PDA

View Full Version : Virus / malware problem I cannot solve - please help!!


howardp67
2014-11-03, 18:21
Hi I believe my desktop PC has become infected with malware which was probably happened via an email which I inadvertedly opened. The computer has become slow and sluggish, my windows mail account will often ask me for may login details only to then not work - i.e. send or receive emails and the computer hard drive space kept getting full. Unfortunately I have already attempted a system recovery prior to discovering this help tool so it may be more difficult for you to find the malware. The recovery process has not been sucessful in resolving the problem. Please help me!

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2014
Ran by Howard (administrator) on HOME-DESKTOP on 03-11-2014 16:31:59
Running from C:\Users\Howard\Downloads
Loaded Profile: Howard (Available profiles: Howard)
Platform: Microsoft® Windows Vista™ Home Premium (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\WINDOWS\System32\schtasks.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
() C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2008-02-28] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [HP Health Check Scheduler] => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateReg] => C:\Windows\system32\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [ccApp] => c:\Program Files\Common Files\Symantec Shared\ccApp.exe [51048 2007-08-24] (Symantec Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1787711281-4221503470-2062763937-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [942080 2008-01-19] (Hewlett-Packard)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
SearchScopes: HKLM - DefaultScope {D0440EB7-81DD-412A-A6BD-9EE183D6D548} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb
SearchScopes: HKLM - {D0440EB7-81DD-412A-A6BD-9EE183D6D548} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb
SearchScopes: HKLM - {E43961DF-4AD7-4168-B45D-2ECC57CFF454} URL = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
SearchScopes: HKCU - DefaultScope {D0440EB7-81DD-412A-A6BD-9EE183D6D548} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb
SearchScopes: HKCU - {D0440EB7-81DD-412A-A6BD-9EE183D6D548} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb
SearchScopes: HKCU - {E43961DF-4AD7-4168-B45D-2ECC57CFF454} URL = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll (Symantec Corporation)
BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AOL Toolbar Launcher -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKCU - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\zv204cq1.default
FF Homepage: https://www.google.co.uk/?gws_rd=ssl|about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-10-31]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Automatic LiveUpdate Scheduler; c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [243064 2007-08-31] (Symantec Corporation)
R2 ccEvtMgr; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149864 2007-08-24] (Symantec Corporation)
R2 ccSetMgr; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149864 2007-08-24] (Symantec Corporation)
R2 CLTNetCnService; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149864 2007-08-24] (Symantec Corporation)
S3 comHost; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [55640 2007-08-21] (Symantec Corporation)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-20] (Hewlett-Packard) [File not signed]
S3 HP Port Resolver; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE [81920 2005-05-20] (Hewlett-Packard Company) [File not signed]
S3 HP Status Server; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE [73728 2004-10-16] (Hewlett-Packard Company) [File not signed]
S3 LiveUpdate; c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [3192184 2007-08-23] (Symantec Corporation)
R2 LiveUpdate Notice; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149864 2007-08-24] (Symantec Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1251720 2014-10-31] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [2831232 2007-01-26] (ASUSTeK Computer Inc.)
S3 COH_Mon; C:\Windows\system32\Drivers\COH_Mon.sys [23888 2008-07-30] (Symantec Corporation)
R2 CO_Mon; C:\Windows\system32\drivers\CO_Mon.sys [36056 2007-08-08] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2098-01-01] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2098-01-01] (Symantec Corporation)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-04-13] (HP)
R1 IDSvix86; C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20141028.002\IDSvix86.sys [286328 2098-01-01] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20141102.024\NAVENG.SYS [95704 2098-01-01] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20141102.024\NAVEX15.SYS [1636696 2098-01-01] (Symantec Corporation)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [447024 2009-03-17] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [279088 2007-11-30] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [317616 2007-11-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2007-11-30] (Symantec Corporation)
R3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [13616 2009-02-19] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124464 2014-10-31] (Symantec Corporation)
R3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [96560 2009-02-19] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [24112 2009-02-19] (Symantec Corporation)
R3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [41008 2009-02-19] (Symantec Corporation)
R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [22320 2009-02-19] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [184496 2009-02-19] (Symantec Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-03 16:31 - 2014-11-03 16:32 - 00013099 _____ () C:\Users\Howard\Downloads\FRST.txt
2014-11-03 16:30 - 2014-11-03 16:32 - 00000000 ____D () C:\FRST
2014-11-03 16:29 - 2014-11-03 16:29 - 01106432 _____ (Farbar) C:\Users\Howard\Downloads\FRST.exe
2014-11-03 16:28 - 2014-11-03 16:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HOME-DESKTOP-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2014-11-03 16:27 - 2014-11-03 16:27 - 00000000 ____D () C:\RegBackup
2014-11-03 16:25 - 2014-11-03 16:25 - 01346048 _____ (Indigo Rose Corporation) C:\Users\Howard\Desktop\uninstall.exe
2014-11-03 16:25 - 2014-11-03 16:25 - 00325960 _____ () C:\Users\Howard\Desktop\lua5.1.dll
2014-11-03 16:25 - 2014-11-03 16:25 - 00001397 _____ () C:\Users\Howard\Desktop\Tweaking.com - Registry Backup.lnk
2014-11-03 16:25 - 2014-11-03 16:25 - 00000000 ____D () C:\Users\Howard\Desktop\Uninstall
2014-11-03 16:25 - 2014-11-03 16:25 - 00000000 ____D () C:\Users\Howard\Desktop\files
2014-11-03 16:25 - 2014-11-03 16:25 - 00000000 ____D () C:\Users\Howard\Desktop\color_presets
2014-11-03 16:25 - 2014-11-03 16:25 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-11-03 16:24 - 2014-11-03 16:24 - 04215584 _____ () C:\Users\Howard\Downloads\tweaking.com_registry_backup_setup.exe
2014-11-03 15:55 - 2014-11-03 15:55 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\Adobe
2014-11-03 15:55 - 2014-11-03 15:55 - 00000000 ____D () C:\Users\Howard\AppData\Local\Macromedia
2014-11-03 15:48 - 2014-11-03 15:48 - 00000498 _____ () C:\Windows\setupact.log
2014-11-03 15:48 - 2014-11-03 15:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-03 15:15 - 2014-11-03 15:16 - 15855616 _____ (Creative Technology Ltd) C:\Users\Howard\Downloads\ZENVisionM_30GB_PCFW_L21_1_62_02e.exe
2014-11-03 12:35 - 2014-11-03 12:35 - 00008334 _____ () C:\Windows\PFRO.log
2014-11-03 08:59 - 2014-11-03 08:59 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-11-03 08:58 - 2014-11-03 16:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-03 08:58 - 2014-11-03 08:58 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-03 08:58 - 2014-11-03 08:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-03 08:58 - 2014-11-03 08:58 - 00001949 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-11-03 08:58 - 2014-11-03 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-11-03 08:58 - 2014-11-03 08:58 - 00000000 ____D () C:\ProgramData\McAfee
2014-11-03 08:58 - 2014-11-03 08:58 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-11-03 08:57 - 2014-11-03 08:57 - 00000000 ____D () C:\Users\Howard\AppData\Local\Adobe
2014-11-01 21:20 - 2014-11-01 21:43 - 00000446 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2014-11-01 21:17 - 2014-11-03 12:51 - 00000438 _____ () C:\Windows\Tasks\RegCure Pro Startup.job
2014-11-01 21:17 - 2014-11-02 19:10 - 00000541 _____ () C:\Windows\Tasks\RegCure Pro_sch_7153E290-620C-11E4-BF55-001FC64BDCFA.job
2014-11-01 21:17 - 2014-11-01 21:43 - 00000420 _____ () C:\Windows\Tasks\ParetoLogic Update Version3_triggeronce.job
2014-11-01 21:17 - 2014-11-01 21:43 - 00000420 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-11-01 21:17 - 2014-11-01 21:19 - 00000985 _____ () C:\Users\Howard\Desktop\RegCure Pro.lnk
2014-11-01 21:17 - 2014-11-01 21:17 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\ParetoLogic
2014-11-01 21:17 - 2014-11-01 21:17 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2014-11-01 21:17 - 2014-11-01 21:17 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic
2014-11-01 21:16 - 2014-11-01 21:17 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-11-01 21:16 - 2014-11-01 21:16 - 00000000 ____D () C:\Program Files\ParetoLogic
2014-11-01 21:15 - 2014-11-01 21:15 - 06822176 _____ (ParetoLogic, Inc.) C:\Users\Howard\Downloads\RegCureProSetup_e309690_.exe
2014-11-01 20:34 - 2014-11-01 20:34 - 00134564 _____ () C:\Users\Howard\Documents\fact.xps
2014-11-01 19:02 - 2014-11-01 21:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-01 19:02 - 2014-11-01 19:02 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-01 19:02 - 2014-11-01 19:02 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-01 19:02 - 2014-11-01 19:02 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\Mozilla
2014-11-01 19:02 - 2014-11-01 19:02 - 00000000 ____D () C:\Users\Howard\AppData\Local\Mozilla
2014-11-01 19:02 - 2014-11-01 19:02 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-01 19:02 - 2014-11-01 19:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-01 19:01 - 2014-11-01 19:01 - 00244032 _____ () C:\Users\Howard\Downloads\Firefox Setup Stub 33.0.2.exe
2014-11-01 18:20 - 2007-06-12 16:05 - 00174248 ____N (British Telecommunications plc) C:\Windows\system32\btwebcontrol.dll
2014-11-01 17:36 - 2014-11-01 21:40 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\HpUpdate
2014-11-01 17:36 - 2014-11-01 17:36 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-11-01 17:32 - 2014-11-01 17:32 - 00000000 ____D () C:\Users\Howard\AppData\Local\Hewlett-Packard
2014-11-01 17:15 - 2014-11-01 17:15 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-11-01 17:15 - 2014-11-01 17:15 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-11-01 17:11 - 2009-08-24 12:47 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2014-11-01 17:11 - 2008-04-19 08:13 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\es.dll
2014-10-31 17:32 - 2014-10-31 17:32 - 00000000 ____D () C:\Users\Howard\AppData\Local\WindowsUpdate
2014-10-31 17:28 - 2014-10-31 17:29 - 00514864 _____ (Microsoft Corporation) C:\Users\Howard\Downloads\IE9-WindowsVista-x64-enu.exe
2014-10-31 17:26 - 2014-10-31 17:26 - 00001591 _____ () C:\Users\Public\Desktop\Browser Choice.lnk
2014-10-31 17:07 - 2014-10-31 17:07 - 00500736 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll
2014-10-31 17:07 - 2014-10-31 17:07 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\xolehlp.dll
2014-10-31 17:06 - 2014-10-31 17:06 - 01871872 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-31 17:06 - 2014-10-31 17:06 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll
2014-10-31 17:06 - 2014-10-31 17:06 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2014-10-31 17:06 - 2014-10-31 17:06 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-31 17:06 - 2014-10-31 17:06 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-31 17:05 - 2014-10-31 17:05 - 00713728 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-10-31 17:05 - 2014-10-31 17:05 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-10-31 17:04 - 2014-10-31 17:04 - 01244672 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2014-10-31 17:04 - 2014-10-31 17:04 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-10-31 17:04 - 2014-10-31 17:04 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-10-31 17:04 - 2014-10-31 17:04 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-10-31 17:04 - 2014-10-31 17:04 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2014-10-31 17:04 - 2014-10-31 17:04 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2014-10-31 17:04 - 2014-10-31 17:04 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2014-10-31 17:04 - 2014-10-31 17:04 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2014-10-31 17:03 - 2014-10-31 17:03 - 11315712 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-31 17:02 - 2014-10-31 17:02 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-10-31 17:02 - 2014-10-31 17:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-31 17:01 - 2014-10-31 17:01 - 02923520 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-10-31 17:01 - 2014-10-31 17:01 - 00494592 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-10-31 17:01 - 2014-10-31 17:01 - 00272384 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-31 17:01 - 2014-10-31 17:01 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-31 17:01 - 2014-10-31 17:01 - 00154624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2014-10-31 17:01 - 2014-10-31 17:01 - 00110136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-10-31 17:01 - 2014-10-31 17:01 - 00045112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys
2014-10-31 17:01 - 2014-10-31 17:01 - 00021560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys
2014-10-31 17:01 - 2014-10-31 17:01 - 00015928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys
2014-10-31 17:00 - 2014-10-31 17:00 - 12240896 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0007.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 11722752 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0001.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 09892864 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons000a.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 09845248 _____ (Microsoft Corporation) C:\Windows\system32\NlsData000a.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 07964672 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0024.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 07042560 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons081a.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 06917120 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0c1a.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 06781440 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0019.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 06585856 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons001b.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 06346240 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons001d.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 06237696 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons000c.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 06224896 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0027.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 06014976 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons001a.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 05791232 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0026.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 05654528 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons000f.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 05499904 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0022.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 05090816 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0416.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 05071872 _____ (Microsoft Corporation) C:\Windows\system32\NlsModels0011.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 05031936 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0816.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 04981248 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0013.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 04874240 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0009.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 04616192 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0414.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 04495360 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0019.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 04493312 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0816.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 04493312 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0416.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 04493312 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0414.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 04493312 _____ (Microsoft Corporation) C:\Windows\system32\NlsData001d.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 04493312 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0010.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0010.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 04164096 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0002.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 04093440 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons004c.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 04045824 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons003e.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 03464704 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0013.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons004a.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 03331072 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0018.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 03102720 _____ (Microsoft Corporation) C:\Windows\system32\NlsData004e.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 03102720 _____ (Microsoft Corporation) C:\Windows\system32\NlsData004c.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 03102720 _____ (Microsoft Corporation) C:\Windows\system32\NlsData004b.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 03102720 _____ (Microsoft Corporation) C:\Windows\system32\NlsData004a.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 03102720 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0049.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 03102720 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0047.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 03102720 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0046.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 03102720 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0045.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 03102720 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0039.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 03102720 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0020.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0011.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 02644480 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0009.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 02641408 _____ (Microsoft Corporation) C:\Windows\system32\NlsData000c.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0001.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 02466816 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0011.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 02340864 _____ (Microsoft Corporation) C:\Windows\system32\NlsData000d.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0007.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 02136064 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0021.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01972736 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons004e.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0027.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01963520 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0c1a.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01963520 _____ (Microsoft Corporation) C:\Windows\system32\NlsData081a.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01963520 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0026.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01963520 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0024.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01963520 _____ (Microsoft Corporation) C:\Windows\system32\NlsData001b.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01963520 _____ (Microsoft Corporation) C:\Windows\system32\NlsData001a.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01963520 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0018.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01963520 _____ (Microsoft Corporation) C:\Windows\system32\NlsData000f.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01963520 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0003.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01963520 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0002.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01808896 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0046.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01799168 _____ (Microsoft Corporation) C:\Windows\system32\NlsData003e.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01799168 _____ (Microsoft Corporation) C:\Windows\system32\NlsData002a.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01799168 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0022.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01799168 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0021.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01793536 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0045.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01782272 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0039.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01722368 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons000d.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01702912 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons004b.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01558016 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0049.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01523200 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0000.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01452544 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0003.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01411072 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0047.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 01236992 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0020.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 00797696 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
2014-10-31 17:00 - 2014-10-31 17:00 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\netcfg.exe
2014-10-31 17:00 - 2014-10-31 17:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons002a.dll
2014-10-31 16:58 - 2014-10-31 16:58 - 01585664 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2014-10-31 16:58 - 2014-10-31 16:58 - 00944184 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-31 16:58 - 2014-10-31 16:58 - 00905400 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-31 16:58 - 2014-10-31 16:58 - 00620088 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-31 16:58 - 2014-10-31 16:58 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2014-10-31 16:58 - 2014-10-31 16:58 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-10-31 16:58 - 2014-10-31 16:58 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-10-31 16:58 - 2014-10-31 16:58 - 00495160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-10-31 16:58 - 2014-10-31 16:58 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-31 16:58 - 2014-10-31 16:58 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-31 16:58 - 2014-10-31 16:58 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\dpx.dll
2014-10-31 16:58 - 2014-10-31 16:58 - 00224824 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2014-10-31 16:58 - 2014-10-31 16:58 - 00221696 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2014-10-31 16:58 - 2014-10-31 16:58 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\loadperf.dll
2014-10-31 16:58 - 2014-10-31 16:58 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe
2014-10-31 16:58 - 2014-10-31 16:58 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2014-10-31 16:58 - 2014-10-31 16:58 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-31 16:58 - 2014-10-31 16:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\lodctr.exe
2014-10-31 16:58 - 2014-10-31 16:58 - 00035384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-10-31 16:58 - 2014-10-31 16:58 - 00035384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2014-10-31 16:58 - 2014-10-31 16:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\dispci.dll
