MitchFlys

Member
  • Content Count

    24
  • Joined

  • Last visited

Community Reputation

0 Neutral

About MitchFlys

  • Rank
    Member

Profile Information

  • Gender
    Male
  1. Okay. Did it. Thank you so much again for all your help !
  2. Tom, It worked!!!! The "specified file" was actually on the computer but hidden from the installer under a folder name it did not recognize. All it took was to copy the folder, rename it to the folder name that was in the error message and re-ran the installer. Installed perfectly!! Thank you again for spending so much time with me and even taking the time to speak with a team-mate about another issue after fixing my initial problem! Mitch
  3. Here is the link (it is from the HP home page www.hp.com): http://h10025.www1.hp.com/ewfrf/wc/softwareCategory?product=3940574&lc=en&cc=us&dlc=en〈=en&cc=us Then I select my Operating System (Windows 7 64-bit). Then I select "Driver-Product Installation Software" Then I select "HP Photosmart Full Feature Software and Drivers" Then I download it and save it to my desktop and then attempt to install it but I get the error message above. It seems like everything else with my system is working fine. Thank you for all the time you have spent with me thus far. I really appreciate it.
  4. I do not know how to Copy the error message when it appears on my desktop so I can Paste it to this post. An error message window opens when I try to Install and the heading at the top of the error window reads "C:\Users\Mitch\AppData\Local\Temp\7zS0D90\Setup\..\Setup\hpzpnp40.exe". The error message itself reads "The system cannot find the file specified". HP Photosmart C4795
  5. Ran Windows all-in-one repair tool. OTL logfile created on: 11/22/2012 11:30:01 AM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mitch\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 15.98 Gb Total Physical Memory | 14.11 Gb Available Physical Memory | 88.30% Memory free 31.96 Gb Paging File | 30.01 Gb Available in Paging File | 93.90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1846.73 Gb Total Space | 1760.46 Gb Free Space | 95.33% Space Free | Partition Type: NTFS Computer Name: MITCH-PC | User Name: Mitch | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Mitch\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\CtxfiRes.dll () MOD - C:\Windows\SysWOW64\APOMngr.DLL () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (BrcmMgmtAgent) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Broadcom Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (HPSLPSVC) -- C:\Users\Mitch\AppData\Local\Temp\7zS14F9\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (JeppDrive) -- C:\Windows\SysNative\drivers\JeppDrive.sys (SMART Modular) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (Blfp) -- C:\Windows\SysNative\drivers\basp.sys (Broadcom Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (a2acc) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys (Emsisoft GmbH) DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsisoft GmbH) DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH) DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsi Software GmbH) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2012/11/14 20:17:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: valueoptions.com ([fts] https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab (Reg Error: Key error.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O16 - DPF: {FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D} https://fts.valueoptions.com/prx/000/http/localhost/client_sec/ArrayJax/SodaAgent.CAB (SodaAgt Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 65.32.5.111 65.32.5.112 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F63C3F7-84E7-4D2E-A029-23772B33FFA9}: DhcpNameServer = 192.168.1.1 65.32.5.111 65.32.5.112 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89770AB7-8709-476D-ADA0-C21A5B51D252}: DhcpNameServer = 192.168.1.1 65.32.5.111 65.32.5.112 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/22 11:24:48 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012/11/21 06:41:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe [2012/11/20 18:35:41 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\subinacl.exe [2012/11/20 18:13:34 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2012/11/20 18:12:14 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs [2012/11/20 18:12:06 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com [2012/11/20 18:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com [2012/11/19 18:40:23 | 000,694,235 | ---- | C] (Farbar) -- C:\Users\Mitch\Desktop\Farbar Service Scanner.exe [2012/11/17 16:07:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/11/16 16:37:50 | 000,000,000 | ---D | C] -- C:\Users\Mitch\Desktop\Virus removal from 11-15-2012 [2012/11/15 20:29:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/11/14 20:09:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/11/14 00:45:13 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012/11/14 00:45:13 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012/11/14 00:42:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/11/14 00:42:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/11/14 00:42:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/11/14 00:42:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/11/14 00:42:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/11/14 00:42:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/11/14 00:42:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/11/14 00:42:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/11/14 00:42:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/11/14 00:42:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/11/14 00:42:20 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/11/14 00:42:20 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/11/14 00:42:19 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/11/14 00:42:19 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/11/14 00:42:19 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/11/14 00:41:22 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012/11/14 00:41:21 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012/11/14 00:41:21 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012/11/14 00:41:21 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012/11/14 00:39:13 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012/11/14 00:39:13 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012/11/14 00:39:13 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012/11/14 00:39:13 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012/11/14 00:39:13 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012/11/14 00:39:13 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012/11/14 00:39:10 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012/11/14 00:39:10 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012/11/14 00:39:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012/11/14 00:38:58 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012/11/14 00:38:58 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012/11/12 19:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012/11/12 19:11:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/11/12 19:11:05 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/11/12 19:11:05 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012/11/12 19:11:05 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/11/12 19:11:02 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/11/12 19:11:02 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/11/12 19:11:01 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/11/12 19:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/11/12 19:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012/11/11 16:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2012/11/11 16:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2012/11/11 16:27:35 | 000,000,000 | ---D | C] -- C:\Users\Mitch\Documents\Anti-Malware [2012/11/02 13:11:26 | 000,000,000 | ---D | C] -- C:\Users\Mitch\Documents\LOR-Resumes [2012/11/02 13:06:50 | 000,000,000 | ---D | C] -- C:\Users\Mitch\Documents\Medical Licenses [2012/10/24 18:40:39 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2012/10/24 18:40:39 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys [2012/10/24 18:40:39 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2012/10/24 18:40:39 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2012/10/24 18:40:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012/10/24 18:40:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012/10/24 18:40:38 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2012/10/24 18:40:38 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2012/10/24 18:40:38 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2012/10/24 