ctfile.rfc [Solved]
#1
Posted 11 May 2013 - 04:29 AM
#2
Posted 11 May 2013 - 06:10 AM
Welcome to Geeks to Go!
It is my pleasure to help you find the answer to your question. I see that you have posted this same question on other forums such as here and here. Posting the same question on multiple forums does take time away from others who need our help as well and I see that Le Boule has answered your post on the MS Community forum and it wouldn't hurt to follow through with the instructions provided though I did find that the file is not of the malicious nature as displayed at VirScan.org nor was found to be malicious in any way on Virus Total. Following is a description of what that file is and what it's purpose is:
ctfile.rfc
Donna
#3
Posted 13 May 2013 - 10:36 PM
#4
Posted 14 May 2013 - 06:00 PM
You're very welcome!
Since I am still in training, from here on out, I will have to run my thoughts past my instructor before I can post them to you which may delay my responses just a tad. This is an advantage for you though since you'll have two pairs of eyes looking out for your best interests.
My concern is that via this ctfile he put on he will be able to access the passwords on my computer. Do you think this is possible?
That could be a possibility if the paid version is installed which includes online automatic synchronization and the service tech has created the acct for which he has access to all the account information when the online account was set up for you. If you did not install this software you have every right to uninstall it!
Following is an excellent comparison chart of the three versions that are available for download:
Roboform
You can also click on the circled arrows to the right under How it works in the left pane in the link I provided to learn more about the software, if you would like.
You mentioned above that the tech also installed an antivirus program. To make this easier, I'm going to ask you to provide the following logs so we can get a better idea of what were are dealing with.
Please download OTL to your Desktop
- Double click on the to run it on XP. On Vista/Win7 and above, Right click and choose Run as administrator.
- Make sure all other windows are closed and allow it to run uninterrupted.
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic
- OTL.txt <-- Will be opened, maximized
- Extras.txt <-- Will be minimized on task bar.
Donna
#5
Posted 16 May 2013 - 09:33 AM
OTL logfile created on: 16/05/2013 11:00:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dell\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.93 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 45.29% Memory free
3.86 Gb Paging File | 2.59 Gb Available in Paging File | 67.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 121.97 Gb Total Space | 86.97 Gb Free Space | 71.30% Space Free | Partition Type: NTFS
Drive D: | 176.02 Gb Total Space | 175.29 Gb Free Space | 99.59% Space Free | Partition Type: NTFS
Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/05/16 10:59:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
PRC - [2013/04/27 04:09:42 | 000,423,144 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/03/08 04:25:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2010/05/08 17:33:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010/05/08 17:33:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2009/07/02 08:00:06 | 000,623,984 | ---- | M] (Dell) -- C:\Program Files (x86)\Battery Meter\BTMeter.exe
PRC - [2009/06/11 03:08:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PRC - [2009/05/28 04:09:54 | 000,247,080 | ---- | M] (Dell) -- C:\Program Files (x86)\WSED\WSED.exe
========== Modules (No Company Name) ==========
MOD - [2012/12/10 07:31:38 | 000,600,868 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2009/06/27 04:28:42 | 000,577,536 | ---- | M] () -- C:\Windows\SysWOW64\EMSC.DLL
========== Services (SafeList) ==========
SRV:64bit: - [2012/03/08 04:25:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/14 07:26:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/04/01 02:46:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/04/10 12:43:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/05/08 17:33:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009/06/11 03:08:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/03/14 21:25:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2012/03/14 21:25:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012/03/14 21:25:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/03/01 12:39:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/05/23 03:34:30 | 000,083,456 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010/05/01 05:38:10 | 000,252,928 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010/03/25 22:53:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/03/21 00:41:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2009/07/14 07:37:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 07:37:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 07:37:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 07:33:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 07:32:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 07:30:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:09:56 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/07/14 02:09:38 | 007,342,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/05 03:16:52 | 000,136,192 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/06/30 00:38:44 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/27 04:28:42 | 000,016,752 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EMSC.sys -- (EMSC)