2014-10-31 16:58 - 2014-10-31 16:58 - 00034360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2014-10-31 16:58 - 2014-10-31 16:58 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\unlodctr.exe
2014-10-31 16:58 - 2014-10-31 16:58 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2014-10-31 16:58 - 2014-10-31 16:58 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\cfgmgr32.dll
2014-10-31 16:58 - 2014-10-31 16:58 - 00019000 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2014-10-31 16:58 - 2014-10-31 16:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\prflbmsg.dll
2014-10-31 16:58 - 2014-10-31 16:58 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\srdelayed.exe
2014-10-31 16:58 - 2014-10-31 16:58 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2014-10-31 16:58 - 2014-10-31 16:58 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2014-10-31 16:58 - 2014-10-31 16:58 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\batt.dll
2014-10-31 16:58 - 2014-10-31 16:58 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\f3ahvoas.dll
2014-10-31 16:58 - 2014-10-31 16:58 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\kbd106n.dll
2014-10-31 16:57 - 2014-10-31 16:57 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2014-10-31 16:57 - 2014-10-31 16:57 - 00549888 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2014-10-31 16:57 - 2014-10-31 16:57 - 00220672 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codecp.acm
2014-10-31 16:57 - 2014-10-31 16:57 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll
2014-10-31 16:57 - 2014-10-31 16:57 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
2014-10-31 16:57 - 2014-10-31 16:57 - 00062464 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codeca.acm
2014-10-31 16:57 - 2014-10-31 16:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll
2014-10-31 16:57 - 2014-10-31 16:57 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll
2014-10-31 16:57 - 2014-10-31 16:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2014-10-31 16:56 - 2014-10-31 16:56 - 00875520 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-10-31 16:56 - 2014-10-31 16:56 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-31 16:56 - 2014-10-31 16:56 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-10-31 16:56 - 2014-10-31 16:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\amxread.dll
2014-10-31 16:56 - 2014-10-31 16:56 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\apilogen.dll
2014-10-31 16:55 - 2014-10-31 16:55 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-10-31 16:55 - 2014-10-31 16:55 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2014-10-31 16:55 - 2014-10-31 16:55 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-10-31 16:55 - 2014-10-31 16:55 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2014-10-31 16:52 - 2014-10-31 16:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-31 16:52 - 2014-10-31 16:52 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-10-31 16:52 - 2014-10-31 16:52 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
2014-10-31 16:51 - 2014-10-31 16:51 - 02031104 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-31 16:51 - 2014-10-31 16:51 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-10-31 16:51 - 2014-10-31 16:51 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-10-31 16:51 - 2014-10-31 16:51 - 00473088 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-10-31 16:51 - 2014-10-31 16:51 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-10-31 16:51 - 2014-10-31 16:51 - 00435712 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-10-31 16:51 - 2014-10-31 16:51 - 00431104 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-10-31 16:51 - 2014-10-31 16:51 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2014-10-31 16:51 - 2014-10-31 16:51 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-10-31 16:51 - 2014-10-31 16:51 - 00154624 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-10-31 16:51 - 2014-10-31 16:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-10-31 16:51 - 2014-10-31 16:51 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2014-10-31 16:51 - 2014-10-31 16:51 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.tlb
2014-10-31 16:51 - 2014-10-31 16:51 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\amcompat.tlb
2014-10-31 16:51 - 2014-10-31 16:51 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2014-10-31 16:50 - 2014-10-31 16:50 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-10-31 16:50 - 2014-10-31 16:50 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-10-31 16:50 - 2014-10-31 16:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2014-10-31 16:35 - 2014-11-03 10:44 - 00000000 ____D () C:\ProgramData\Norton
2014-10-31 16:35 - 2014-11-02 16:34 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-10-31 16:35 - 2014-11-02 16:32 - 00000836 _____ () C:\Users\Howard\Desktop\Norton Installation Files.lnk
2014-10-31 16:35 - 2014-10-31 16:35 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-10-31 16:34 - 2014-10-31 16:35 - 01021856 _____ (Symantec Corporation) C:\Users\Howard\Downloads\NortonN360Downloader.exe
2014-10-31 15:54 - 2006-01-04 09:12 - 00077824 _____ () C:\Windows\system32\HPZIDS01.dll
2014-10-31 15:53 - 2006-04-10 14:03 - 00038400 _____ (Hewlett-Packard Company) C:\Windows\system32\hpz3l054.dll
2014-10-31 15:52 - 2006-04-13 00:04 - 00282624 _____ (Hewlett-Packard Co.) C:\Windows\system32\HPZc3212.dll
2014-10-31 15:52 - 2006-04-13 00:04 - 00021568 _____ (HP) C:\Windows\system32\Drivers\HPZius12.sys
2014-10-31 15:42 - 2014-10-31 15:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-31 15:41 - 2014-10-31 15:41 - 00000000 ____D () C:\ProgramData\Sun
2014-10-31 15:41 - 2014-10-31 15:41 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-31 15:41 - 2014-10-31 15:39 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-31 15:40 - 2014-10-31 15:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-10-31 15:40 - 2014-10-31 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-31 15:40 - 2014-10-31 15:39 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-31 15:40 - 2014-10-31 15:39 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-31 15:39 - 2014-10-31 15:39 - 00000000 ____D () C:\Program Files\Java
2014-10-31 10:25 - 2014-10-31 10:25 - 00000049 __RSH () C:\Users\Public\Documents\HBEPGUID.TXT
2014-10-31 10:01 - 2014-10-31 10:01 - 00289792 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-10-31 10:01 - 2014-10-31 10:01 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2014-10-31 10:01 - 2014-10-31 10:01 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-10-31 10:01 - 2014-10-31 10:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-10-31 10:01 - 2014-10-31 10:01 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-10-31 10:01 - 2014-10-31 10:01 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-10-31 10:00 - 2014-10-31 10:00 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2014-10-31 10:00 - 2014-10-31 10:00 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-10-31 10:00 - 2014-10-31 10:00 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2014-10-31 10:00 - 2014-10-31 10:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-10-31 10:00 - 2014-10-31 10:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2014-10-31 10:00 - 2014-10-31 10:00 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2014-10-31 09:59 - 2014-10-31 09:59 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2014-10-31 09:59 - 2014-10-31 09:59 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll
2014-10-31 09:59 - 2014-10-31 09:59 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll
2014-10-31 09:59 - 2014-10-31 09:59 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll
2014-10-31 09:59 - 2014-10-31 09:59 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\NETSTAT.EXE
2014-10-31 09:59 - 2014-10-31 09:59 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\ARP.EXE
2014-10-31 09:59 - 2014-10-31 09:59 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\ROUTE.EXE
2014-10-31 09:59 - 2014-10-31 09:59 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-10-31 09:59 - 2014-10-31 09:59 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\MRINFO.EXE
2014-10-31 09:59 - 2014-10-31 09:59 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\finger.exe
2014-10-31 09:59 - 2014-10-31 09:59 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\TCPSVCS.EXE
2014-10-31 09:59 - 2014-10-31 09:59 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\HOSTNAME.EXE
2014-10-31 09:58 - 2014-10-31 09:58 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-10-31 09:58 - 2014-10-31 09:58 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-10-31 09:57 - 2014-10-31 09:57 - 01657350 _____ () C:\Windows\system32\wlan.tmf
2014-10-31 09:57 - 2014-10-31 09:57 - 01406464 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-10-31 09:57 - 2014-10-31 09:57 - 01260032 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-10-31 09:57 - 2014-10-31 09:57 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2014-10-31 09:57 - 2014-10-31 09:57 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2014-10-31 09:57 - 2014-10-31 09:57 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2014-10-31 09:57 - 2014-10-31 09:57 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\L2SecHC.dll
2014-10-31 09:57 - 2014-10-31 09:57 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2014-10-31 09:57 - 2014-10-31 09:57 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2014-10-31 09:57 - 2014-10-31 09:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-10-31 09:57 - 2014-10-31 09:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-10-31 09:56 - 2014-10-31 09:56 - 01233920 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-31 09:56 - 2014-10-31 09:56 - 00408136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-10-31 09:56 - 2014-10-31 09:56 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-31 09:56 - 2014-10-31 09:56 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-31 09:56 - 2014-10-31 09:56 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-10-31 09:56 - 2014-10-31 09:56 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-10-31 09:55 - 2014-10-31 09:55 - 02855424 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-31 09:55 - 2014-10-31 09:55 - 02433536 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2014-10-31 09:55 - 2014-10-31 09:55 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-10-31 09:55 - 2014-10-31 09:55 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-10-31 09:55 - 2014-10-31 09:55 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-31 09:55 - 2014-10-31 09:55 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-10-31 09:55 - 2014-10-31 09:55 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-31 09:55 - 2014-10-31 09:55 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-31 09:55 - 2014-10-31 09:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-31 09:54 - 2014-10-31 09:54 - 03504008 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-31 09:54 - 2014-10-31 09:54 - 03470216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-31 09:53 - 2014-10-31 09:53 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-31 09:53 - 2014-10-31 09:53 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\atl.dll
2014-10-31 09:52 - 2014-10-31 09:52 - 00297472 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-10-31 09:51 - 2014-10-31 09:51 - 01060920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-10-31 09:51 - 2014-10-31 09:51 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys
2014-10-31 09:42 - 2014-10-31 09:42 - 00815104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-31 09:42 - 2014-10-31 09:42 - 00213592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-10-31 09:42 - 2014-10-31 09:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-10-31 09:42 - 2014-10-31 09:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\tcpipcfg.dll
2014-10-31 09:42 - 2014-10-31 09:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2014-10-31 09:42 - 2014-10-31 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\netiougc.exe
2014-10-31 09:42 - 2014-10-31 09:42 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TUNMP.SYS
2014-10-31 09:37 - 2014-10-31 09:37 - 00622080 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-10-31 09:37 - 2014-10-31 09:37 - 00105016 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-10-31 09:37 - 2014-10-31 09:37 - 00097800 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-10-31 09:37 - 2014-10-31 09:37 - 00037384 _____ (Microsoft Corporation) C:\Windows\system32\infocardcpl.cpl