18:40:38 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2012/10/24 18:40:38 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2012/10/24 18:40:38 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2012/10/24 18:40:38 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2012/10/24 18:40:38 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2012/10/24 18:40:38 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2012/10/24 18:40:38 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2012/10/24 18:40:38 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2012/10/24 18:40:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2012/10/24 18:40:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2012/10/24 18:40:38 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2012/10/24 18:40:38 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2012/10/24 18:40:37 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2012/10/24 18:40:37 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2012/10/24 18:40:37 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012/10/24 18:40:37 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2012/10/24 18:39:42 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012/10/24 18:39:42 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll ========== Files - Modified Within 30 Days ========== [2012/11/22 11:31:28 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/22 11:31:28 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/22 11:26:07 | 000,417,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/11/22 11:26:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/22 11:25:55 | 4281,159,678 | -HS- | M] () -- C:\hiberfil.sys [2012/11/22 11:25:35 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00441102}.rfx [2012/11/22 11:25:35 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000000-00001102-0000000B-00441102}.rfx [2012/11/22 11:25:35 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000000-00001102-0000000B-00441102}.rfx [2012/11/22 11:24:59 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2012/11/22 11:23:58 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/22 11:23:58 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/22 11:23:58 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/22 11:23:52 | 000,778,834 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/11/22 10:37:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/22 10:31:29 | 000,006,560 | ---- | M] () -- C:\bootsqm.dat [2012/11/21 22:21:37 | 166,993,888 | ---- | M] () -- C:\Users\Mitch\Desktop\PS_AIO_06_C4700_USW_Full_Win_enu_140_175.exe [2012/11/21 06:41:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe [2012/11/20 18:12:06 | 000,002,299 | ---- | M] () -- C:\Users\Mitch\Desktop\Tweaking.com - Windows Repair (All in One).lnk [2012/11/20 18:10:50 | 005,345,318 | ---- | M] () -- C:\Users\Mitch\Desktop\Windows Repair.exe [2012/11/20 18:00:57 | 000,000,154 | ---- | M] () -- C:\Windows\reimage.ini [2012/11/19 18:40:23 | 000,694,235 | ---- | M] (Farbar) -- C:\Users\Mitch\Desktop\Farbar Service Scanner.exe [2012/11/17 16:03:16 | 000,000,000 | ---- | M] () -- C:\Users\Mitch\ok [2012/11/15 20:46:36 | 000,002,120 | ---- | M] () -- C:\scu.dat [2012/11/14 20:17:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/11/12 19:10:59 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/11/12 19:10:57 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/11/12 19:10:57 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012/11/12 19:10:57 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/11/12 19:10:57 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/11/12 19:10:57 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/11/11 16:27:54 | 000,001,127 | ---- | M] () -- C:\Users\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk [2012/11/11 16:27:54 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012/11/11 16:10:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/11/10 18:24:00 | 000,000,031 | ---- | M] () -- C:\Windows\JSUMUpdater.ini [2012/11/09 16:12:39 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/11/09 16:12:38 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012/11/22 10:31:29 | 000,006,560 | ---- | C] () -- C:\bootsqm.dat [2012/11/21 22:19:44 | 166,993,888 | ---- | C] () -- C:\Users\Mitch\Desktop\PS_AIO_06_C4700_USW_Full_Win_enu_140_175.exe [2012/11/20 20:14:01 | 000,208,450 | ---- | C] () -- C:\Windows\hpoins43.dat.temp [2012/11/20 18:43:01 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe [2012/11/20 18:12:06 | 000,002,299 | ---- | C] () -- C:\Users\Mitch\Desktop\Tweaking.com - Windows Repair (All in One).lnk [2012/11/20 18:10:50 | 005,345,318 | ---- | C] () -- C:\Users\Mitch\Desktop\Windows Repair.exe [2012/11/20 17:59:53 | 000,000,154 | ---- | C] () -- C:\Windows\reimage.ini [2012/11/17 16:03:16 | 000,000,000 | ---- | C] () -- C:\Users\Mitch\ok [2012/11/15 20:46:36 | 000,002,120 | ---- | C] () -- C:\scu.dat [2012/11/14 00:45:14 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/14 00:41:21 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/11/11 16:27:54 | 000,001,127 | ---- | C] () -- C:\Users\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk [2012/11/11 16:27:54 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012/08/25 16:19:16 | 000,000,031 | ---- | C] () -- C:\Windows\JSUMUpdater.ini [2012/06/04 21:06:47 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp [2012/05/26 14:00:32 | 000,000,028 | ---- | C] () -- C:\Windows\jsum.INI [2012/05/17 18:28:18 | 000,208,450 | ---- | C] () -- C:\Windows\hpoins43.dat [2012/05/17 18:28:18 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat [2012/05/16 21:57:35 | 000,778,834 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/05/16 21:42:26 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012/05/16 21:42:26 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012/05/16 20:45:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2012/05/16 20:35:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\Windows\sysWOW64\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/11/11 17:03:49 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Exvea [2012/10/12 17:41:39 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Visan ========== Purity Check ========== < End of report > OTL Extras logfile created on: 11/22/2012 11:30:01 AM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mitch\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 15.98 Gb Total Physical Memory | 14.11 Gb Available Physical Memory | 88.30% Memory free 31.96 Gb Paging File | 30.01 Gb Available in Paging File | 93.90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1846.73 Gb Total Space | 1760.46 Gb Free Space | 95.33% Space Free | Partition Type: NTFS Computer Name: MITCH-PC | User Name: Mitch | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{13CE7097-D6BD-4F7A-BEA4-EABEEF982D9A}" = rport=137 | protocol=17 | dir=out | app=system | "{1AA8FB36-9829-4ABE-9D90-D05CC56B6944}" = rport=138 | protocol=17 | dir=out | app=system | "{3472271C-6936-49D4-83E6-57FD03C22BC0}" = lport=445 | protocol=6 | dir=in | app=system | "{40F230DA-79E3-436E-B847-40A5C253A7D3}" = lport=137 | protocol=17 | dir=in | app=system | "{442DA8E5-2B98-4064-9B0C-7847694525A1}" = rport=445 | protocol=6 | dir=out | app=system | "{66B55C89-8641-4C63-A547-ECE3C784D663}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{6F552304-F54C-412C-B5D7-6B74CA0E1D50}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{805DDB99-7CE8-4BDE-B0EC-996CA7D291C0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8F3FAC28-3CE7-42A4-86B3-1DAAD7026BA4}" = lport=138 | protocol=17 | dir=in | app=system | "{8FDA2153-1FAA-418B-BDB6-ADBD2DF5DEE9}" = lport=139 | protocol=6 | dir=in | app=system | "{915C8255-0669-4BCB-AB3E-5909B2A3ABAC}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{AA80159C-F96B-41C8-A585-519ADF5B0004}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{F49BE31B-37DC-4799-A033-EAA0B989DAAA}" = rport=139 | protocol=6 | dir=out | app=system | "{F8CB52CC-FE3C-47B9-B823-CC6C5B9B2AFE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C80E678-4D76-4059-AC6E-3523A02DCE0C}" = dir=in | app=c:\users\mitch\appdata\local\temp\7zs0d90\setup\hpznui40.exe | "{17BABD89-30A0-4F7D-B1E9-C2E90A00658C}" = protocol=17 | dir=in | app=c:\users\mitch\appdata\local\temp\7zs5940\hppiw.exe | "{1AEA715F-A4D3-494D-9432-533B98155A76}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{224BA6DA-48D6-41A6-AD27-5D14C75F19C7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{3465C294-FAC4-4B37-8763-EC2E4927C5DC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{359A2DF2-2011-4638-852A-DF91AAD5E706}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{369A3BBB-8E74-41A5-8187-E268BB5C3BCE}" = protocol=58 | dir=out | [email protected],-28546 | "{37DDE775-CC4E-406D-8289-C10B75CDD483}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{45DA5FF5-ECFE-433E-B591-8D47DF1065AF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{4C47BC61-8A0C-40A5-9C49-048CDD785E06}" = protocol=58 | dir=in | [email protected],-28545 | "{500DC81E-5E21-41F1-95AD-2DEBF558CB9D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{60BD7F88-4B08-452D-9C94-BF43E49A23CD}" = protocol=6 | dir=in | app=c:\users\mitch\appdata\local\temp\7zs02c5\hpdiagnosticcoreui.exe | "{7FE31097-654E-4943-B348-5BDE777F2721}" = protocol=6 | dir=in | app=c:\users\mitch\appdata\local\temp\7zs5940\hppiw.exe | "{8803B41F-529B-4B00-9DD1-C8F0C2B55C42}" = protocol=17 | dir=in | app=c:\users\mitch\appdata\local\temp\7zs746f\hpdiagnosticcoreui.exe | "{8C132D37-DD27-4CC5-A0EE-F29A238EE324}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{A657DEC2-2610-4067-940B-6B713B3B9D7F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{AD8E97D0-6336-431B-A684-9BBB4836E274}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{AE2DCC94-1918-4DF1-8D75-6775D804BC57}" = protocol=6 | dir=in | app=c:\users\mitch\appdata\local\temp\7zs746f\hpdiagnosticcoreui.exe | "{AF2AF99B-29CE-485D-866F-94537D9B5D38}" = protocol=1 | dir=in | [email protected],-28543 | "{B7EC90D3-D692-40FC-B97B-33E84570CAB3}" = protocol=17 | dir=in | app=c:\users\mitch\appdata\local\temp\7zs02c5\hpdiagnosticcoreui.exe | "{D8129D85-A761-43AE-8517-966AD3EE42B8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{DAD57276-D8A5-421D-B6C0-0C7448D5646B}" = protocol=6 | dir=in | app=c:\users\mitch\appdata\local\temp\7zs14f9\hppiw.exe | "{E8791EFD-C48E-4538-A955-87783E32D657}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{E8DE3F2E-AA2A-46EB-B65D-E726A312F02F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{E8E7B12A-582B-42F1-BA1B-8AD767C6F9DC}" = protocol=1 | dir=out | [email protected],-28544 | "{EE701CA2-577C-409A-A0C4-1CB8806084ED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{FAD77C9B-E07C-46A6-85AB-1B504AB8AA79}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{FE489DAC-2A75-4E03-B152-5543102F62CE}" = protocol=17 | dir=in | app=c:\users\mitch\appdata\local\temp\7zs14f9\hppiw.exe | "TCP Query User{1E1CC518-5078-4F3B-9584-4632F17CEF62}C:\users\mitch\appdata\roaming\exvea\pepi.exe" = protocol=6 | dir=in | app=c:\users\mitch\appdata\roaming\exvea\pepi.exe | "TCP Query User{E99A9F2F-4872-4A1B-9424-5A9DACD6C099}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{A958D227-1566-455B-BB17-D9BE8277B4FF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{F8EE0C95-FDDB-4AF5-820F-5A759028388D}C:\users\mitch\appdata\roaming\exvea\pepi.exe" = protocol=17 | dir=in | app=c:\users\mitch\appdata\roaming\exvea\pepi.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{6E3D4FFE-9614-4E58-9DE2-F9A036EAD491}" = ATI Catalyst Install Manager "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{982E1601-0DFC-4FD3-A427-AC6570697858}" = Broadcom NetXtreme-I Netlink Driver and Management Installer "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0477D501-1C9C-4F0B-A6BD-7C5C65C0239E}" = Jeppesen Services Update Manager "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{2B0DF49C-FC06-4B2B-934A-92E2DCE20C4C}" = Jeppesen Services "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{95D9FDA9-9ADB-4C94-B6B0-655D5CEB9AFF}" = Jeppesen Services Update Manager "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9FC05E19-9508-48C9-8F5E-5064A4DA4413}" = Jeppesen Services "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5 "{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6 "3DMIDI" = Creative 3DMIDI Player "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "ALchemy" = Creative ALchemy "AudioCS" = Creative Audio Control Panel "Console Launcher" = Creative Console Launcher "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "Creative Software AutoUpdate" = Creative Software AutoUpdate "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition "Diagnostics 4_5" = Creative Diagnostics "Dolby Digital Live Pack" = Dolby Digital Live Pack "DTS Connect Pack" = DTS Connect Pack "ESET Online Scanner" = ESET Online Scanner v3 "GoToAssist" = GoToAssist Corporate "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.SingleImage" = Microsoft Office Home and Business 2010 "OpenAL" = OpenAL "The Weather Channel App" = The Weather Channel App "Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One) "Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components) "WaveStudio 7" = Creative WaveStudio 7 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/21/2012 8:03:33 PM | Computer Name = Mitch-PC | Source = Application Error | ID = 1000 Description = Faulting application name: hpzscr40.EXE, version: 14.0.301.0, time stamp: 0x4b6151b3 Faulting module name: hpzscr40.EXE, version: 14.0.301.0, time stamp: 0x4b6151b3 Exception code: 0xc0000417 Fault offset: 0x00000000001015b4 Faulting process id: 0xeb0 Faulting application start time: 0x01cdc844b2806366 Faulting application path: C:\PROGRA~3\HP\INSTAL~1\Temp\hpzscr40.EXE Faulting module path: C:\PROGRA~3\HP\INSTAL~1\Temp\hpzscr40.EXE Report Id: 0d6411e3-3438-11e2-aae2-180373d94e4c Error - 11/21/2012 8:04:10 PM | Computer Name = Mitch-PC | Source = Application Hang | ID = 1002 Description = The program hppiw.exe version 3.0.0.41 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2d8 Start Time: 01cdc8432b9dfd41 Termination Time: 0 Application Path: C:\Users\Mitch\AppData\Local\Temp\7zS5940\hppiw.exe Report Id: 1c38c4b9-3438-11e2-aae2-180373d94e4c Error - 11/21/2012 9:43:03 PM | Computer Name = Mitch-PC | Source = System Restore | ID = 8193 Description = Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80042308). Error - 11/21/2012 9:43:03 PM | Computer Name = Mitch-PC | Source = System Restore | ID = 8211 Description = The scheduled restore point could not be created. Additional information: (0x80042308). Error - 11/21/2012 11:26:54 PM | Computer Name = Mitch-PC | Source = Application Error | ID = 1000 Description = Faulting application name: hpzscr40.EXE, version: 14.0.301.0, time stamp: 0x4b6151b3 Faulting module name: hpzscr40.EXE, version: 14.0.301.0, time stamp: 0x4b6151b3 Exception code: 0xc0000417 Fault offset: 0x00000000001015b4 Faulting process id: 0x174 Faulting application start time: 0x01cdc8611db1944c Faulting application path: C:\PROGRA~3\HP\INSTAL~1\Temp\hpzscr40.EXE Faulting module path: C:\PROGRA~3\HP\INSTAL~1\Temp\hpzscr40.EXE Report Id: 75c8c497-3454-11e2-930f-180373d94e4c Error - 11/22/2012 12:09:06 AM | Computer Name = Mitch-PC | Source = System Restore | ID = 8193 Description = Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80042308). Error - 11/22/2012 12:09:06 AM | Computer Name = Mitch-PC | Source = System Restore | ID = 8211 Description = The scheduled restore point could not be created. Additional information: (0x80042308). Error - 11/22/2012 1:00:36 AM | Computer Name = Mitch-PC | Source = System Restore | ID = 8193 Description = Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80042308). Error - 11/22/2012 1:00:36 AM | Computer Name = Mitch-PC | Source = System Restore | ID = 8211 Description = The scheduled restore point could not be created. Additional information: (0x80042308). Error - 11/22/2012 1:36:07 AM | Computer Name = Mitch-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. [ System Events ] Error - 10/14/2012 3:18:27 PM | Computer Name = Mitch-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 10/14/2012 3:18:27 PM | Computer Name = Mitch-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 10/14/2012 3:18:27 PM | Computer Name = Mitch-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 10/14/2012 3:18:27 PM | Computer Name = Mitch-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 10/14/2012 3:18:27 PM | Computer Name = Mitch-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 10/14/2012 3:18:27 PM | Computer Name = Mitch-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 10/14/2012 3:18:27 PM | Computer Name = Mitch-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 10/14/2012 3:18:56 PM | Computer Name = Mitch-PC | Source = volsnap | ID = 393230 Description = The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error - 10/14/2012 3:24:07 PM | Computer Name = Mitch-PC | Source = volsnap | ID = 393230 Description = The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error - 10/14/2012 5:25:15 PM | Computer Name = Mitch-PC | Source = volsnap | ID = 393230 Description = The shadow copies of volume C: were aborted because of an IO failure on volume C:. < End of report >
  6. I even tried the troubleshoot recommendation from the HP Website about turning off the printer, then running msconfig and disabling non-Microsoft applications upon startup and also turning off Windows Firewall prior to attempting to install the software/drivers, but that did not work either. Of course, I did remember to go back and enable all the applications and turn on Windows Firewall.