DRV:64bit: - [2009/06/11 02:19:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/11 02:19:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 02:19:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 02:19:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 02:16:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 05:31:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 07:04:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/27 04:28:42 | 000,013,680 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\EMSC.sys -- (EMSC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D E8 CC 2D 64 3F CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {9297E642-4B79-4B79-996D-5105C1B7FCC4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9297E642-4B79-4B79-996D-5105C1B7FCC4}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/23 13:09:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/04/22 19:51:55 | 000,000,000 | ---D | M]
[2013/04/23 13:09:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\Extensions
[2013/04/23 13:09:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/10 12:43:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/04/10 12:42:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/04/10 12:42:54 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2009/06/11 02:45:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BTMeter] C:\Program Files (x86)\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [WSED] C:\Program Files (x86)\WSED\WSED.exe (Dell)
O4 - HKCU..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FD022DC-CDEA-42B0-8A26-496985B6ADEA}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82778767-6D2C-47DC-A8EB-729637003D54}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBE72A17-37E8-4FB9-9EB2-238C43437433}: NameServer = 116.68.209.16 116.68.212.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4832534-0ED8-4CF8-9C05-50CA71931DDA}: NameServer = 116.68.209.16 116.68.212.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E91E4D66-07FD-475E-B9C8-B840C563114C}: NameServer = 116.68.209.16 116.68.212.10
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7d6f1017-b54d-11e2-b5c5-0ceee6d18349}\Shell - "" = AutoRun
O33 - MountPoints2\{7d6f1017-b54d-11e2-b5c5-0ceee6d18349}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c7373ca6-acaf-11e2-b858-0ceee6d18349}\Shell - "" = AutoRun
O33 - MountPoints2\{c7373ca6-acaf-11e2-b858-0ceee6d18349}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e5aec16d-abbd-11e2-b092-0ceee6d18349}\Shell - "" = AutoRun
O33 - MountPoints2\{e5aec16d-abbd-11e2-b092-0ceee6d18349}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e5aec17a-abbd-11e2-b092-0ceee6d18349}\Shell - "" = AutoRun
O33 - MountPoints2\{e5aec17a-abbd-11e2-b092-0ceee6d18349}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/05/16 10:59:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
[2013/05/02 06:24:59 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Adobe
[2013/05/02 06:24:59 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Adobe
[2013/04/30 13:31:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/04/30 13:18:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/04/30 13:18:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/04/30 13:17:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/04/30 12:53:02 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\Downloads
[2013/04/30 12:37:20 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\WinPatrol
[2013/04/30 12:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2013/04/30 12:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/04/30 12:37:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2013/04/25 13:12:49 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\AUDIO
[2013/04/24 14:37:57 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\VAJRAYANA
[2013/04/24 14:37:13 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\TEXT
[2013/04/24 13:53:02 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\KEN HOLMES
[2013/04/24 13:43:00 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\PHOTOS
[2013/04/24 13:21:14 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\DHARMASUN
[2013/04/24 13:18:09 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\SUTRAS
[2013/04/24 13:18:08 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\SADHANA
[2013/04/24 13:18:06 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\Prayers & Praises
[2013/04/24 13:18:02 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\Health
[2013/04/24 13:17:59 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\General Dharma
[2013/04/24 13:17:59 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\CREATION STAGE TEACHINGS
[2013/04/24 13:17:55 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\VAJRAYOGINI
[2013/04/24 13:17:53 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\TEACHINGS
[2013/04/23 13:18:56 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\vlc
[2013/04/23 13:09:38 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Mozilla
[2013/04/23 13:09:38 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Mozilla
[2013/04/23 13:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/04/23 13:09:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/04/23 13:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/23 12:52:04 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Diagnostics
[2013/04/23 08:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ncell Connect
[2013/04/23 08:45:50 | 000,195,584 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys
[2013/04/23 08:45:50 | 000,083,456 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys
[2013/04/23 08:45:50 | 000,078,848 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys
[2013/04/23 08:45:50 | 000,054,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys
[2013/04/23 08:45:50 | 000,029,696 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys
[2013/04/23 08:45:42 | 000,252,928 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2013/04/23 08:45:42 | 000,120,704 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2013/04/23 08:45:42 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2013/04/23 08:45:42 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys
[2013/04/23 08:45:34 | 000,114,560 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2013/04/23 08:45:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ncell Connect
[2013/04/23 08:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2013/04/22 20:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/04/22 20:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2013/04/22 20:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2013/04/22 20:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/04/22 20:03:42 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/04/22 20:03:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/04/22 20:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/04/22 20:00:40 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Microsoft Help
[2013/04/22 20:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/04/22 20:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/04/22 19:59:58 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/04/22 19:58:58 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Skype
[2013/04/22 19:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/04/22 19:58:44 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/04/22 19:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/04/22 19:57:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/04/22 19:57:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/04/22 19:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/04/22 19:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/04/22 19:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/04/22 19:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013/04/22 19:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013/04/22 19:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/04/22 19:50:07 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Apps
[2013/04/22 19:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battery Meter
[2013/04/22 19:48:45 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013/04/22 19:46:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2013/04/22 19:46:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Lang
[2013/04/22 19:46:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WSED
[2013/04/22 19:45:28 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Function Keys
[2013/04/22 19:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Function Keys
[2013/04/22 19:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\XP32
[2013/04/22 19:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Win764
[2013/04/22 19:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Win732
[2013/04/22 19:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Vista64
[2013/04/22 19:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Vista32
[2013/04/22 19:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Function Keys
[2013/04/22 19:43:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2013/04/22 19:42:59 | 000,058,368 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2013/04/22 19:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech
[2013/04/22 19:42:19 | 000,136,192 | ---- | C] (ELAN Microelectronic Corp.) -- C:\Windows\SysNative\drivers\ETD.sys
[2013/04/22 19:42:18 | 004,638,720 | ---- | C] (ELAN Microelectronics Corp.) -- C:\Windows\SysNative\ETDUI.cpl
[2013/04/22 19:40:57 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013/04/22 19:40:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/04/22 19:40:47 | 000,000,000 | ---D | C] -- C:\Intel
[2013/04/22 19:20:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013/04/22 19:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/04/22 19:20:40 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013/04/22 19:20:40 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013/04/22 19:20:39 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013/04/22 19:20:39 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013/04/22 19:20:39 | 000,176,640 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013/04/22 19:20:39 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/04/22 19:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013/04/22 19:20:35 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013/04/22 19:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/04/22 19:20:12 | 000,000,000 | ---D | C] -- C:\dell
[2013/04/22 19:19:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vmm32
[2013/04/22 19:19:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell
[2013/04/22 19:18:25 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/04/22 19:18:12 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/04/22 12:26:36 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/04/22 12:26:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oem
[2013/04/22 11:45:42 | 000,000,000 | R--D | C] -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/04/22 11:45:42 | 000,000,000 | R--D | C] -- C:\Users\Dell\Searches
[2013/04/22 11:45:42 | 000,000,000 | R--D | C] -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/04/22 11:45:42 | 000,000,000 | -H-D | C] -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/04/22 11:45:32 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Identities
[2013/04/22 11:45:23 | 000,000,000 | R--D | C] -- C:\Users\Dell\Contacts
[2013/04/22 11:45:20 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\VirtualStore
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\AppData\Local\Temporary Internet Files
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Templates
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Start Menu
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\SendTo
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Recent
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\PrintHood
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\NetHood
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Documents\My Videos
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Documents\My Pictures
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Documents\My Music