2014-10-31 09:37 - 2014-10-31 09:37 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-10-31 09:36 - 2014-10-31 09:36 - 00781344 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2014-10-31 09:36 - 2014-10-31 09:36 - 00326160 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2014-10-31 09:36 - 2014-10-31 09:36 - 00043544 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2014-10-31 09:24 - 2014-10-31 09:30 - 33030144 _____ () C:\Windows\ocsetup_install_NetFx3.etl
2014-10-31 09:24 - 2014-10-31 09:30 - 00196608 _____ () C:\Windows\ocsetup_cbs_install_NetFx3.perf
2014-10-31 09:24 - 2014-10-31 09:30 - 00065536 _____ () C:\Windows\ocsetup_cbs_install_NetFx3.dpx
2014-10-31 09:24 - 2014-10-31 09:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-10-31 09:23 - 2009-02-27 03:42 - 00031640 _____ (Microsoft Corporation) C:\Windows\system32\msonpmon.dll
2014-10-31 09:21 - 2014-10-31 09:21 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-10-31 09:20 - 2014-10-31 09:20 - 00000000 ____D () C:\Windows\PCHEALTH
2014-10-31 09:20 - 2014-10-31 09:20 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-10-31 09:18 - 2014-10-31 09:18 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2014-10-31 09:18 - 2014-10-31 09:18 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-31 09:18 - 2014-10-31 09:18 - 00096760 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-31 09:18 - 2014-10-31 09:18 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-31 09:18 - 2014-10-31 09:18 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2014-10-31 09:16 - 2014-11-01 18:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-31 09:16 - 2014-10-31 09:16 - 00000000 ____D () C:\Users\Howard\AppData\Local\Microsoft Help
2014-10-31 09:15 - 2014-10-31 09:15 - 00000000 __RHD () C:\MSOCache
2014-10-31 09:09 - 2014-10-31 15:44 - 00000000 ____D () C:\Users\Public\Documents\Symantec
2014-10-31 09:07 - 2014-10-31 09:07 - 04247552 _____ (Microsoft) C:\Windows\system32\GameUXLegacyGDFs.dll
2014-10-31 09:07 - 2014-10-31 09:07 - 01686528 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-10-31 09:07 - 2014-10-31 09:07 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\Apphlpdm.dll
2014-10-31 09:06 - 2014-10-31 09:06 - 01645568 _____ (Microsoft Corporation) C:\Windows\system32\connect.dll
2014-10-31 09:06 - 2014-10-31 09:06 - 00996352 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2014-10-31 09:06 - 2014-10-31 09:06 - 00788992 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-10-31 09:06 - 2014-10-31 09:06 - 00737792 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-10-31 09:06 - 2014-10-31 09:06 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe
2014-10-31 09:06 - 2014-10-31 09:06 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2014-10-31 09:06 - 2014-10-31 09:06 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll
2014-10-31 09:05 - 2014-10-31 09:05 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2014-10-31 09:05 - 2014-10-31 09:05 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll
2014-10-31 09:05 - 2014-10-31 09:05 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll
2014-10-31 09:04 - 2014-10-31 09:04 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-10-31 09:04 - 2014-10-31 09:04 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll
2014-10-31 09:04 - 2014-10-31 09:04 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-31 09:04 - 2014-10-31 09:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-10-31 09:04 - 2014-10-31 09:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_NuidFltr_01005.Wdf
2014-10-31 09:03 - 2014-10-31 09:03 - 10622464 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-31 09:03 - 2014-10-31 09:03 - 08147968 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-31 09:03 - 2014-10-31 09:03 - 01327616 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-31 09:03 - 2014-10-31 09:03 - 00604672 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2014-10-31 09:03 - 2014-10-31 09:03 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\unregmp2.exe
2014-10-31 09:03 - 2014-10-31 09:03 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\msvfw32.dll
2014-10-31 09:03 - 2014-10-31 09:03 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\avifil32.dll
2014-10-31 09:03 - 2014-10-31 09:03 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\mciavi32.dll
2014-10-31 09:03 - 2014-10-31 09:03 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\avicap32.dll
2014-10-31 09:03 - 2014-10-31 09:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll
2014-10-31 09:03 - 2014-10-31 09:03 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll
2014-10-31 09:03 - 2014-10-31 09:03 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll
2014-10-31 09:03 - 2014-10-31 09:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll
2014-10-31 09:03 - 2014-10-31 09:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll
2014-10-31 09:03 - 2014-10-31 09:03 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-31 09:03 - 2014-10-31 09:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-31 09:03 - 2014-10-31 09:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-31 09:03 - 2014-10-28 06:35 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-31 08:57 - 2014-10-31 10:05 - 00000548 _____ () C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Howard.job
2014-10-31 08:33 - 2014-10-31 08:33 - 00000000 ____D () C:\Users\Howard\AppData\Local\AOL
2014-10-31 08:29 - 2014-11-01 21:44 - 00077136 _____ () C:\Users\Howard\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-31 08:29 - 2014-10-31 08:29 - 00000951 _____ () C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-31 08:29 - 2014-10-31 08:29 - 00000946 _____ () C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-31 08:29 - 2014-10-31 08:29 - 00000917 _____ () C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-10-31 08:29 - 2014-10-31 08:29 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\Symantec
2014-10-31 08:29 - 2014-10-31 08:29 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\ATI
2014-10-31 08:29 - 2014-10-31 08:29 - 00000000 ____D () C:\Users\Howard\AppData\Local\ATI
2014-10-31 08:28 - 2014-10-31 16:22 - 00000000 ____D () C:\Users\Howard\AppData\Local\VirtualStore
2014-10-31 08:28 - 2014-10-31 08:28 - 00000044 _____ () C:\Windows\system\hpsysdrv.dat
2014-10-31 08:26 - 2014-10-31 08:26 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\Macromedia
2014-10-31 08:25 - 2014-10-31 08:29 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\Hewlett-Packard
2014-10-31 08:22 - 2014-11-01 18:20 - 00001615 _____ () C:\Users\Public\Desktop\Internet from BT.lnk
2014-10-31 08:22 - 2014-10-31 08:22 - 00001935 __RSH () C:\Windows\system32\Drivers\103C_HP_CPC_KP324AA-ABU s3431.uk_YC_0Pavi_Q3CR815_E82GBv3PrA2_49_IAcacia_SASUSTek Computer INC._V1.02_B5.14_T080313_WUH0_L409_M3071_J500_7AMD_8Athlon 64 X2 Dual Core_92.6_#080907_N10DE03EF_Z_G100295C5.MRK
2014-10-31 08:22 - 2014-10-31 08:22 - 00001843 _____ () C:\Users\Public\Desktop\Easy Internet Services.lnk
2014-10-31 08:22 - 2014-10-31 08:22 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Snapfish Photos - First 30 Prints Free.lnk
2014-10-31 08:22 - 2014-10-31 08:22 - 00001362 _____ () C:\Users\Public\Desktop\Snapfish Photos - First 30 Prints Free.lnk
2014-10-31 08:22 - 2014-10-31 08:22 - 00000000 ____D () C:\Program Files\AOL
2014-10-31 08:22 - 2008-02-28 05:26 - 00002085 _____ () C:\Users\Public\Desktop\My PC Choice.lnk
2014-10-31 08:22 - 2008-02-28 05:26 - 00001903 _____ () C:\Users\Public\Desktop\for your kids!.lnk
2014-10-31 08:22 - 2008-02-28 05:25 - 00002087 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visit eBay.co.uk.lnk
2014-10-31 08:22 - 2008-02-28 05:25 - 00002081 _____ () C:\Users\Public\Desktop\Visit eBay.co.uk.lnk
2014-10-31 08:22 - 2008-02-28 05:25 - 00001651 _____ () C:\Users\Public\Desktop\Orange Internet.lnk
2014-10-31 08:22 - 2008-02-28 05:22 - 00001861 _____ () C:\Users\Public\Desktop\HP Total Care Advisor.lnk
2014-10-31 08:22 - 2008-02-28 05:22 - 00001861 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Total Care Advisor.lnk
2014-10-31 08:21 - 2014-10-31 15:52 - 00000000 ____D () C:\Users\Howard
2014-10-31 08:21 - 2014-10-31 08:21 - 00000020 ___SH () C:\Users\Howard\ntuser.ini
2014-10-31 08:21 - 2008-02-28 05:10 - 00001034 _____ () C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk
2014-10-31 08:21 - 2008-02-28 04:59 - 00000000 ___RD () C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-31 08:21 - 2008-02-28 04:59 - 00000000 ___RD () C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-31 07:54 - 2014-11-03 15:37 - 01816984 _____ () C:\Windows\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-03 16:29 - 2012-05-18 03:51 - 00000679 _____ () C:\Users\Howard\Desktop\Settings.ini
2014-11-03 15:52 - 2008-02-28 05:27 - 00000000 ____D () C:\ProgramData\Symantec
2014-11-03 15:36 - 2006-11-02 12:47 - 00003472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-03 15:36 - 2006-11-02 12:47 - 00003472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-03 14:24 - 2006-11-02 10:33 - 00716948 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-03 12:50 - 2008-02-28 05:27 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-11-03 12:35 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-03 10:47 - 2006-11-02 13:01 - 00008420 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-01 21:43 - 2006-11-02 12:47 - 00315832 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-01 21:40 - 2008-02-28 05:33 - 00000000 ____D () C:\Windows\SMINST
2014-11-01 21:40 - 2008-02-28 04:07 - 00000000 ____D () C:\Windows\Panther
2014-11-01 21:40 - 2006-11-02 11:18 - 00000000 __RHD () C:\Users\Default
2014-11-01 21:40 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-11-01 18:39 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\rescache
2014-11-01 18:31 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-01 18:20 - 2008-02-28 05:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2014-11-01 18:20 - 2008-02-28 05:23 - 00000000 ___RD () C:\Program Files\Online Services
2014-11-01 18:20 - 2008-02-28 04:56 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-11-01 17:58 - 2006-11-02 11:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-11-01 17:37 - 2008-02-28 05:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-11-01 17:37 - 2008-02-28 05:04 - 00000000 ____D () C:\Program Files\HP
2014-11-01 17:15 - 2008-02-28 05:15 - 00001018 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
2014-11-01 17:15 - 2008-02-28 05:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2014-11-01 17:15 - 2008-02-28 05:15 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-10-31 17:18 - 2006-11-02 12:55 - 00001768 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
2014-10-31 17:18 - 2006-11-02 11:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades
2014-10-31 17:17 - 2006-11-02 12:50 - 00000749 ___RH () C:\Windows\WindowsShell.Manifest
2014-10-31 17:17 - 2006-11-02 11:18 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-31 17:17 - 2006-11-02 11:18 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-31 17:17 - 2006-11-02 11:18 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-31 17:17 - 2006-11-02 11:18 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-31 17:12 - 2006-11-02 12:37 - 00000000 ____D () C:\Program Files\Movie Maker
2014-10-31 15:56 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-10-31 15:22 - 2008-02-28 04:27 - 00000000 ___HD () C:\hp
2014-10-31 10:08 - 2006-11-02 12:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-31 10:04 - 2008-02-28 05:29 - 00000000 ____D () C:\Program Files\Norton Internet Security
2014-10-31 10:02 - 2006-11-02 12:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2014-10-31 09:21 - 2008-02-28 05:16 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-10-31 09:18 - 2006-11-02 12:37 - 00000000 ____D () C:\Windows\ShellNew
2014-10-31 09:11 - 2008-02-28 05:28 - 00124464 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2014-10-31 09:11 - 2008-02-28 05:28 - 00010635 _____ () C:\Windows\system32\Drivers\SYMEVENT.CAT
2014-10-31 09:11 - 2008-02-28 05:28 - 00000000 ____D () C:\Program Files\Symantec
2014-10-31 08:29 - 2008-02-28 05:22 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-10-31 08:28 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system
2014-10-31 08:22 - 2006-11-02 12:37 - 00000000 ____D () C:\Windows\system32\restore
2014-10-21 13:53 - 2012-05-02 23:59 - 01397728 _____ (Tweaking.com) C:\Users\Howard\Desktop\TweakingRegistryBackup.exe
2014-10-08 02:04 - 2013-09-05 20:16 - 00078816 _____ (PcWinTech.com) C:\Users\Howard\Desktop\pcwintech_tasksch.dll
2014-10-08 02:01 - 2013-08-20 03:25 - 00234464 _____ (Tweaking.com) C:\Users\Howard\Desktop\tweaking_tabs.ocx