  7. Well. I was not certain which option to choose of the uninstaller and how many times to run it (it says you should chose to run it up to 4 times), so I ran it under both options 4 times and the uninstaller did look like it uninstalled files. But when I attempted to download and install the drivers from HP after that, I got the same exact error message as previously and could not reinstall the new software/drivers.
  8. Unfortunately, it did not work. I ran OTL and FSS again in case you needed them. OTL logfile created on: 11/21/2012 7:08:10 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mitch\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 15.98 Gb Total Physical Memory | 13.90 Gb Available Physical Memory | 86.98% Memory free 31.96 Gb Paging File | 29.82 Gb Available in Paging File | 93.29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1846.73 Gb Total Space | 1761.60 Gb Free Space | 95.39% Space Free | Partition Type: NTFS Computer Name: MITCH-PC | User Name: Mitch | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Mitch\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\CtxfiRes.dll () MOD - C:\Windows\SysWOW64\APOMngr.DLL () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (BrcmMgmtAgent) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Broadcom Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (HPSLPSVC) -- C:\Users\Mitch\AppData\Local\Temp\7zS14F9\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (JeppDrive) -- C:\Windows\SysNative\drivers\JeppDrive.sys (SMART Modular) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (Blfp) -- C:\Windows\SysNative\drivers\basp.sys (Broadcom Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (a2acc) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys (Emsisoft GmbH) DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsisoft GmbH) DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH) DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsi Software GmbH) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2012/11/14 20:17:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: valueoptions.com ([fts] https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab (GMNRev Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O16 - DPF: {FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D} https://fts.valueoptions.com/prx/000/http/localhost/client_sec/ArrayJax/SodaAgent.CAB (SodaAgt Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 65.32.5.111 65.32.5.112 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F63C3F7-84E7-4D2E-A029-23772B33FFA9}: DhcpNameServer = 192.168.1.1 65.32.5.111 65.32.5.112 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89770AB7-8709-476D-ADA0-C21A5B51D252}: DhcpNameServer = 192.168.1.1 65.32.5.111 65.32.5.112 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/21 06:41:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe [2012/11/20 18:56:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2 [2012/11/20 18:45:21 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012/11/20 18:35:41 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\subinacl.exe [2012/11/20 18:13:34 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2012/11/20 18:12:14 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs [2012/11/20 18:12:06 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com [2012/11/20 18:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com [2012/11/19 18:40:23 | 000,694,235 | ---- | C] (Farbar) -- C:\Users\Mitch\Desktop\Farbar Service Scanner.exe [2012/11/17 16:07:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/11/16 16:37:50 | 000,000,000 | ---D | C] -- C:\Users\Mitch\Desktop\Virus removal from 11-15-2012 [2012/11/15 20:29:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/11/14 20:09:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/11/14 00:45:13 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012/11/14 00:45:13 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012/11/14 00:42:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/11/14 00:42:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/11/14 00:42:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/11/14 00:42:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/11/14 00:42:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/11/14 00:42:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/11/14 00:42:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/11/14 00:42:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/11/14 00:42:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/11/14 00:42:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/11/14 00:42:20 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/11/14 00:42:20 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/11/14 00:42:19 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/11/14 00:42:19 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/11/14 00:42:19 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/11/14 00:41:22 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012/11/14 00:41:21 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012/11/14 00:41:21 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012/11/14 00:41:21 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012/11/14 00:39:13 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012/11/14 00:39:13 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012/11/14 00:39:13 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012/11/14 00:39:13 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012/11/14 00:39:13 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012/11/14 00:39:13 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012/11/14 00:39:10 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012/11/14 00:39:10 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012/11/14 00:39:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012/11/14 00:38:58 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012/11/14 00:38:58 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012/11/12 19:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012/11/12 19:11:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/11/12 19:11:05 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/11/12 19:11:05 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012/11/12 19:11:05 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/11/12 19:11:02 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/11/12 19:11:02 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/11/12 19:11:01 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/11/12 19:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/11/12 19:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012/11/11 16:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2012/11/11 16:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2012/11/11 16:27:35 | 000,000,000 | ---D | C] -- C:\Users\Mitch\Documents\Anti-Malware [2012/11/02 13:11:26 | 000,000,000 | ---D | C] -- C:\Users\Mitch\Documents\LOR-Resumes [2012/11/02 13:06:50 | 000,000,000 | ---D | C] -- C:\Users\Mitch\Documents\Medical Licenses [2012/10/24 18:40:39 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2012/10/24 18:40:39 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys [2012/10/24 18:40:39 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2012/10/24 18:40:39 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2012/10/24 18:40:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012/10/24 18:40:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012/10/24 18:40:38 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2012/10/24 18:40:38 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2012/10/24 18:40:38 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2012/10/24 18:40:38 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2012/10/24 18:40:38 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2012/10/24 18:40:38 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2012/10/24 18:40:38 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2012/10/24 18:40:38 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2012/10/24 18:40:38 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2012/10/24 18:40:38 