 13:17:59 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\General Dharma
[2013/04/24 13:17:59 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\CREATION STAGE TEACHINGS
[2013/04/24 13:17:55 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\VAJRAYOGINI
[2013/04/24 13:17:53 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\TEACHINGS
[2013/04/23 13:18:56 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\vlc
[2013/04/23 13:09:38 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Mozilla
[2013/04/23 13:09:38 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Mozilla
[2013/04/23 13:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/04/23 13:09:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/04/23 13:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/23 12:52:04 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Diagnostics
[2013/04/23 08:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ncell Connect
[2013/04/23 08:45:50 | 000,195,584 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys
[2013/04/23 08:45:50 | 000,083,456 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys
[2013/04/23 08:45:50 | 000,078,848 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys
[2013/04/23 08:45:50 | 000,054,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys
[2013/04/23 08:45:50 | 000,029,696 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys
[2013/04/23 08:45:42 | 000,252,928 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2013/04/23 08:45:42 | 000,120,704 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2013/04/23 08:45:42 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2013/04/23 08:45:42 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys
[2013/04/23 08:45:34 | 000,114,560 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2013/04/23 08:45:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ncell Connect
[2013/04/23 08:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2013/04/22 20:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/04/22 20:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2013/04/22 20:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2013/04/22 20:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/04/22 20:03:42 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/04/22 20:03:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/04/22 20:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/04/22 20:00:40 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Microsoft Help
[2013/04/22 20:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/04/22 20:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/04/22 19:59:58 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/04/22 19:58:58 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Skype
[2013/04/22 19:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/04/22 19:58:44 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/04/22 19:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/04/22 19:57:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/04/22 19:57:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/04/22 19:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/04/22 19:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/04/22 19:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/04/22 19:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013/04/22 19:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013/04/22 19:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/04/22 19:50:07 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Apps
[2013/04/22 19:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battery Meter
[2013/04/22 19:48:45 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013/04/22 19:46:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2013/04/22 19:46:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Lang
[2013/04/22 19:46:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WSED
[2013/04/22 19:45:28 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Function Keys
[2013/04/22 19:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Function Keys
[2013/04/22 19:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\XP32
[2013/04/22 19:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Win764
[2013/04/22 19:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Win732
[2013/04/22 19:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Vista64
[2013/04/22 19:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Vista32
[2013/04/22 19:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Function Keys
[2013/04/22 19:43:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2013/04/22 19:42:59 | 000,058,368 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2013/04/22 19:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech
[2013/04/22 19:42:19 | 000,136,192 | ---- | C] (ELAN Microelectronic Corp.) -- C:\Windows\SysNative\drivers\ETD.sys
[2013/04/22 19:42:18 | 004,638,720 | ---- | C] (ELAN Microelectronics Corp.) -- C:\Windows\SysNative\ETDUI.cpl
[2013/04/22 19:40:57 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013/04/22 19:40:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/04/22 19:40:47 | 000,000,000 | ---D | C] -- C:\Intel