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\My Documents
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Local Settings
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\AppData\Local\History
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Cookies
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Application Data
[2013/04/22 11:45:06 | 000,000,000 | -HSD | C] -- C:\Users\Dell\AppData\Local\Application Data
[2013/04/22 11:45:05 | 000,000,000 | --SD | C] -- C:\Users\Dell\AppData\Roaming\Microsoft
[2013/04/22 11:45:05 | 000,000,000 | R--D | C] -- C:\Users\Dell\Videos
[2013/04/22 11:45:05 | 000,000,000 | R--D | C] -- C:\Users\Dell\Saved Games
[2013/04/22 11:45:05 | 000,000,000 | R--D | C] -- C:\Users\Dell\Pictures
[2013/04/22 11:45:05 | 000,000,000 | R--D | C] -- C:\Users\Dell\Music
[2013/04/22 11:45:05 | 000,000,000 | R--D | C] -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/04/22 11:45:05 | 000,000,000 | R--D | C] -- C:\Users\Dell\Links
[2013/04/22 11:45:05 | 000,000,000 | R--D | C] -- C:\Users\Dell\Favorites
[2013/04/22 11:45:05 | 000,000,000 | R--D | C] -- C:\Users\Dell\Downloads
[2013/04/22 11:45:05 | 000,000,000 | R--D | C] -- C:\Users\Dell\Documents
[2013/04/22 11:45:05 | 000,000,000 | R--D | C] -- C:\Users\Dell\Desktop
[2013/04/22 11:45:05 | 000,000,000 | R--D | C] -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/04/22 11:45:05 | 000,000,000 | -H-D | C] -- C:\Users\Dell\AppData
[2013/04/22 11:45:05 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Temp
[2013/04/22 11:45:05 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Microsoft
[2013/04/22 11:45:05 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Media Center Programs
[2013/04/22 11:44:57 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/04/22 11:27:29 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/04/22 11:27:11 | 000,000,000 | -HSD | C] -- C:\System Volume Information
========== Files - Modified Within 30 Days ==========
[2013/05/16 10:59:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
[2013/05/16 10:49:06 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/16 10:49:06 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/16 10:46:01 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/16 10:46:01 | 000,619,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/16 10:46:01 | 000,107,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/16 10:41:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/16 10:41:27 | 1554,690,048 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/15 05:42:17 | 000,346,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/12 13:33:27 | 000,000,517 | ---- | M] () -- C:\Users\Dell\Desktop\Network and Sharing Center - Shortcut.lnk
[2013/05/12 11:03:27 | 000,289,455 | ---- | M] () -- C:\Users\Dell\Documents\Dzogchen retreat 2013_EN.pdf
[2013/05/03 02:53:04 | 000,179,165 | ---- | M] () -- C:\Users\Dell\Documents\VISION May 2013.pdf
[2013/05/01 20:41:06 | 000,002,807 | ---- | M] () -- C:\Users\Dell\Desktop\Suffering - Shortcut.lnk
[2013/04/23 08:47:49 | 000,001,441 | ---- | M] () -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/23 08:46:09 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Ncell Connect.lnk
[2013/04/23 08:45:55 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01009.Wdf
[2013/04/23 07:49:42 | 000,002,693 | ---- | M] () -- C:\Users\Dell\Desktop\Microsoft Office Word 2007.lnk
[2013/04/22 20:22:14 | 000,013,856 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2013/04/22 19:21:00 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2013/04/22 11:30:38 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/04/22 11:30:38 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/04/22 11:28:58 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
========== Files Created - No Company Name ==========
[2013/05/15 00:32:37 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/05/14 23:59:21 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/05/12 13:33:27 | 000,000,517 | ---- | C] () -- C:\Users\Dell\Desktop\Network and Sharing Center - Shortcut.lnk
[2013/05/12 11:03:23 | 000,289,455 | ---- | C] () -- C:\Users\Dell\Documents\Dzogchen retreat 2013_EN.pdf
[2013/05/03 02:52:52 | 000,179,165 | ---- | C] () -- C:\Users\Dell\Documents\VISION May 2013.pdf
[2013/05/01 20:41:06 | 000,002,807 | ---- | C] () -- C:\Users\Dell\Desktop\Suffering - Shortcut.lnk
[2013/04/24 13:17:57 | 000,254,544 | ---- | C] () -- C:\Users\Dell\Documents\creation stage.wps
[2013/04/24 13:17:57 | 000,083,456 | ---- | C] () -- C:\Users\Dell\Documents\Dependent Arising Commentary.wps
[2013/04/23 13:09:22 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/04/23 08:47:49 | 000,001,441 | ---- | C] () -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/23 08:46:09 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Ncell Connect.lnk
[2013/04/23 08:45:55 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01009.Wdf
[2013/04/23 07:49:42 | 000,002,693 | ---- | C] () -- C:\Users\Dell\Desktop\Microsoft Office Word 2007.lnk
[2013/04/22 20:22:14 | 000,013,856 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013/04/22 19:57:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013/04/22 19:46:43 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\HdmiCoin.dll
[2013/04/22 19:46:42 | 002,805,511 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2013/04/22 19:46:42 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2013/04/22 19:46:42 | 000,982,220 | ---- | C] () -- C:\Windows\SysNative\igkrng500.bin
[2013/04/22 19:46:42 | 000,059,442 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2013/04/22 19:46:42 | 000,059,330 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2013/04/22 19:46:42 | 000,058,839 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2013/04/22 19:46:42 | 000,004,480 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2013/04/22 19:46:42 | 000,001,073 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp
[2013/04/22 19:46:41 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2013/04/22 19:46:41 | 000,134,592 | ---- | C] () -- C:\Windows\SysNative\igfcg500.bin
[2013/04/22 19:46:41 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2013/04/22 19:46:41 | 000,092,216 | ---- | C] () -- C:\Windows\SysNative\igfcg500m.bin
[2013/04/22 19:46:40 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2013/04/22 19:46:40 | 000,439,300 | ---- | C] () -- C:\Windows\SysNative\igcompkrng500.bin
[2013/04/22 19:21:00 | 000,188,416 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2013/04/22 19:21:00 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013/04/22 19:21:00 | 000,088,064 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2013/04/22 19:21:00 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013/04/22 19:21:00 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2013/04/22 19:20:41 | 000,000,176 | ---- | C] () -- C:\Windows\SysNative\drivers\RTHDAEQ0.dat
[2013/04/22 12:26:09 | 000,000,024 | RH-- | C] () -- C:\Windows\DELL_version
[2013/04/22 11:45:52 | 000,001,413 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/04/22 11:45:44 | 000,001,447 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/04/22 11:45:06 | 000,000,290 | ---- | C] () -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/04/22 11:45:06 | 000,000,272 | ---- | C] () -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/04/22 11:30:29 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/04/22 11:30:26 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/04/22 11:28:58 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/04/22 11:27:11 | 1554,690,048 | -HS- | C] () -- C:\hiberfil.sys
========== ZeroAccess Check ==========
[2009/07/14 10:40:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 11:15:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 10:31:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 07:25:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 07:00:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 07:26:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
========== Purity Check ==========
< End of report >
Attached Files
Edited by Essexboy, 17 May 2013 - 06:02 AM.
#6
Posted 17 May 2013 - 06:40 PM
My apologies for the delay.
Thank you for the logs. Please be patient as I am currently viewing these logs.
Thank you,
Donna
#7
Posted 19 May 2013 - 08:15 AM
I apologize for the delay. You pointed out that you had your computer repaired in March. The log displays that the C:\Windows\ctfile.rfc file was created on the date displayed in the log as shown below:
[2013/04/22 19:21:00 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
Due to the dates above, I can assure you that the repairman did not install that file and after extensive research and experimenting by installing Roboform onto my computer and viewing before and after logs looking for the many files that are installed with Roboform, I have found no hint what so ever of Roboform ever being installed on your computer, and I can not figure out how that file was even created on your system unless someone sent you a file to view from their SafeNotes which is a feature in Roboform. The file is a "Read Only" file and it's sole purpose is to store Contact information that is used within the Roboform program. It is completely harmless though if you have never installed Roboform yourself, it can be removed without harm. We can accomplish that by executing the script below, though before we proceed please note that ESET Smart Security personal firewall is enabled which should have disabled the Windows firewall, though it is enabled as well and could cause conflicts and even crash your system. In the fix below I will include the disablement of the Windows firewall in the script.
Please follow the instructions below to remove that file and disable the Windows firewall:
- Right-click on and select Run As Administrator to start the program. If prompted by UAC, please allow it.
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
:COMMANDS
[CREATERESTOREPOINT]
:OTL
[2013/04/22 19:21:00 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2013/04/22 19:21:00 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = DWORD:0
:Commands
[emptytemp] - Then click the Run Fix button at the top
- Let the program run uninterrupted, reboot the PC when it is done.
- Post the log that is found in C:\_OTL\Moved Files in your next reply.
- Open OTL again and click the Quick Scan button. Please post the log it produces in your next reply along with the fix log.
Next:
Please download Security Check by screen317 from here or here.
- Save it to your Desktop.
- Right-click on SecurityCheck.exe and select Run As Administrator to start the program. If prompted by UAC, please allow it.
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.
I am also concerned that SP1 is not installed on your system SO I am going to have you provide a log from the following program.
Next:
Please download Farbar Service Scanner and run it on the computer with the issue.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defenders
- Other Services
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
In your next post, please provide the following 3 logs:
Fix log found in > C:\_OTL\Moved Files
checkup.txt
FSS.txt
Thank you,
Donna
#8
Posted 21 May 2013 - 11:25 AM
Re date of ctfile – after I got my computer back it didn’t work properly: ‘not responding’ so the guy took it away again, deleted everything and with the Dell CD reinstalled the programmes. Now it’s much better. This was around 22nd April.
Re Eset – guy set computer to work network and although I paid to have eset installed it seems he just added me to his work network because when I changed it to public network I couldn’t download the updates. That has changed in the last week and I can download updates on the public network now. But I don’t have the security of having a password or licence number. So maybe in the future I will have another system.