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2012/10/24 18:40:38 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2012/10/24 18:40:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2012/10/24 18:40:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2012/10/24 18:40:38 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2012/10/24 18:40:38 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2012/10/24 18:40:37 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2012/10/24 18:40:37 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2012/10/24 18:40:37 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012/10/24 18:40:37 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2012/10/24 18:39:42 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012/10/24 18:39:42 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll ========== Files - Modified Within 30 Days ========== [2012/11/21 19:04:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/21 19:04:51 | 4281,159,678 | -HS- | M] () -- C:\hiberfil.sys [2012/11/21 19:04:31 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00441102}.rfx [2012/11/21 19:04:31 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000000-00001102-0000000B-00441102}.rfx [2012/11/21 19:04:31 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000000-00001102-0000000B-00441102}.rfx [2012/11/21 19:01:20 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/21 19:01:20 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/21 19:01:20 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/21 18:54:34 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/21 18:54:34 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/21 18:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/21 06:41:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe [2012/11/20 20:04:25 | 000,417,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/11/20 18:45:35 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2012/11/20 18:44:22 | 000,778,834 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/11/20 18:12:06 | 000,002,299 | ---- | M] () -- C:\Users\Mitch\Desktop\Tweaking.com - Windows Repair (All in One).lnk [2012/11/20 18:10:50 | 005,345,318 | ---- | M] () -- C:\Users\Mitch\Desktop\Windows Repair.exe [2012/11/20 18:00:57 | 000,000,154 | ---- | M] () -- C:\Windows\reimage.ini [2012/11/19 18:40:23 | 000,694,235 | ---- | M] (Farbar) -- C:\Users\Mitch\Desktop\Farbar Service Scanner.exe [2012/11/17 16:03:16 | 000,000,000 | ---- | M] () -- C:\Users\Mitch\ok [2012/11/15 20:46:36 | 000,002,120 | ---- | M] () -- C:\scu.dat [2012/11/14 20:17:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/11/12 19:10:59 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/11/12 19:10:57 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/11/12 19:10:57 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012/11/12 19:10:57 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/11/12 19:10:57 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/11/12 19:10:57 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/11/11 16:27:54 | 000,001,127 | ---- | M] () -- C:\Users\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk [2012/11/11 16:27:54 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012/11/11 16:10:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/11/10 18:24:00 | 000,000,031 | ---- | M] () -- C:\Windows\JSUMUpdater.ini [2012/11/09 16:12:39 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/11/09 16:12:38 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012/11/20 20:14:01 | 000,208,450 | ---- | C] () -- C:\Windows\hpoins43.dat.temp [2012/11/20 18:43:01 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe [2012/11/20 18:12:06 | 000,002,299 | ---- | C] () -- C:\Users\Mitch\Desktop\Tweaking.com - Windows Repair (All in One).lnk [2012/11/20 18:10:50 | 005,345,318 | ---- | C] () -- C:\Users\Mitch\Desktop\Windows Repair.exe [2012/11/20 17:59:53 | 000,000,154 | ---- | C] () -- C:\Windows\reimage.ini [2012/11/17 16:03:16 | 000,000,000 | ---- | C] () -- C:\Users\Mitch\ok [2012/11/15 20:46:36 | 000,002,120 | ---- | C] () -- C:\scu.dat [2012/11/14 00:45:14 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/14 00:41:21 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/11/11 16:27:54 | 000,001,127 | ---- | C] () -- C:\Users\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk [2012/11/11 16:27:54 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012/08/25 16:19:16 | 000,000,031 | ---- | C] () -- C:\Windows\JSUMUpdater.ini [2012/06/04 21:06:47 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp [2012/05/26 14:00:32 | 000,000,028 | ---- | C] () -- C:\Windows\jsum.INI [2012/05/17 18:28:18 | 000,208,450 | ---- | C] () -- C:\Windows\hpoins43.dat [2012/05/17 18:28:18 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat [2012/05/16 21:57:35 | 000,778,834 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/05/16 21:42:26 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012/05/16 21:42:26 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012/05/16 20:45:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2012/05/16 20:35:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\Windows\sysWOW64\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/11/11 17:03:49 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Exvea [2012/10/12 17:41:39 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Visan ========== Purity Check ========== < End of report > Farbar Service Scanner Version: 09-11-2012 Ran by Mitch (administrator) on 21-11-2012 at 19:07:29 Running from "C:\Users\Mitch\Desktop" Windows 7 Professional Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2012-11-14 00:39] - [2012-10-03 12:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0 C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  9. OTL logfile: OTL logfile created on: 11/21/2012 6:47:24 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mitch\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 15.98 Gb Total Physical Memory | 14.02 Gb Available Physical Memory | 87.73% Memory free 31.96 Gb Paging File | 29.64 Gb Available in Paging File | 92.73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1846.73 Gb Total Space | 1764.33 Gb Free Space | 95.54% Space Free | Partition Type: NTFS Computer Name: MITCH-PC | User Name: Mitch | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Mitch\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\CtxfiRes.dll () MOD - C:\Windows\SysWOW64\APOMngr.DLL () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (BrcmMgmtAgent) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Broadcom Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (HPSLPSVC) -- C:\Users\Mitch\AppData\Local\Temp\7zS14F9\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (JeppDrive) -- C:\Windows\SysNative\drivers\JeppDrive.sys (SMART Modular) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (Blfp) -- C:\Windows\SysNative\drivers\basp.sys (Broadcom Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (a2acc) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys (Emsisoft GmbH) DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsisoft GmbH) DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH) DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsi Software GmbH) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2012/11/14 20:17:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: valueoptions.com ([fts] https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab (GMNRev Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O16 - DPF: {FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D} https://fts.valueoptions.com/prx/000/http/localhost/client_sec/ArrayJax/SodaAgent.CAB (SodaAgt Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 65.32.5.111 65.32.5.112 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F63C3F7-84E7-4D2E-A029-23772B33FFA9}: DhcpNameServer = 192.168.1.1 65.32.5.111 65.32.5.112 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89770AB7-8709-476D-ADA0-C21A5B51D252}: DhcpNameServer = 192.168.1.1 65.32.5.111 65.32.5.112 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/21 06:41:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe [2012/11/20 18:56:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2 [2012/11/20 18:45:21 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012/11/20 18:35:41 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\subinacl.exe [2012/11/20 18:13:34 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2012/11/20 18:12:14 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs [2012/11/20 18:12:06 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com [2012/11/20 18:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com [2012/11/19 18:40:23 | 000,694,235 | ---- | C] (Farbar) -- C:\Users\Mitch\Desktop\Farbar Service Scanner.exe [2012/11/17 16:07:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/11/16 16:37:50 | 000,000,000 | ---D | C] -- C:\Users\Mitch\Desktop\Virus removal from 11-15-2012 [2012/11/15 20:29:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/11/14 20:09:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/11/14 00:45:13 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012/11/14 00:45:13 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012/11/14 00:42:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/11/14 00:42:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/11/14 00:42:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/11/14 00:42:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/11/14 00:42:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/11/14 00:42:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/11/14 00:42:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/11/14 00:42:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/11/14 00:42:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/11/14 00:42:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/11/14 00:42:20 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/11/14 00:42:20 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/11/14 00:42:19 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/11/14 00:42:19 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/11/14 00:42:19 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/11/14 00:41:22 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012/11/14 00:41:21 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012/11/14 00:41:21 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012/11/14 00:41:21 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012/11/14 00:39:13 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012/11/14 00:39:13 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012/11/14 00:39:13 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012/11/14 00:39:13 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012/11/14 00:39:13 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012/11/14 00:39:13 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012/11/14 00:39:10 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012/11/14 00:39:10 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012/11/14 00:39:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012/11/14 00:38:58 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012/11/14 00:38:58 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012/11/12 19:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012/11/12 19:11:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/11/12 19:11:05 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/11/12 19:11:05 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012/11/12 19:11:05 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/11/12 19:11:02 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/11/12 19:11:02 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/11/12 19:11:01 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/11/12 19:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/11/12 19:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012/11/11 16:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2012/11/11 16:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2012/11/11 16:27:35 | 000,000,000 | ---D | C] -- C:\Users\Mitch\Documents\Anti-Malware [2012/11/02 13:11:26 | 000,000,000 | ---D | C] -- C:\Users\Mitch\Documents\LOR-Resumes [2012/11/02 13:06:50 | 000,000,000 | ---D | C] -- C:\Users\Mitch\Documents\Medical Licenses [2012/10/24 18:40:39 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2012/10/24 18:40:39 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys [2012/10/24 18:40:39 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2012/10/24 18:40:39 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2012/10/24 18:40:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012/10/24 18:40:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012/10/24 18:40:38 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2012/10/24 18:40:38 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2012/10/24 18:40:38 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2012/10/24 18:40:38 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2012/10/24 18:40:38 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2012/10/24 18:40:38 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2012/10/24 18:40:38 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2012/10/24 18:40:38 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2012/10/24 18:40:38 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2012/10/24 18:40:38 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2012/10/24 18:40:38 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2012/10/24 18:40:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2012/10/24 18:40:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2012/10/24 18:40:38 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2012/10/24 18:40:38 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2012/10/24 18:40:37 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2012/10/24 18:40:37 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2012/10/24 18:40:37 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012/10/24 18:40:37 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2012/10/24 18:39:42 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012/10/24 18:39:42 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll ========== Files - Modified Within 30 Days ========== [2012/11/21 06:41:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe [2012/11/21 06:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/20 21:40:14 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/20 21:40:14 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/20 21:39:16 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/20 21:39:16 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/20 21:39:16 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/20 21:35:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/20 21:34:59 | 4281,159,678 | -HS- | M] () -- C:\hiberfil.sys [2012/11/20 21:34:41 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00441102}.rfx [2012/11/20 21:34:41 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000000-00001102-0000000B-00441102}.rfx [2012/11/20 21:34:41 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000000-00001102-0000000B-00441102}.rfx [2012/11/20 20:04:25 | 000,417,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/11/20 18:45:35 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2012/11/20 18:44:22 | 000,778,834 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/11/20 18:12:06 | 000,002,299 | ---- | M] () -- C:\Users\Mitch\Desktop\Tweaking.com - Windows Repair (All in One).lnk [2012/11/20 18:10:50 | 005,345,318 | ---- | M] () -- C:\Users\Mitch\Desktop\Windows Repair.exe [2012/11/20 18:00:57 | 000,000,154 | ---- | M] () -- C:\Windows\reimage.ini [2012/11/19 18:40:23 | 000,694,235 | ---- | M] (Farbar) -- C:\Users\Mitch\Desktop\Farbar Service Scanner.exe [2012/11/17 16:03:16 | 000,000,000 | ---- | M] () -- C:\Users\Mitch\ok [2012/11/15 20:46:36 | 000,002,120 | ---- | M] () -- C:\scu.dat [2012/11/14 20:17:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/11/12 19:10:59 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/11/12 19:10:57 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/11/12 19:10:57 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012/11/12 19:10:57 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/11/12 19:10:57 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/11/12 