[2013/04/22 19:20:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013/04/22 19:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/04/22 19:20:40 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013/04/22 19:20:40 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013/04/22 19:20:39 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013/04/22 19:20:39 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013/04/22 19:20:39 | 000,176,640 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013/04/22 19:20:39 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/04/22 19:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013/04/22 19:20:35 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013/04/22 19:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/04/22 19:20:12 | 000,000,000 | ---D | C] -- C:\dell
[2013/04/22 19:19:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vmm32
[2013/04/22 19:19:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell
[2013/04/22 19:18:25 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/04/22 19:18:12 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/04/22 12:26:36 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/04/22 12:26:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oem
[2013/04/22 11:45:42 | 000,000,000 | R--D | C] -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/04/22 11:45:42 | 000,000,000 | R--D | C] -- C:\Users\Dell\Searches
[2013/04/22 11:45:42 | 000,000,000 | R--D | C] -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/04/22 11:45:42 | 000,000,000 | -H-D | C] -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/04/22 11:45:32 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Identities
[2013/04/22 11:45:23 | 000,000,000 | R--D | C] -- C:\Users\Dell\Contacts
[2013/04/22 11:45:20 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\VirtualStore
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\AppData\Local\Temporary Internet Files
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Templates
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Start Menu
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\SendTo
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Recent
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\PrintHood
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\NetHood
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Documents\My Videos
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Documents\My Pictures
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Documents\My Music
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\My Documents
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Local Settings
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\AppData\Local\History
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Cookies
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Application Data
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\AppData\Local\Application Data
[2013/04/22 11:45:05 | 000,000,000 | --SD | C] -- C:\Users\Dell\AppData\Roaming\Microsoft
[2013/04/22 11:45:05 | 000,000,000 | R--D | C] -- C:\Users\Dell\Videos
[2013/04/22 11:45:05 | 000,000,000 | R--D | C] -- C:\Users\Dell\Saved Games
[2013/04/22 11:45:05 | 000,000,000 | R--D | C] -- C:\Users\Dell\Pictures
[2013/04/22 11:45:05 | 000,000,000 | R--D | C] -- C:\Users\Dell\Music
[2013/04/22 11:45:05 | 000,000,000 | R--D | C] -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/04/22 11:45:05 | 000,000,000 | R--D | C] -- C:\Users\Dell\Links
[2013/04/22 11:45:05 | 000,000,000 | R--D | C] -- C:\Users\Dell\Favorites
[2013/04/22 11:45:05 | 000,000,000 | R--D | C] -- C:\Users\Dell\Downloads
[2013/04/22 11:45:05 | 000,000,000 | R--D | C] -- C:\Users\Dell\Documents
[2013/04/22 11:45:05 | 000,000,000 | R--D | C] -- C:\Users\Dell\Desktop
[2013/04/22 11:45:05 | 000,000,000 | R--D | C] -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/04/22 11:45:05 | 000,000,000 | -H-D | C] -- C:\Users\Dell\AppData
[2013/04/22 11:45:05 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Temp
[2013/04/22 11:45:05 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Microsoft
[2013/04/22 11:45:05 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Media Center Programs
[2013/04/22 11:44:57 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/04/22 11:27:29 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/04/22 11:27:11 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2013/05/16 10:59:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
[2013/05/16 10:49:06 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/16 10:49:06 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/16 10:46:01 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/16 10:46:01 | 000,619,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/16 10:46:01 | 000,107,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/16 10:41:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/16 10:41:27 | 1554,690,048 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/15 05:42:17 | 000,346,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/12 13:33:27 | 000,000,517 | ---- | M] () -- C:\Users\Dell\Desktop\Network and Sharing Center - Shortcut.lnk