Do we always disable the Windows firewall when we have a security system? I’m also getting updates for Windows Defender.
I got an update for IE9 the other day. I blocked installing it but it had been downloaded and installed itself anyway so now I am stuck with learning this new system. I’ve stopped automatic downloads now.
Thanks. Lauren
#9
Posted 21 May 2013 - 08:32 PM
You're welcome! It's truly my pleasure to help in any way that I can.
Obviously the repairman did not install all the updates and security patches. I was concerned when I noticed that SP1 (Service Pack 1) and IE9 were not installed yet and do intend to get your system up to date before we close this thread.
It is best to leave IE9 as is and familiarize yourself with it. Yes. It will be a bit strange at first, but IE9 should be installed on Win7 for security purposes. It is much more secure than IE8.
As disclosed in the ESET Knowledgebase, Windows Defender is compatible and there is no need to disable it.
If you would, please reconfigure the Windows Updates settings to Install Updates Automatically (Recommended) and allow Windows to update. You may have to keep checking for updates till you are told that Windows is up to date.
Please keep me informed on the updates and post the logs when ready.
Donna
#10
Posted 24 May 2013 - 09:12 AM
C/OTL/MOVED FILES
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Windows\ctfile.rfc moved successfully.
File C:\Windows\ctfile.rfc not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\"EnableFirewall" | DWORD:0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"EnableFirewall" | DWORD:0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\\"EnableFirewall" | DWORD:0 /E : value set successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Dell
->Temp folder emptied: 10022356 bytes
->Temporary Internet Files folder emptied: 92164127 bytes
->Java cache emptied: 45946 bytes
->FireFox cache emptied: 6387355 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6924302 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 164872313 bytes
Total Files Cleaned = 267.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05242013_192857
Files\Folders moved on Reboot...
C:\Users\Dell\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
OTL.TXT24.05.TXT
OTL logfile created on: 24/05/2013 19:37:34 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dell\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.93 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 62.98% Memory free
3.86 Gb Paging File | 2.98 Gb Available in Paging File | 77.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 121.97 Gb Total Space | 85.44 Gb Free Space | 70.05% Space Free | Partition Type: NTFS
Drive D: | 176.02 Gb Total Space | 175.29 Gb Free Space | 99.59% Space Free | Partition Type: NTFS
Drive E: | 20.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/05/16 10:59:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL1.exe
PRC - [2013/04/27 04:09:42 | 000,423,144 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/03/08 04:25:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2010/05/08 17:33:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010/05/08 17:33:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2009/07/02 08:00:06 | 000,623,984 | ---- | M] (Dell) -- C:\Program Files (x86)\Battery Meter\BTMeter.exe
PRC - [2009/06/11 03:08:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PRC - [2009/05/28 04:09:54 | 000,247,080 | ---- | M] (Dell) -- C:\Program Files (x86)\WSED\WSED.exe
========== Modules (No Company Name) ==========
MOD - [2012/12/10 07:31:38 | 000,600,868 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2009/06/27 04:28:42 | 000,577,536 | ---- | M] () -- C:\Windows\SysWOW64\EMSC.DLL
========== Services (SafeList) ==========
SRV:64bit: - [2012/03/08 04:25:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/14 07:26:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/04/01 02:46:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/04/10 12:43:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/05/08 17:33:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009/06/11 03:08:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/03/14 21:25:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2012/03/14 21:25:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012/03/14 21:25:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/03/01 12:39:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 12:07:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 12:07:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/05/23 03:34:30 | 000,083,456 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010/05/01 05:38:10 | 000,252,928 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010/03/25 22:53:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/03/21 00:41:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2009/07/14 07:37:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 07:33:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 07:32:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 07:30:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:09:56 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/07/14 02:09:38 | 007,342,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/05 03:16:52 | 000,136,192 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/06/30 00:38:44 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/27 04:28:42 | 000,016,752 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EMSC.sys -- (EMSC)
DRV:64bit: - [2009/06/11 02:19:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/11 02:19:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 02:19:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 02:19:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 02:16:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 05:31:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 07:04:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/27 04:28:42 | 000,013,680 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\EMSC.sys -- (EMSC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D E8 CC 2D 64 3F CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {9297E642-4B79-4B79-996D-5105C1B7FCC4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9297E642-4B79-4B79-996D-5105C1B7FCC4}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/23 13:09:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/04/22 19:51:55 | 000,000,000 | ---D | M]
[2013/04/23 13:09:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\Extensions