Some content of TEMP:
====================
C:\Users\Howard\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-03 12:51

==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2014
Ran by Howard at 2014-11-03 16:32:47
Running from C:\Users\Howard\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.45.0 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
AOL Toolbar 5.0 (HKLM\...\AOL Toolbar) (Version: 5.0.67.2 - AOL)
AppCore (Version: 1.3 - Symantec Corporation) Hidden
ATI Catalyst Install Manager (HKLM\...\{DC01D608-E195-569B-180A-3661D60D44FE}) (Version: 3.0.657.0 - ATI Technologies, Inc.)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (HKLM\...\{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2008.0203.2143.38810 - ATI) Hidden
ccCommon (Version: 107.0.0.102 - Symantec) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Component Framework (Version: 2006.1.3.35 - Symantec Corporation) Hidden
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1126 - CyberLink Corp.)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version: - Hewlett-Packard)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.1.4708.19 - PC-Doctor, Inc.)
Hewlett-Packard Active Check (Version: 1.1.11.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5 - HP) Hidden
HP Customer Experience Enhancements (HKLM\...\{C8D47273-7A1A-4614-A3D8-263632D8A5ED}) (Version: 5.6.0.2499 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}) (Version: 5.6.0.2542 - Hewlett-Packard)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version: - Hewlett-Packard)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Total Care Advisor (HKLM\...\{fef8097e-662d-49b3-aa77-2919db3746d7}) (Version: 1.6.12.2542 - Hewlett-Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
Internet From BT (HKLM\...\{08EA2B0E-2CB4-42AC-B675-16FF8C44E38F}) (Version: - )
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2329 - CyberLink Corp.)
LightScribe System Software 1.10.23.1 (HKLM\...\{0E19A83E-F53B-40CF-8C91-96F32D955E6A}) (Version: 1.10.23.1 - http://www.lightscribe.com)
LiveUpdate (Symantec Corporation) (HKLM\...\PsuedoLiveUpdate) (Version: 3.4.0.162 - Symantec)
LiveUpdate (Symantec Corporation) (Version: 3.4.0.164 - Symantec) Hidden
MainConcept for Software Encoder (HKLM\...\InstallShield_{E7A02A01-C75A-4490-A168-5CA709A3D862}) (Version: 1.1.0.26 - MainConcept)
MainConcept for Software Encoder (Version: 1.1.0.26 - MainConcept) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
muvee autoProducer 6.1 (HKLM\...\{5115C036-C0D5-4E1B-81C9-542CA967478A}) (Version: 6.10.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1902 - WildTangent)
Norton AntiVirus (Version: 15.0.0.58 - Symantec Corporation) Hidden
Norton AntiVirus Help (Version: 15.0 - Symantec Corporation) Hidden
Norton Confidential Core (Version: 2.0.0.84 - Symantec Corporation) Hidden
Norton Internet Security (Symantec Corporation) (HKLM\...\SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}) (Version: 15.0.0.60 - Symantec Corporation)
Norton Internet Security (Version: 15.0.0.60 - Symantec Corporation) Hidden
Norton Protection Center (Version: 3.1.0.98 - Symantec Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3610 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2420 - CyberLink Corp.)
PowerDirector (Version: 6.5.2420 - CyberLink Corp.) Hidden
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
RegCure Pro (HKLM\...\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}) (Version: 3.2.12.0 - ParetoLogic, Inc.)
Skins (Version: 2008.0203.2143.38810 - ATI) Hidden
SPBBC 32bit (Version: 4.0.0.134 - Symantec Corporation) Hidden
Symantec Real Time Storage Protection Component (Version: 10.2.2.6 - Symantec Corporation) Hidden
SymNet (Version: 8.0.3.4 - Symantec Corporation) Hidden
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