[2013/05/12 11:03:27 | 000,289,455 | ---- | M] () -- C:\Users\Dell\Documents\Dzogchen retreat 2013_EN.pdf
[2013/05/03 02:53:04 | 000,179,165 | ---- | M] () -- C:\Users\Dell\Documents\VISION May 2013.pdf
[2013/05/01 20:41:06 | 000,002,807 | ---- | M] () -- C:\Users\Dell\Desktop\Suffering - Shortcut.lnk
[2013/04/23 08:47:49 | 000,001,441 | ---- | M] () -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/23 08:46:09 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Ncell Connect.lnk
[2013/04/23 08:45:55 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01009.Wdf
[2013/04/23 07:49:42 | 000,002,693 | ---- | M] () -- C:\Users\Dell\Desktop\Microsoft Office Word 2007.lnk
[2013/04/22 20:22:14 | 000,013,856 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2013/04/22 19:21:00 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2013/04/22 11:30:38 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/04/22 11:30:38 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/04/22 11:28:58 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2013/05/15 00:32:37 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/05/14 23:59:21 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/05/12 13:33:27 | 000,000,517 | ---- | C] () -- C:\Users\Dell\Desktop\Network and Sharing Center - Shortcut.lnk
[2013/05/12 11:03:23 | 000,289,455 | ---- | C] () -- C:\Users\Dell\Documents\Dzogchen retreat 2013_EN.pdf
[2013/05/03 02:52:52 | 000,179,165 | ---- | C] () -- C:\Users\Dell\Documents\VISION May 2013.pdf
[2013/05/01 20:41:06 | 000,002,807 | ---- | C] () -- C:\Users\Dell\Desktop\Suffering - Shortcut.lnk
[2013/04/24 13:17:57 | 000,254,544 | ---- | C] () -- C:\Users\Dell\Documents\creation stage.wps
[2013/04/24 13:17:57 | 000,083,456 | ---- | C] () -- C:\Users\Dell\Documents\Dependent Arising Commentary.wps
[2013/04/23 13:09:22 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/04/23 08:47:49 | 000,001,441 | ---- | C] () -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/23 08:46:09 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Ncell Connect.lnk
[2013/04/23 08:45:55 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01009.Wdf
[2013/04/23 07:49:42 | 000,002,693 | ---- | C] () -- C:\Users\Dell\Desktop\Microsoft Office Word 2007.lnk
[2013/04/22 20:22:14 | 000,013,856 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013/04/22 19:57:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013/04/22 19:46:43 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\HdmiCoin.dll
[2013/04/22 19:46:42 | 002,805,511 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2013/04/22 19:46:42 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2013/04/22 19:46:42 | 000,982,220 | ---- | C] () -- C:\Windows\SysNative\igkrng500.bin
[2013/04/22 19:46:42 | 000,059,442 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2013/04/22 19:46:42 | 000,059,330 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2013/04/22 19:46:42 | 000,058,839 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2013/04/22 19:46:42 | 000,004,480 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2013/04/22 19:46:42 | 000,001,073 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp
[2013/04/22 19:46:41 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2013/04/22 19:46:41 | 000,134,592 | ---- | C] () -- C:\Windows\SysNative\igfcg500.bin
[2013/04/22 19:46:41 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2013/04/22 19:46:41 | 000,092,216 | ---- | C] () -- C:\Windows\SysNative\igfcg500m.bin
[2013/04/22 19:46:40 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2013/04/22 19:46:40 | 000,439,300 | ---- | C] () -- C:\Windows\SysNative\igcompkrng500.bin
[2013/04/22 19:21:00 | 000,188,416 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2013/04/22 19:21:00 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013/04/22 19:21:00 | 000,088,064 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2013/04/22 19:21:00 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013/04/22 19:21:00 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2013/04/22 19:20:41 | 000,000,176 | ---- | C] () -- C:\Windows\SysNative\drivers\RTHDAEQ0.dat
[2013/04/22 12:26:09 | 000,000,024 | RH-- | C] () -- C:\Windows\DELL_version
[2013/04/22 11:45:52 | 000,001,413 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/04/22 11:45:44 | 000,001,447 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/04/22 11:45:06 | 000,000,290 | ---- | C] () -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/04/22 11:45:06 | 000,000,272 | ---- | C] () -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/04/22 11:30:29 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/04/22 11:30:26 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/04/22 11:28:58 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/04/22 11:27:11 | 1554,690,048 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2009/07/14 10:40:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 11:15:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 10:31:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 07:25:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 07:00:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 07:26:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========