[2013/04/23 13:09:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/10 12:43:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/04/10 12:42:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/04/10 12:42:54 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2009/06/11 02:45:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BTMeter] C:\Program Files (x86)\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [WSED] C:\Program Files (x86)\WSED\WSED.exe (Dell)
O4 - HKCU..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FD022DC-CDEA-42B0-8A26-496985B6ADEA}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82778767-6D2C-47DC-A8EB-729637003D54}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBE72A17-37E8-4FB9-9EB2-238C43437433}: NameServer = 116.68.209.16 116.68.212.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4832534-0ED8-4CF8-9C05-50CA71931DDA}: NameServer = 116.68.209.16 116.68.212.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E91E4D66-07FD-475E-B9C8-B840C563114C}: NameServer = 116.68.209.16 116.68.212.10
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/13 09:33:36 | 000,126,976 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/10/03 06:57:34 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{7d6f1017-b54d-11e2-b5c5-0ceee6d18349}\Shell - "" = AutoRun
O33 - MountPoints2\{7d6f1017-b54d-11e2-b5c5-0ceee6d18349}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/05/13 09:33:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{c7373ca6-acaf-11e2-b858-0ceee6d18349}\Shell - "" = AutoRun
O33 - MountPoints2\{c7373ca6-acaf-11e2-b858-0ceee6d18349}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/05/13 09:33:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{e5aec16d-abbd-11e2-b092-0ceee6d18349}\Shell - "" = AutoRun
O33 - MountPoints2\{e5aec16d-abbd-11e2-b092-0ceee6d18349}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/05/13 09:33:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{e5aec17a-abbd-11e2-b092-0ceee6d18349}\Shell - "" = AutoRun
O33 - MountPoints2\{e5aec17a-abbd-11e2-b092-0ceee6d18349}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/05/13 09:33:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/05/13 09:33:36 | 000,126,976 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/05/24 19:28:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/23 20:48:29 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\COMPUTER
[2013/05/18 16:51:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/05/18 16:51:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/05/16 10:59:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL1.exe
[2013/05/02 06:24:59 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Adobe
[2013/05/02 06:24:59 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Adobe
[2013/04/30 13:31:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/04/30 13:18:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/04/30 13:18:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/04/30 13:17:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/04/30 12:53:02 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\Downloads
[2013/04/30 12:37:20 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\WinPatrol
[2013/04/30 12:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2013/04/30 12:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/04/30 12:37:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2013/04/25 13:12:49 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\AUDIO
========== Files - Modified Within 30 Days ==========
[2013/05/24 19:39:04 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/24 19:39:04 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/24 19:36:10 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/24 19:36:10 | 000,619,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/24 19:36:10 | 000,107,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/24 19:31:59 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/05/24 19:31:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/24 19:31:31 | 1554,690,048 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/19 16:16:59 | 000,001,441 | ---- | M] () -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/18 16:51:03 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/18 16:50:59 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/16 10:59:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL1.exe
[2013/05/15 05:42:17 | 000,346,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/12 13:33:27 | 000,000,517 | ---- | M] () -- C:\Users\Dell\Desktop\Network and Sharing Center - Shortcut.lnk
[2013/05/12 11:03:27 | 000,289,455 | ---- | M] () -- C:\Users\Dell\Documents\Dzogchen retreat 2013_EN.pdf
[2013/05/03 02:53:04 | 000,179,165 | ---- | M] () -- C:\Users\Dell\Documents\VISION May 2013.pdf
[2013/05/01 20:41:06 | 000,002,807 | ---- | M] () -- C:\Users\Dell\Desktop\Suffering - Shortcut.lnk
========== Files Created - No Company Name ==========
[2013/05/24 19:31:59 | 000,065,536 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl
[2013/05/18 16:51:03 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/18 16:50:59 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/15 00:32:37 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/05/14 23:59:21 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/05/12 13:33:27 | 000,000,517 | ---- | C] () -- C:\Users\Dell\Desktop\Network and Sharing Center - Shortcut.lnk
[2013/05/12 11:03:23 | 000,289,455 | ---- | C] () -- C:\Users\Dell\Documents\Dzogchen retreat 2013_EN.pdf
[2013/05/03 02:52:52 | 000,179,165 | ---- | C] () -- C:\Users\Dell\Documents\VISION May 2013.pdf
[2013/05/01 20:41:06 | 000,002,807 | ---- | C] () -- C:\Users\Dell\Desktop\Suffering - Shortcut.lnk
[2013/04/22 19:46:42 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2013/04/22 19:46:41 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2013/04/22 19:46:41 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2013/04/22 19:46:40 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2013/04/22 19:21:00 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013/04/22 19:21:00 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
========== ZeroAccess Check ==========
[2009/07/14 10:40:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 11:15:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 10:31:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 07:25:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 07:00:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 07:26:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
========== Purity Check ==========
< End of report >
CHECKUP.TXT
Results of screen317's Security Check version 0.99.64
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ESET NOD32 Antivirus 5.2
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 21
Adobe Reader 10.0.1 Adobe Reader out of Date!