19:10:57 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/11/11 16:27:54 | 000,001,127 | ---- | M] () -- C:\Users\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk [2012/11/11 16:27:54 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012/11/11 16:10:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/11/10 18:24:00 | 000,000,031 | ---- | M] () -- C:\Windows\JSUMUpdater.ini [2012/11/09 16:12:39 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/11/09 16:12:38 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012/11/20 20:14:01 | 000,208,450 | ---- | C] () -- C:\Windows\hpoins43.dat.temp [2012/11/20 18:43:01 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe [2012/11/20 18:12:06 | 000,002,299 | ---- | C] () -- C:\Users\Mitch\Desktop\Tweaking.com - Windows Repair (All in One).lnk [2012/11/20 18:10:50 | 005,345,318 | ---- | C] () -- C:\Users\Mitch\Desktop\Windows Repair.exe [2012/11/20 17:59:53 | 000,000,154 | ---- | C] () -- C:\Windows\reimage.ini [2012/11/17 16:03:16 | 000,000,000 | ---- | C] () -- C:\Users\Mitch\ok [2012/11/15 20:46:36 | 000,002,120 | ---- | C] () -- C:\scu.dat [2012/11/14 00:45:14 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/14 00:41:21 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/11/11 16:27:54 | 000,001,127 | ---- | C] () -- C:\Users\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk [2012/11/11 16:27:54 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012/08/25 16:19:16 | 000,000,031 | ---- | C] () -- C:\Windows\JSUMUpdater.ini [2012/06/04 21:06:47 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp [2012/05/26 14:00:32 | 000,000,028 | ---- | C] () -- C:\Windows\jsum.INI [2012/05/17 18:28:18 | 000,208,450 | ---- | C] () -- C:\Windows\hpoins43.dat [2012/05/17 18:28:18 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat [2012/05/16 21:57:35 | 000,778,834 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/05/16 21:42:26 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012/05/16 21:42:26 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012/05/16 20:45:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2012/05/16 20:35:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\Windows\sysWOW64\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/11/11 17:03:49 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Exvea [2012/10/12 17:41:39 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Visan ========== Purity Check ========== < End of report > Extras logfile: OTL Extras logfile created on: 11/21/2012 6:47:24 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mitch\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 15.98 Gb Total Physical Memory | 14.02 Gb Available Physical Memory | 87.73% Memory free 31.96 Gb Paging File | 29.64 Gb Available in Paging File | 92.73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1846.73 Gb Total Space | 1764.33 Gb Free Space | 95.54% Space Free | Partition Type: NTFS Computer Name: MITCH-PC | User Name: Mitch | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{13CE7097-D6BD-4F7A-BEA4-EABEEF982D9A}" = rport=137 | protocol=17 | dir=out | app=system | "{1AA8FB36-9829-4ABE-9D90-D05CC56B6944}" = rport=138 | protocol=17 | dir=out | app=system | "{3472271C-6936-49D4-83E6-57FD03C22BC0}" = lport=445 | protocol=6 | dir=in | app=system | "{40F230DA-79E3-436E-B847-40A5C253A7D3}" = lport=137 | protocol=17 | dir=in | app=system | "{442DA8E5-2B98-4064-9B0C-7847694525A1}" = rport=445 | protocol=6 | dir=out | app=system | "{66B55C89-8641-4C63-A547-ECE3C784D663}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{6F552304-F54C-412C-B5D7-6B74CA0E1D50}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{805DDB99-7CE8-4BDE-B0EC-996CA7D291C0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8F3FAC28-3CE7-42A4-86B3-1DAAD7026BA4}" = lport=138 | protocol=17 | dir=in | app=system | "{8FDA2153-1FAA-418B-BDB6-ADBD2DF5DEE9}" = lport=139 | protocol=6 | dir=in | app=system | "{915C8255-0669-4BCB-AB3E-5909B2A3ABAC}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{AA80159C-F96B-41C8-A585-519ADF5B0004}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{F49BE31B-37DC-4799-A033-EAA0B989DAAA}" = rport=139 | protocol=6 | dir=out | app=system | "{F8CB52CC-FE3C-47B9-B823-CC6C5B9B2AFE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C80E678-4D76-4059-AC6E-3523A02DCE0C}" = dir=in | app=c:\users\mitch\appdata\local\temp\7zs0d90\setup\hpznui40.exe | "{1AEA715F-A4D3-494D-9432-533B98155A76}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{224BA6DA-48D6-41A6-AD27-5D14C75F19C7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{3465C294-FAC4-4B37-8763-EC2E4927C5DC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{359A2DF2-2011-4638-852A-DF91AAD5E706}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{369A3BBB-8E74-41A5-8187-E268BB5C3BCE}" = protocol=58 | dir=out | [email protected],-28546 | "{37DDE775-CC4E-406D-8289-C10B75CDD483}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{45DA5FF5-ECFE-433E-B591-8D47DF1065AF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{4C47BC61-8A0C-40A5-9C49-048CDD785E06}" = protocol=58 | dir=in | [email protected],-28545 | "{500DC81E-5E21-41F1-95AD-2DEBF558CB9D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{60BD7F88-4B08-452D-9C94-BF43E49A23CD}" = protocol=6 | dir=in | app=c:\users\mitch\appdata\local\temp\7zs02c5\hpdiagnosticcoreui.exe | "{8803B41F-529B-4B00-9DD1-C8F0C2B55C42}" = protocol=17 | dir=in | app=c:\users\mitch\appdata\local\temp\7zs746f\hpdiagnosticcoreui.exe | "{8C132D37-DD27-4CC5-A0EE-F29A238EE324}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{A657DEC2-2610-4067-940B-6B713B3B9D7F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{AD8E97D0-6336-431B-A684-9BBB4836E274}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{AE2DCC94-1918-4DF1-8D75-6775D804BC57}" = protocol=6 | dir=in | app=c:\users\mitch\appdata\local\temp\7zs746f\hpdiagnosticcoreui.exe | "{AF2AF99B-29CE-485D-866F-94537D9B5D38}" = protocol=1 | dir=in | [email protected],-28543 | "{B7EC90D3-D692-40FC-B97B-33E84570CAB3}" = protocol=17 | dir=in | app=c:\users\mitch\appdata\local\temp\7zs02c5\hpdiagnosticcoreui.exe | "{D8129D85-A761-43AE-8517-966AD3EE42B8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{DAD57276-D8A5-421D-B6C0-0C7448D5646B}" = protocol=6 | dir=in | app=c:\users\mitch\appdata\local\temp\7zs14f9\hppiw.exe | "{E8791EFD-C48E-4538-A955-87783E32D657}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{E8DE3F2E-AA2A-46EB-B65D-E726A312F02F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{E8E7B12A-582B-42F1-BA1B-8AD767C6F9DC}" = protocol=1 | dir=out | [email protected],-28544 | "{EE701CA2-577C-409A-A0C4-1CB8806084ED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{FAD77C9B-E07C-46A6-85AB-1B504AB8AA79}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{FE489DAC-2A75-4E03-B152-5543102F62CE}" = protocol=17 | dir=in | app=c:\users\mitch\appdata\local\temp\7zs14f9\hppiw.exe | "TCP Query User{1E1CC518-5078-4F3B-9584-4632F17CEF62}C:\users\mitch\appdata\roaming\exvea\pepi.exe" = protocol=6 | dir=in | app=c:\users\mitch\appdata\roaming\exvea\pepi.exe | "TCP Query User{E99A9F2F-4872-4A1B-9424-5A9DACD6C099}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{A958D227-1566-455B-BB17-D9BE8277B4FF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{F8EE0C95-FDDB-4AF5-820F-5A759028388D}C:\users\mitch\appdata\roaming\exvea\pepi.exe" = protocol=17 | dir=in | app=c:\users\mitch\appdata\roaming\exvea\pepi.