========== Purity Check ==========



< End of report >

Attached Files

  • Attached File  OTL.Txt   79.19KB   140 downloads

Edited by Essexboy, 17 May 2013 - 06:02 AM.

  • 0

#6
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi Lauren,

My apologies for the delay.

Thank you for the logs. Please be patient as I am currently viewing these logs.

Thank you,

Donna :)
  • 0

#7
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi Lauren,

I apologize for the delay. You pointed out that you had your computer repaired in March. The log displays that the C:\Windows\ctfile.rfc file was created on the date displayed in the log as shown below:

[2013/04/22 19:21:00 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc

Due to the dates above, I can assure you that the repairman did not install that file and after extensive research and experimenting by installing Roboform onto my computer and viewing before and after logs looking for the many files that are installed with Roboform, I have found no hint what so ever of Roboform ever being installed on your computer, and I can not figure out how that file was even created on your system unless someone sent you a file to view from their SafeNotes which is a feature in Roboform. The file is a "Read Only" file and it's sole purpose is to store Contact information that is used within the Roboform program. It is completely harmless though if you have never installed Roboform yourself, it can be removed without harm. We can accomplish that by executing the script below, though before we proceed please note that ESET Smart Security personal firewall is enabled which should have disabled the Windows firewall, though it is enabled as well and could cause conflicts and even crash your system. In the fix below I will include the disablement of the Windows firewall in the script.


Please follow the instructions below to remove that file and disable the Windows firewall:
  • Right-click on Posted Image and select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :COMMANDS
    [CREATERESTOREPOINT]

    :OTL
    [2013/04/22 19:21:00 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
    [2013/04/22 19:21:00 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc

    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = DWORD:0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = DWORD:0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = DWORD:0

    :Commands
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run uninterrupted, reboot the PC when it is done.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button. Please post the log it produces in your next reply along with the fix log.


Next:

Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Right-click on SecurityCheck.exe and select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.


I am also concerned that SP1 is not installed on your system SO I am going to have you provide a log from the following program.

Next:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defenders
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

In your next post, please provide the following 3 logs:

Fix log found in > C:\_OTL\Moved Files
checkup.txt
FSS.txt


Thank you,

Donna :)
  • 0

#8
Lauren32

Lauren32

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Wow, Donna, thank you so much for taking the time to help me. I’ll work through this – probably take me a day or two, depending on how it goes.
Re date of ctfile – after I got my computer back it didn’t work properly: ‘not responding’ so the guy took it away again, deleted everything and with the Dell CD reinstalled the programmes. Now it’s much better. This was around 22nd April.
Re Eset – guy set computer to work network and although I paid to have eset installed it seems he just added me to his work network because when I changed it to public network I couldn’t download the updates. That has changed in the last week and I can download updates on the public network now. But I don’t have the security of having a password or licence number. So maybe in the future I will have another system.
Do we always disable the Windows firewall when we have a security system? I’m also getting updates for Windows Defender.
I got an update for IE9 the other day. I blocked installing it but it had been downloaded and installed itself anyway so now I am stuck with learning this new system. I’ve stopped automatic downloads now.
Thanks. Lauren
  • 0

#9
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi Lauren,

You're welcome! It's truly my pleasure to help in any way that I can. :happy:

Obviously the repairman did not install all the updates and security patches. I was concerned when I noticed that SP1 (Service Pack 1) and IE9 were not installed yet and do intend to get your system up to date before we close this thread.

It is best to leave IE9 as is and familiarize yourself with it. Yes. It will be a bit strange at first, but IE9 should be installed on Win7 for security purposes. It is much more secure than IE8.

As disclosed in the ESET Knowledgebase, Windows Defender is compatible and there is no need to disable it.

If you would, please reconfigure the Windows Updates settings to Install Updates Automatically (Recommended) and allow Windows to update. You may have to keep checking for updates till you are told that Windows is up to date.

Please keep me informed on the updates and post the logs when ready.

Donna :)
  • 0

#10
Lauren32

Lauren32

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hallo Donna. Files below. Re updates - I have set computer to automatic for recommended updates. It had been on that until last week when I changed it after I discovered IE8 had been downloaded. I haven't clicked the important updates box. Should I? I have SPI downloaded as an important file sitting there so after I post to you I will download it. Thanks so much. You sre a whizz. Lauren


C/OTL/MOVED FILES

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Windows\ctfile.rfc moved successfully.
File C:\Windows\ctfile.rfc not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\"EnableFirewall" | DWORD:0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"EnableFirewall" | DWORD:0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\\"EnableFirewall" | DWORD:0 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dell
->Temp folder emptied: 10022356 bytes
->Temporary Internet Files folder emptied: 92164127 bytes
->Java cache emptied: 45946 bytes
->FireFox cache emptied: 6387355 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6924302 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 164872313 bytes