Mozilla Firefox 20.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
BillP Studios WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
FSS.TXT
Farbar Service Scanner Version: 14-04-2013
Ran by Dell (administrator) on 24-05-2013 at 20:24:40
Running from "C:\Users\Dell\Desktop"
Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-05-14 11:17] - [2013-01-04 11:26] - 1893224 ____A (Microsoft Corporation) 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
#11
Posted 26 May 2013 - 06:58 AM
My apologies for the delay.
The logs look really good! WinPatrol should no longer bother you about the ctfile.rfc since it was moved successfully. Your Windows firewall settings are now disabled and the ESET Firewall is protecting you.
Yes! Please allow SP1 to install (if you haven't already) and IE is now up to date with IE10 installed. You can check to make sure that SP1 has installed by the following method:
- Click on Start orb
- Right click on Computer and choose Properties
- Under Windows Editions Service Pack 1 should be displayed
Please report your findings. Continue to check for updates. Always allow the important updates to install. Windows usually creates a restore point before installing updates just in case an issue might arise with any updates that are installed.
Out of date Firefox installed!
To update Firefox:
- Click on Help in the menu bar
- Choose About Firefox
- Click on the Check for Updates found there.
Out of date Adobe Reader installed!
Your Adobe reader needs updating. You should ensure you use the latest Adobe Reader and install any security updates that are released. You can download the latest reader and updates from here.
As a side note: Adobe Reader has been having issues lately. I'd suggest installing an alternative such as FoxIt Reader or Sumatra PDF. Adobe has become very vulnerable over the last couple of years and really uses up resources more than FoxIt Reader or Sumatra PDF. Their 'footprint' is considerably smaller than Adobe's and consequently uses less resources (RAM as well as hard drive space).
If you choose to install Foxit Reader, please be advised that you may have to uncheck any pre-checked software. Choose custom install.
If you'd like, you can download Foxit Reader from here.
Here's a really good read concerning the Sumatra PDF for you to compare > Replacing Adobe Reader with Sumatra PDF
The choice is yours.
Please report back once the above is completed.
Thank you,
Donna
#12
Posted 29 May 2013 - 09:46 AM
You still with me? As soon as we confirm that your programs are updated we can remove the tools we used.
Please keep me updated to your progress.
Donna
#13
Posted 29 May 2013 - 11:23 AM
#14
Posted 29 May 2013 - 11:54 AM
I don’t know about IE9. It nearly always goes to ‘cannot display the page’ and I have to keep pressing refresh before I get connected. Can you think of a reason for this? Mozilla Firefox has developed this habit as well ‘server not found’.
Since both browsers are affected, I would guess this might be due to your connection since you pointed out the power cuts there in Nepal. I've been having the same issue here in the States lately. I have a satellite connection that when inclement weather is imminent, I'm lucky to connect at all.
How is your connection set up? Are you behind a router/modem? You might try power cycling the router/modem to see if that would help. To do so, unplug the router and modem from the wall socket and allow a few minutes to pass before plugging the modem in and waiting for it to receive the signal then plugging in the router.
Make sure that IE is updated to version 10.
Also please verify that Firefox is up to date.
Let me know if the above helps in any way.
You're welcome,
Donna
#15
Posted 31 May 2013 - 09:48 AM
My connection is via a mobile phone data stick and probably is affected by the weather. I have updated now to IE10 and the latest moxilla firefox and they both seem to be working better. Everything seems pretty good now and no more worries about someone spying on me! So I guess that's it. Do you have any more advice? Your help has been brilliant; instructions so clear even a beginner like me could understand them. Lauren
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users