31-10-2014 08:22:21 Scripted restore
31-10-2014 09:01:00 Windows Update
31-10-2014 15:28:20 Windows Update
31-10-2014 15:35:25 Removed Java(TM) SE Runtime Environment 6 Update 1
31-10-2014 15:38:49 Installed Java 7 Update 71
31-10-2014 15:52:19 Device Driver Package Install: Hewlett-Packard Universal Serial Bus controllers
31-10-2014 15:54:12 Device Driver Package Install: HP Printers
31-10-2014 15:59:05 Device Driver Package Install: HP Printers
31-10-2014 16:00:50 Windows Update
31-10-2014 16:48:23 Windows Update
31-10-2014 17:34:13 Windows Update
01-11-2014 17:11:34 Windows Update
01-11-2014 17:36:23 Installed HP Update.
01-11-2014 17:54:07 Windows Update
01-11-2014 21:38:37 RegCure Pro Backup
01-11-2014 21:55:55 RegCure Pro Backup
02-11-2014 14:41:00 Scheduled Checkpoint
02-11-2014 15:38:32 RegCure Pro Backup
03-11-2014 08:26:19 Windows Update
03-11-2014 10:44:32 RegCure Pro Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 10:23 - 2006-09-18 21:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {032AC04C-AD1E-470D-ABF1-DB0CD57F7613} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-12-18] ()
Task: {0D75DDD9-32B0-4B0D-933D-10565BF72F99} - System32\Tasks\ParetoLogic Update Version3 => c:\program files\common files\paretologic\uus3\Pareto_Update3.exe [2014-10-27] ()
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3D3A684A-642D-4034-8C86-CDF1969ED033} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {4BE95E5D-7A25-4747-BB10-71573C0B03EA} - System32\Tasks\JavaUpdateAdministrator => C:\Windows\system32\jusched.exe
Task: {58C436A9-0B04-4331-9A32-3709A671924C} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files\PC-Doctor 5 for Windows\task_swap.bat [2008-02-28] ()
Task: {8F3B33C4-397B-4A0B-A6F8-BC79218689E8} - System32\Tasks\IntenetServiceOffers => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-12-18] ()
Task: {9EB44560-63F6-4CA3-8294-048D3F7D340B} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {ABA59270-A264-4EE3-8D48-C474BCD1B562} - System32\Tasks\JavaUpdateHoward => C:\Windows\system32\jusched.exe
Task: {B9E6B5E5-BC9C-4022-82FE-853983F7619F} - System32\Tasks\Norton Internet Security - Run Full System Scan - Howard => c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26] (Symantec Corporation)
Task: {BF67773C-4428-4B6E-BA37-A71FF4EBD20C} - System32\Tasks\RegCure Pro Startup => C:\Program Files\ParetoLogic\RegCure Pro\RegCurePro.exe [2014-10-27] (ParetoLogic, Inc.)
Task: {C208A464-93B7-4EB9-8D10-6FFB1B244A79} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-03] (Adobe Systems Incorporated)
Task: {C9AAA9FF-0946-4260-A8D6-92F1D8399316} - System32\Tasks\RegCure Pro_sch_7153E290-620C-11E4-BF55-001FC64BDCFA => C:\Program Files\ParetoLogic\RegCure Pro\RegCurePro.exe [2014-10-27] (ParetoLogic, Inc.)
Task: {CBF7BA00-5597-40FF-913F-5E571E0EEE45} - System32\Tasks\ParetoLogic Update Version3_triggeronce => c:\program files\common files\paretologic\uus3\Pareto_Update3.exe [2014-10-27] ()
Task: {ED5B0723-42F7-41AA-80A5-B32C6B61C9B4} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2007-10-04] (PC-Doctor, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Howard.job => c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => c:\program files\common files\paretologic\uus3\Pareto_Update3.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3_triggeronce.job => c:\program files\common files\paretologic\uus3\Pareto_Update3.exe
Task: C:\Windows\Tasks\RegCure Pro Startup.job => C:\Program Files\ParetoLogic\RegCure Pro\RegCurePro.exe
Task: C:\Windows\Tasks\RegCure Pro_sch_7153E290-620C-11E4-BF55-001FC64BDCFA.job => C:\Program Files\ParetoLogic\RegCure Pro\RegCurePro.exe