Total Files Cleaned = 267.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05242013_192857

Files\Folders moved on Reboot...
C:\Users\Dell\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




OTL.TXT24.05.TXT

OTL logfile created on: 24/05/2013 19:37:34 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dell\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 62.98% Memory free
3.86 Gb Paging File | 2.98 Gb Available in Paging File | 77.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 121.97 Gb Total Space | 85.44 Gb Free Space | 70.05% Space Free | Partition Type: NTFS
Drive D: | 176.02 Gb Total Space | 175.29 Gb Free Space | 99.59% Space Free | Partition Type: NTFS
Drive E: | 20.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/16 10:59:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL1.exe
PRC - [2013/04/27 04:09:42 | 000,423,144 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/03/08 04:25:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2010/05/08 17:33:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010/05/08 17:33:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2009/07/02 08:00:06 | 000,623,984 | ---- | M] (Dell) -- C:\Program Files (x86)\Battery Meter\BTMeter.exe
PRC - [2009/06/11 03:08:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PRC - [2009/05/28 04:09:54 | 000,247,080 | ---- | M] (Dell) -- C:\Program Files (x86)\WSED\WSED.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/10 07:31:38 | 000,600,868 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2009/06/27 04:28:42 | 000,577,536 | ---- | M] () -- C:\Windows\SysWOW64\EMSC.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/08 04:25:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/14 07:26:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/04/01 02:46:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/04/10 12:43:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/05/08 17:33:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009/06/11 03:08:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/14 21:25:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2012/03/14 21:25:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012/03/14 21:25:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/03/01 12:39:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 12:07:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 12:07:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/05/23 03:34:30 | 000,083,456 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010/05/01 05:38:10 | 000,252,928 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010/03/25 22:53:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/03/21 00:41:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2009/07/14 07:37:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 07:33:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 07:32:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 07:30:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:09:56 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/07/14 02:09:38 | 007,342,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/05 03:16:52 | 000,136,192 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/06/30 00:38:44 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/27 04:28:42 | 000,016,752 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EMSC.sys -- (EMSC)
DRV:64bit: - [2009/06/11 02:19:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/11 02:19:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 02:19:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 02:19:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 02:16:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 05:31:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 07:04:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/27 04:28:42 | 000,013,680 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\EMSC.sys -- (EMSC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D E8 CC 2D 64 3F CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {9297E642-4B79-4B79-996D-5105C1B7FCC4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9297E642-4B79-4B79-996D-5105C1B7FCC4}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/23 13:09:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/04/22 19:51:55 | 000,000,000 | ---D | M]

[2013/04/23 13:09:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\Extensions
[2013/04/23 13:09:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/10 12:43:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/04/10 12:42:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/04/10 12:42:54 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/11 02:45:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BTMeter] C:\Program Files (x86)\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [WSED] C:\Program Files (x86)\WSED\WSED.exe (Dell)
O4 - HKCU..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FD022DC-CDEA-42B0-8A26-496985B6ADEA}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82778767-6D2C-47DC-A8EB-729637003D54}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBE72A17-37E8-4FB9-9EB2-238C43437433}: NameServer = 116.68.209.16 116.68.212.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4832534-0ED8-4CF8-9C05-50CA71931DDA}: NameServer = 116.68.209.16 116.68.212.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E91E4D66-07FD-475E-B9C8-B840C563114C}: NameServer = 116.68.209.16 116.68.212.10
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/13 09:33:36 | 000,126,976 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/10/03 06:57:34 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{7d6f1017-b54d-11e2-b5c5-0ceee6d18349}\Shell - "" = AutoRun
O33 - MountPoints2\{7d6f1017-b54d-11e2-b5c5-0ceee6d18349}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/05/13 09:33:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{c7373ca6-acaf-11e2-b858-0ceee6d18349}\Shell - "" = AutoRun
O33 - MountPoints2\{c7373ca6-acaf-11e2-b858-0ceee6d18349}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/05/13 09:33:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{e5aec16d-abbd-11e2-b092-0ceee6d18349}\Shell - "" = AutoRun
O33 - MountPoints2\{e5aec16d-abbd-11e2-b092-0ceee6d18349}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/05/13 09:33:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{e5aec17a-abbd-11e2-b092-0ceee6d18349}\Shell - "" = AutoRun
O33 - MountPoints2\{e5aec17a-abbd-11e2-b092-0ceee6d18349}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/05/13 09:33:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/05/13 09:33:36 | 000,126,976 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/24 19:28:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/23 20:48:29 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\COMPUTER
[2013/05/18 16:51:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/05/18 16:51:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/05/16 10:59:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL1.exe
[2013/05/02 06:24:59 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Adobe
[2013/05/02 06:24:59 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Adobe
[2013/04/30 13:31:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/04/30 13:18:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/04/30 13:18:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/04/30 13:17:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/04/30 12:53:02 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\Downloads
[2013/04/30 12:37:20 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\WinPatrol
[2013/04/30 12:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2013/04/30 12:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/04/30 12:37:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2013/04/25 13:12:49 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\AUDIO