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{6E3D4FFE-9614-4E58-9DE2-F9A036EAD491}" = ATI Catalyst Install Manager "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{982E1601-0DFC-4FD3-A427-AC6570697858}" = Broadcom NetXtreme-I Netlink Driver and Management Installer "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0477D501-1C9C-4F0B-A6BD-7C5C65C0239E}" = Jeppesen Services Update Manager "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{2B0DF49C-FC06-4B2B-934A-92E2DCE20C4C}" = Jeppesen Services "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{95D9FDA9-9ADB-4C94-B6B0-655D5CEB9AFF}" = Jeppesen Services Update Manager "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9FC05E19-9508-48C9-8F5E-5064A4DA4413}" = Jeppesen Services "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5 "{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6 "3DMIDI" = Creative 3DMIDI Player "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "ALchemy" = Creative ALchemy "AudioCS" = Creative Audio Control Panel "Console Launcher" = Creative Console Launcher "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "Creative Software AutoUpdate" = Creative Software AutoUpdate "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition "Diagnostics 4_5" = Creative Diagnostics "Dolby Digital Live Pack" = Dolby Digital Live Pack "DTS Connect Pack" = DTS Connect Pack "ESET Online Scanner" = ESET Online Scanner v3 "GoToAssist" = GoToAssist Corporate "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.SingleImage" = Microsoft Office Home and Business 2010 "OpenAL" = OpenAL "The Weather Channel App" = The Weather Channel App "Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One) "Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components) "WaveStudio 7" = Creative WaveStudio 7 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/20/2012 9:34:06 PM | Computer Name = Mitch-PC | Source = Application Error | ID = 1000 Description = Faulting application name: hpzscr40.EXE, version: 14.0.301.0, time stamp: 0x4b6151b3 Faulting module name: hpzscr40.EXE, version: 14.0.301.0, time stamp: 0x4b6151b3 Exception code: 0xc0000417 Fault offset: 0x00000000001015b4 Faulting process id: 0xb90 Faulting application start time: 0x01cdc7884935df69 Faulting application path: C:\PROGRA~3\HP\INSTAL~1\Temp\hpzscr40.EXE Faulting module path: C:\PROGRA~3\HP\INSTAL~1\Temp\hpzscr40.EXE Report Id: 894aeeb1-337b-11e2-b866-180373d94e4c Error - 11/20/2012 9:48:21 PM | Computer Name = Mitch-PC | Source = Application Error | ID = 1000 Description = Faulting application name: hpzscr40.EXE, version: 14.0.301.0, time stamp: 0x4b6151b3 Faulting module name: hpzscr40.EXE, version: 14.0.301.0, time stamp: 0x4b6151b3 Exception code: 0xc0000417 Fault offset: 0x00000000001015b4 Faulting process id: 0xa30 Faulting application start time: 0x01cdc78a4684cbc4 Faulting application path: C:\PROGRA~3\HP\INSTAL~1\Temp\hpzscr40.EXE Faulting module path: C:\PROGRA~3\HP\INSTAL~1\Temp\hpzscr40.EXE Report Id: 87029797-337d-11e2-b95d-180373d94e4c Error - 11/20/2012 9:54:09 PM | Computer Name = Mitch-PC | Source = Application Error | ID = 1000 Description = Faulting application name: hpzscr40.EXE, version: 14.0.301.0, time stamp: 0x4b6151b3 Faulting module name: hpzscr40.EXE, version: 14.0.301.0, time stamp: 0x4b6151b3 Exception code: 0xc0000417 Fault offset: 0x00000000001015b4 Faulting process id: 0x650 Faulting application start time: 0x01cdc78b16b99c2e Faulting application path: C:\PROGRA~3\HP\INSTAL~1\Temp\hpzscr40.EXE Faulting module path: C:\PROGRA~3\HP\INSTAL~1\Temp\hpzscr40.EXE Report Id: 5657a6a8-337e-11e2-b95d-180373d94e4c Error - 11/20/2012 10:02:40 PM | Computer Name = Mitch-PC | Source = Application Error | ID = 1000 Description = Faulting application name: hpzscr40.EXE, version: 14.0.301.0, time stamp: 0x4b6151b3 Faulting module name: hpzscr40.EXE, version: 14.0.301.0, time stamp: 0x4b6151b3 Exception code: 0xc0000417 Fault offset: 0x00000000001015b4 Faulting process id: 0xe5c Faulting application start time: 0x01cdc78c42f84f60 Faulting application path: C:\PROGRA~3\HP\INSTAL~1\Temp\hpzscr40.EXE Faulting module path: C:\PROGRA~3\HP\INSTAL~1\Temp\hpzscr40.EXE Report Id: 86eb9b19-337f-11e2-b95d-180373d94e4c Error - 11/20/2012 11:01:45 PM | Computer Name = Mitch-PC | Source = Application Error | ID = 1000 Description = Faulting application name: hpzscr40.EXE, version: 14.0.301.0, time stamp: 0x4b6151b3 Faulting module name: hpzscr40.EXE, version: 14.0.301.0, time stamp: 0x4b6151b3 Exception code: 0xc0000417 Fault offset: 0x00000000001015b4 Faulting process id: 0x714 Faulting application start time: 0x01cdc79487d3b85a Faulting application path: C:\PROGRA~3\HP\INSTAL~1\Temp\hpzscr40.EXE Faulting module path: C:\PROGRA~3\HP\INSTAL~1\Temp\hpzscr40.EXE Report Id: c7f4ae83-3387-11e2-b791-180373d94e4c Error - 11/21/2012 12:20:08 AM | Computer Name = Mitch-PC | Source = System Restore | ID = 8193 Description = Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80042308). Error - 11/21/2012 12:20:08 AM | Computer Name = Mitch-PC | Source = System Restore | ID = 8211 Description = The scheduled restore point could not be created. Additional information: (0x80042308). Error - 11/21/2012 1:00:37 AM | Computer Name = Mitch-PC | Source = System Restore | ID = 8193 Description = Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80042308). Error - 11/21/2012 1:00:37 AM | Computer Name = Mitch-PC | Source = System Restore | ID = 8211 Description = The scheduled restore point could not be created. Additional information: (0x80042308). Error - 11/21/2012 1:30:08 AM | Computer Name = Mitch-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. [ System Events ] Error - 10/14/2012 3:18:27 PM | Computer Name = Mitch-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 10/14/2012 3:18:27 PM | Computer Name = Mitch-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 10/14/2012 3:18:27 PM | Computer Name = Mitch-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 10/14/2012 3:18:27 PM | Computer Name = Mitch-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 10/14/2012 3:18:27 PM | Computer Name = Mitch-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 10/14/2012 3:18:27 PM | Computer Name = Mitch-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 10/14/2012 3:18:27 PM | Computer Name = Mitch-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 10/14/2012 3:18:56 PM | Computer Name = Mitch-PC | Source = volsnap | ID = 393230 Description = The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error - 10/14/2012 3:24:07 PM | Computer Name = Mitch-PC | Source = volsnap | ID = 393230 Description = The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error - 10/14/2012 5:25:15 PM | Computer Name = Mitch-PC | Source = volsnap | ID = 393230 Description = The shadow copies of volume C: were aborted because of an IO failure on volume C:. < End of report > FSS logfile: Farbar Service Scanner Version: 09-11-2012 Ran by Mitch (administrator) on 21-11-2012 at 06:46:49 Running from "C:\Users\Mitch\Desktop" Windows 7 Professional Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2012-11-14 00:39] - [2012-10-03 12:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0 C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  10. Addendum to above post: Prior to downloading the HP printer driver file, I opened Start-Control Panel-Uninstall a program and deleted everything I saw relating to HP since the directions stated to uninstall previous versions of drivers prior to installation of the new drivers. Perhaps I deleted the needed basic file myself when I did this. Thank you again.
  11. A problem arose. After completing the last set of directions, my printer did not work. I attempted to reinstall the drivers without success. After downloading the driver file directly from HP (I have a HP Photosmart C4795 All-In-One printer) and clicking "Install", I received an error message "The system cannot find the file specified" with the heading of the message window "C:\Users\Mitch\AppData\Local\Temp\7zS0D90\Setup\..\Setup\hpzpnp40.exe" Since the file indicated refers to AppData, which is where my virus was located, I wonder if during the deletion of the virus a basic file needed for installation of the printer drivers was also deleted. Interestingly, when I opened Start-Devices and Printers-Add a Device, I am now able to use the printer but I would still like to download the entire printer installation suite which also includes scanning, etc. Any suggestions or recommendations? Thank you.
  12. Farbar Service Scanner Version: 09-11-2012 Ran by Mitch (administrator) on 19-11-2012 at 18:42:18 Running from "C:\Users\Mitch\Desktop" Windows 7 Professional Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2012-11-14 00:39] - [2012-10-03 12:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0 C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  13. Okay. I'm at work now but will follow your directions when I get home and post the requested log. Thank you.