==================== Loaded Modules (whitelisted) =============

2006-11-02 06:47 - 2006-11-02 09:46 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
2008-02-28 04:26 - 2008-02-03 22:16 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2008-01-19 02:21 - 2008-01-19 02:21 - 00057344 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2008-01-19 02:20 - 2008-01-19 02:20 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2008-01-19 02:20 - 2008-01-19 02:20 - 00006144 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2008-01-19 02:20 - 2008-01-19 02:20 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2008-01-19 02:21 - 2008-01-19 02:21 - 00036864 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2008-01-19 02:21 - 2008-01-19 02:21 - 00007168 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
2014-10-31 09:05 - 2014-10-31 09:05 - 01251720 _____ () C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
2014-10-31 09:05 - 2014-10-31 09:05 - 00362376 _____ () C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
2014-11-01 19:02 - 2014-10-28 02:01 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1787711281-4221503470-2062763937-500 - Administrator - Disabled)
Guest (S-1-5-21-1787711281-4221503470-2062763937-501 - Limited - Disabled)
Howard (S-1-5-21-1787711281-4221503470-2062763937-1000 - Administrator - Enabled) => C:\Users\Howard

==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/03/2014 00:35:50 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
The content index metadata cannot be read. (0xc0041801)

Error: (11/03/2014 00:35:50 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index metadata cannot be read. (0xc0041801)

Error: (11/03/2014 00:35:50 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (0x80070490)

Error: (11/03/2014 00:35:49 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index metadata cannot be read. (0xc0041801)

Error: (11/03/2014 00:35:49 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
0 (0x8004117f - The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. )

Error: (11/03/2014 00:35:49 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f)

Error: (11/03/2014 00:35:48 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Error: (11/03/2014 10:46:55 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (11/03/2014 10:36:23 AM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Error: (11/03/2014 08:13:12 AM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.


System errors:
=============
Error: (11/03/2014 00:37:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Restart the service

Error: (11/03/2014 00:37:02 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Windows Search2147749155 (0x80040D23)

Error: (11/03/2014 00:37:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (11/03/2014 00:35:39 PM) (Source: atikmdag) (EventID: 10270) (User: )
Description:

Error: (11/03/2014 00:35:38 PM) (Source: atikmdag) (EventID: 10270) (User: )
Description:

Error: (11/03/2014 00:35:38 PM) (Source: atikmdag) (EventID: 10270) (User: )
Description:

Error: (11/03/2014 00:35:02 PM) (Source: ACPI) (EventID: 6) (User: )
Description: IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 9, function 0.
Please contact your system vendor for technical assistance.

Error: (11/03/2014 10:31:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (11/03/2014 10:29:49 AM) (Source: atikmdag) (EventID: 10270) (User: )
Description:

Error: (11/03/2014 10:29:49 AM) (Source: atikmdag) (EventID: 10270) (User: )
Description:


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
Percentage of memory in use: 38%
Total physical RAM: 3069.94 MB
Available physical RAM: 1896.34 MB
Total Pagefile: 6339.88 MB
Available Pagefile: 4962.28 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.46 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:455.33 GB) (Free:391.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.43 GB) (Free:1.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive j: (SAMSUNG) (Fixed) (Total:1397.26 GB) (Free:1216.09 GB) NTFS
Drive k: (HP Pocket Media Drive) (Fixed) (Total:149.04 GB) (Free:24.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=455.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 87BBB8DD)
Partition 1: (Not Active) - (Size=149 GB) - (Type=OF Extended)

========================================================
Disk: 2 (Size: 1397.3 GB) (Disk ID: 9B943164)
Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================



aswMBR version 1.0.1.2172 Copyright(c) 2014 AVAST Software
Run date: 2014-11-03 16:34:54
-----------------------------
16:34:54.949 OS Version: Windows 6.0.6000
16:34:54.949 Number of processors: 2 586 0x6B02
16:34:54.950 ComputerName: HOME-DESKTOP UserName: Howard
16:34:58.895 Initialize success
16:34:59.035 VM: initialized successfully
16:34:59.036 VM: Amd CPU virtualization not supported
16:34:59.076 disk I/O nvstor32.sys
16:38:54.126 AVAST engine defs: 14110301
16:39:03.223 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005a
16:39:03.230 Disk 0 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 6
16:39:03.399 Disk 0 MBR read successfully
16:39:03.407 Disk 0 MBR scan
16:39:03.463 Disk 0 unknown MBR code
16:39:03.471 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 466261 MB offset 63
16:39:03.560 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10676 MB offset 954903600
16:39:03.610 Disk 0 scanning sectors +976768065
16:39:03.746 Disk 0 scanning C:\Windows\system32\drivers
16:39:22.499 Service scanning
16:39:52.231 Modules scanning
16:40:07.587 Disk 0 trace - called modules:
16:40:07.617 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
16:40:07.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f0dad8]
16:40:07.632 3 ntkrnlpa.exe[81cb0d35] -> nt!IofCallDriver -> [0x84b21608]
16:40:07.639 5 acpi.sys[8023232a] -> nt!IofCallDriver -> \Device\0000005a[0x84f86ca0]
16:40:10.444 AVAST engine scan C:\Windows
16:40:30.542 AVAST engine scan C:\Windows\system32
16:46:50.629 AVAST engine scan C:\Windows\system32\drivers
16:47:50.023 AVAST engine scan C:\Users\Howard
16:55:29.768 AVAST engine scan C:\ProgramData
16:57:00.692 Disk 0 statistics 2392846/0/0 @ 1.64 MB/s
16:57:00.701 Scan finished successfully
16:57:51.084 Disk 0 MBR has been saved successfully to "C:\Users\Howard\Desktop\MBR.dat"
16:57:51.093 The log file has been saved successfully to "C:\Users\Howard\Desktop\aswMBR.txt"
ken545
2014-11-04, 14:45
:snwelcome:

Lets do a few things as your logs look fairly healthy

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



===============================================================================


http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.




===============================================================================

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"


http://i24.photobucket.com/albums/c30/ken545/MBAM203_zps0a230260.jpg (http://s24.photobucket.com/user/ken545/media/MBAM203_zps0a230260.jpg.html)


On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes
howardp67
2014-11-04, 17:38
Hi Ken545,

Please see below results of the AdwCleaner scan as requested.

Regards, Howard.

# AdwCleaner v3.311 - Report created 04/11/2014 at 16:28:47
# Updated 30/09/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium (32 bits)
# Username : Howard - HOME-DESKTOP
# Running from : C:\Users\Howard\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files\ParetoLogic
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Users\Howard\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
File Deleted : C:\Users\Howard\Desktop\Uninstall.exe

***** [ Scheduled Tasks ] *****

Task Deleted : paretologic registration3
Task Deleted : paretologic update version3

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\ParetoLogic

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.16575


-\\ Mozilla Firefox v33.0.2 (x86 en-US)

[ File : C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\zv204cq1.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1370 octets] - [04/11/2014 16:26:52]
AdwCleaner[S0].txt - [1313 octets] - [04/11/2014 16:28:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1373 octets] ##########
howardp67
2014-11-04, 18:22
[QUOTE=howardp67;458629]Hi Ken545,

Please see below results of the AdwCleaner, JRT and malwarebytes scans as requested.

Regards, Howard.




# AdwCleaner v3.311 - Report created 04/11/2014 at 16:28:47
# Updated 30/09/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium (32 bits)
# Username : Howard - HOME-DESKTOP
# Running from : C:\Users\Howard\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files\ParetoLogic
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Users\Howard\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
File Deleted : C:\Users\Howard\Desktop\Uninstall.exe

***** [ Scheduled Tasks ] *****

Task Deleted : paretologic registration3
Task Deleted : paretologic update version3

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\ParetoLogic

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.16575


-\\ Mozilla Firefox v33.0.2 (x86 en-US)

[ File : C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\zv204cq1.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1370 octets] - [04/11/2014 16:26:52]
AdwCleaner[S0].txt - [1313 octets] - [04/11/2014 16:28:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1373 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Howard on 04/11/2014 at 16:39:46.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D0440EB7-81DD-412A-A6BD-9EE183D6D548}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E43961DF-4AD7-4168-B45D-2ECC57CFF454}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{D0440EB7-81DD-412A-A6BD-9EE183D6D548}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E43961DF-4AD7-4168-B45D-2ECC57CFF454}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Howard\AppData\Roaming\mozilla\firefox\profiles\zv204cq1.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 04/11/2014
Scan Time: 17:04:12
Logfile: Malwarebytes scan result.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.04.04
Rootkit Database: v2014.11.01.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista
CPU: x86
File System: NTFS
User: Howard

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 287320
Time Elapsed: 6 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
ken545
2014-11-04, 18:33
Not really a lot of bad things removed , just some junk. How is your system behaving now ?
howardp67
2014-11-05, 13:47
Not really a lot of bad things removed , just some junk. How is your system behaving now ?

Hi Ken545,

Ok thanks - system not too bad I will monitor things and see how it goes. If I encounter further problems I will be in touch.

Thanks, howard.
ken545
2014-11-05, 14:28
Great, just a reminder that threads are closed after 3 days so if the thread is closed just send me a PM and I will reopen it


Double click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.



==========================================================


Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.


Windows XP Double Click DelFix.exe to run the program.
Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR
Place a checkmark next to the following items


Activate UAC
Remove Disinfection Tools
Create registry backup
Reset System Settings


Click the Run button

This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually



==========================================================




How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken
howardp67
2014-11-05, 16:17
Thank you for your help!
ken545
2014-11-05, 16:35
Your very welcome my friend,

Take care

Ken :)