========== Files - Modified Within 30 Days ==========

[2013/05/24 19:39:04 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/24 19:39:04 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/24 19:36:10 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/24 19:36:10 | 000,619,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/24 19:36:10 | 000,107,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/24 19:31:59 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/05/24 19:31:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/24 19:31:31 | 1554,690,048 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/19 16:16:59 | 000,001,441 | ---- | M] () -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/18 16:51:03 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/18 16:50:59 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/16 10:59:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL1.exe
[2013/05/15 05:42:17 | 000,346,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/12 13:33:27 | 000,000,517 | ---- | M] () -- C:\Users\Dell\Desktop\Network and Sharing Center - Shortcut.lnk
[2013/05/12 11:03:27 | 000,289,455 | ---- | M] () -- C:\Users\Dell\Documents\Dzogchen retreat 2013_EN.pdf
[2013/05/03 02:53:04 | 000,179,165 | ---- | M] () -- C:\Users\Dell\Documents\VISION May 2013.pdf
[2013/05/01 20:41:06 | 000,002,807 | ---- | M] () -- C:\Users\Dell\Desktop\Suffering - Shortcut.lnk

========== Files Created - No Company Name ==========

[2013/05/24 19:31:59 | 000,065,536 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl
[2013/05/18 16:51:03 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/18 16:50:59 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/15 00:32:37 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/05/14 23:59:21 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/05/12 13:33:27 | 000,000,517 | ---- | C] () -- C:\Users\Dell\Desktop\Network and Sharing Center - Shortcut.lnk
[2013/05/12 11:03:23 | 000,289,455 | ---- | C] () -- C:\Users\Dell\Documents\Dzogchen retreat 2013_EN.pdf
[2013/05/03 02:52:52 | 000,179,165 | ---- | C] () -- C:\Users\Dell\Documents\VISION May 2013.pdf
[2013/05/01 20:41:06 | 000,002,807 | ---- | C] () -- C:\Users\Dell\Desktop\Suffering - Shortcut.lnk
[2013/04/22 19:46:42 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2013/04/22 19:46:41 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2013/04/22 19:46:41 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2013/04/22 19:46:40 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2013/04/22 19:21:00 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013/04/22 19:21:00 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

========== ZeroAccess Check ==========

[2009/07/14 10:40:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 11:15:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 10:31:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 07:25:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 07:00:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 07:26:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========


========== Purity Check ==========



< End of report >




CHECKUP.TXT

Results of screen317's Security Check version 0.99.64
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ESET NOD32 Antivirus 5.2
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 21
Adobe Reader 10.0.1 Adobe Reader out of Date!
Mozilla Firefox 20.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
BillP Studios WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````



FSS.TXT

Farbar Service Scanner Version: 14-04-2013
Ran by Dell (administrator) on 24-05-2013 at 20:24:40
Running from "C:\Users\Dell\Desktop"
Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-05-14 11:17] - [2013-01-04 11:26] - 1893224 ____A (Microsoft Corporation) 5CFB7AB8F9524D1A1E14369DE63B83CC

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

Advertisements


#11
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi Lauren,

My apologies for the delay.

The logs look really good! WinPatrol should no longer bother you about the ctfile.rfc since it was moved successfully. Your Windows firewall settings are now disabled and the ESET Firewall is protecting you.

Yes! Please allow SP1 to install (if you haven't already) and IE is now up to date with IE10 installed. You can check to make sure that SP1 has installed by the following method:
  • Click on Start orb
  • Right click on Computer and choose Properties
  • Under Windows Editions Service Pack 1 should be displayed

Please report your findings. Continue to check for updates. Always allow the important updates to install. Windows usually creates a restore point before installing updates just in case an issue might arise with any updates that are installed.

Out of date Firefox installed!

To update Firefox:
  • Click on Help in the menu bar
  • Choose About Firefox
  • Click on the Check for Updates found there.
The most recent updated Firefox version is 21.0

Out of date Adobe Reader installed!

Your Adobe reader needs updating. You should ensure you use the latest Adobe Reader and install any security updates that are released. You can download the latest reader and updates from here.

As a side note: Adobe Reader has been having issues lately. I'd suggest installing an alternative such as FoxIt Reader or Sumatra PDF. Adobe has become very vulnerable over the last couple of years and really uses up resources more than FoxIt Reader or Sumatra PDF. Their 'footprint' is considerably smaller than Adobe's and consequently uses less resources (RAM as well as hard drive space).

If you choose to install Foxit Reader, please be advised that you may have to uncheck any pre-checked software. Choose custom install.

If you'd like, you can download Foxit Reader from here.

Here's a really good read concerning the Sumatra PDF for you to compare > Replacing Adobe Reader with Sumatra PDF

The choice is yours.

Please report back once the above is completed.

Thank you,

Donna :)
  • 0

#12
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi Lauren,

You still with me? As soon as we confirm that your programs are updated we can remove the tools we used.

Please keep me updated to your progress.

Donna :)
  • 0

#13
Lauren32

Lauren32

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hallo Donna. Yes, I'm still with you. I finally managed to download and install SP1 (checked under computer properties and it is there - took me a few days because of power cuts here in Nepal) and I’ve also downloaded Sumatra PDF. Thanks for that tip. I don’t know about IE9. It nearly always goes to ‘cannot display the page’ and I have to keep pressing refresh before I get connected. Can you think of a reason for this? Mozilla Firefox has developed this habit as well ‘server not found’. Otherwise everything is working well. I did notice in the log under registry – HKEY LOCAL MACHINE SYSTEM that there is something about shared access. I’m assuming this doesn’t mean I’m sharing access at the moment? Thanks. Lauren
  • 0

#14
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi Lauren,

I don’t know about IE9. It nearly always goes to ‘cannot display the page’ and I have to keep pressing refresh before I get connected. Can you think of a reason for this? Mozilla Firefox has developed this habit as well ‘server not found’.


Since both browsers are affected, I would guess this might be due to your connection since you pointed out the power cuts there in Nepal. I've been having the same issue here in the States lately. I have a satellite connection that when inclement weather is imminent, I'm lucky to connect at all.

How is your connection set up? Are you behind a router/modem? You might try power cycling the router/modem to see if that would help. To do so, unplug the router and modem from the wall socket and allow a few minutes to pass before plugging the modem in and waiting for it to receive the signal then plugging in the router.

Make sure that IE is updated to version 10.

Also please verify that Firefox is up to date.

Let me know if the above helps in any way.

You're welcome,

Donna :)
  • 0

#15
Lauren32

Lauren32

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Donna.
My connection is via a mobile phone data stick and probably is affected by the weather. I have updated now to IE10 and the latest moxilla firefox and they both seem to be working better. Everything seems pretty good now and no more worries about someone spying on me! So I guess that's it. Do you have any more advice? Your help has been brilliant; instructions so clear even a beginner like me could understand them. Lauren
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP