Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe


  • This topic is locked This topic is locked
5 replies to this topic

#1 BigBucks

BigBucks

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 16 September 2014 - 08:28 AM

I have multiple instances of dllhost.exe running on a computer taking up a ton of memory.  Can anyone help with this?



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:58 AM

Posted 16 September 2014 - 08:41 AM

Hi,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 BigBucks

BigBucks
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 16 September 2014 - 11:15 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by asoto (administrator) on IIEFLCO1E15001L on 16-09-2014 08:52:52
Running from C:\Users\asoto\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Windows\System32\DTS.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\System32\AtService.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
(SMART Technologies ULC) C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Toolwiz) C:\Program Files\ToolwizCareFree\ToolwizCares.exe
(Mitel Networks Corporation) C:\Program Files\Mitel\Unified Communicator Advanced 6.0\DialIEHelper.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIH5A.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(PalmSource, Inc) C:\Program Files\Palm\Hotsync.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [68976 2009-03-13] (Lenovo Group Limited)
HKLM\...\Run: [LENOVO.TPFNF6R] => C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe [62752 2009-08-19] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [337184 2009-07-08] (Lenovo.)
HKLM\...\Run: [FingerPrintSoftware] => C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582328 2009-09-01] (AuthenTec)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3089720 2009-08-26] (Lenovo Group Limited)
HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2010-08-31] (Symantec Corporation)
HKLM\...\Run: [BIEPatchHelper] => C:\Program Files\BIE Patch Helper\BIEPatchHelper.exe [118784 2008-12-10] (FMIS)
HKLM\...\Run: [SMART Board Service] => C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe [2186096 2012-03-21] (SMART Technologies)
HKLM\...\Run: [SMART Board Tools] => C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe [10132336 2012-03-09] (SMART Technologies ULC)
HKLM\...\Run: [SMART Ink] => C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe [94616 2012-05-31] (SMART Technologies)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Mitel Unified Communicator Advanced 6.0] => C:\Program Files\Mitel\Unified Communicator Advanced 6.0\DialIEHelper.exe [9216 2013-09-26] (Mitel Networks Corporation)
HKCU Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKCU Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-06-15] (Microsoft Corporation)
HKU\S-1-5-21-1987714715-2013816924-165636572-1790\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-09-03] (Google Inc.)
HKU\S-1-5-21-1987714715-2013816924-165636572-1790\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIH5A.EXE [220800 2012-07-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1987714715-2013816924-165636572-1790\...\Run: [DisplaySwitch] => "C:\Users\asoto\AppData\Roaming\Microsoft\Windows\Templates\securitywindrv.exe"
HKU\S-1-5-21-1987714715-2013816924-165636572-1790\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-1987714715-2013816924-165636572-1790\...\MountPoints2: {97adc504-a98d-11e1-8856-b0105efd7501} - D:\LaunchU3.exe -a
HKU\S-1-5-21-1987714715-2013816924-165636572-1790\...\MountPoints2: {e1a82b21-a76e-11df-9019-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-1987714715-2013816924-165636572-1790\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
ShortcutTarget: HotSync Manager.lnk -> C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
BootExecute: autocheck autochk *  BootDefrag.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 169.203.103.5 169.203.103.6
Tcpip\..\Interfaces\{F0B46EFC-DEBA-4C14-BF91-B71BCAFAD5ED}: [NameServer] 169.203.103.5,169.203.103.6
 
FireFox:
========
FF ProfilePath: C:\Users\asoto\AppData\Roaming\Mozilla\Firefox\Profiles\sfp6wpte.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @palmsource.com/installer,version=1.0 -> C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\asoto\AppData\Roaming\Mozilla\Firefox\Profiles\sfp6wpte.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npRLPrint.dll (Renaissance Learning Inc.)
FF SearchPlugin: C:\Users\asoto\AppData\Roaming\Mozilla\Firefox\Profiles\sfp6wpte.default\searchplugins\askcom.xml
FF Extension: Ask Toolbar - C:\Users\asoto\AppData\Roaming\Mozilla\Firefox\Profiles\sfp6wpte.default\Extensions\toolbar@ask.com [2013-03-12]
FF Extension: No Name - C:\Users\asoto\AppData\Roaming\Mozilla\Firefox\Profiles\sfp6wpte.default\extensions\crossriderapp4479@crossrider.com [Not Found]
FF Extension: No Name - C:\Users\asoto\AppData\Roaming\Mozilla\Firefox\Profiles\sfp6wpte.default\extensions\ffxtlbr@babylon.com [Not Found]
 
Chrome: 
=======
CHR CustomProfile: C:\Users\asoto\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\asoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-28]
CHR Extension: (Google Drive) - C:\Users\asoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\asoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-23]
CHR Extension: (Google Wallet) - C:\Users\asoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-29]
CHR Extension: (Gmail) - C:\Users\asoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-28]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [124192 2009-09-04] (Lenovo)
R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [242976 2009-09-04] (Lenovo)
S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [106496 2009-09-01] () [File not signed]
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-08-31] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-08-31] (Symantec Corporation)
S3 dlcc_device; C:\Windows\system32\dlcccoms.exe [491520 2005-06-21] () [File not signed]
R2 dtsvc; C:\Windows\system32\DTS.exe [98304 2009-09-01] () [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577088 2013-11-20] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [130944 2011-04-25] (SEIKO EPSON CORPORATION)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-08-10] (Flexera Software, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45424 2009-07-03] (Lenovo Group Limited)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2010-02-17] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed]
R2 SMARTHelperService; C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe [580976 2012-03-21] (SMART Technologies)
R2 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1885488 2010-08-31] (Symantec Corporation)
S4 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [357704 2010-08-31] (Symantec Corporation)
R2 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [15872 2009-09-04] (Lenovo Group Limited) [File not signed]
R2 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1832072 2010-08-31] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 5U875UVC; C:\Windows\System32\DRIVERS\5U875.sys [72320 2009-07-08] (Ricoh co.,Ltd.)
R1 BTOWSFF; C:\Windows\system32\Drivers\BTOWSFF.sys [27648 2014-09-16] (Toolwiz.com)
R0 BTOWSVF; C:\Windows\System32\Drivers\BTOWSVF.sys [45952 2014-09-16] (Toolwiz.com)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-08-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-08-27] (Symantec Corporation)
R0 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17088 2014-06-13] (Glarysoft Ltd)
R0 KSafeDISK; C:\Windows\System32\Drivers\KSafeDISK.sys [48640 2014-09-16] (Toolwiz.com)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20140913.021\NAVENG.SYS [95704 2014-08-11] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20140913.021\NAVEX15.SYS [1636696 2014-08-11] (Symantec Corporation)
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
R3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [11632 2012-03-21] (SMART Technologies ULC)
S3 SMARTSRVSDC330; C:\Windows\System32\Drivers\SMARTDocCamGen2.sys [23280 2012-03-08] (SMART TECHNOLOGIES)
R3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [14704 2012-03-21] (SMART Technologies ULC)
R3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [21872 2012-03-21] (SMART Technologies ULC)
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2010-08-31] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [283184 2010-08-31] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [320944 2010-08-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2010-08-31] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [125488 2010-08-31] (Symantec Corporation)
R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26416 2010-04-20] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [188080 2010-04-20] (Symantec Corporation)
S3 catchme; \??\C:\Users\rpcarley\AppData\Local\Temp\catchme.sys [X]
S1 MpKslfb285c22; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E4E4A211-2F57-4EEB-B9C0-EB2349A299C2}\MpKslfb285c22.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-16 08:52 - 2014-09-16 09:02 - 00022036 _____ () C:\Users\asoto\Desktop\FRST.txt
2014-09-16 08:51 - 2014-09-16 13:53 - 01097728 _____ (Farbar) C:\Users\asoto\Desktop\FRST.exe
2014-09-16 08:06 - 2014-09-16 08:06 - 00000000 ____D () C:\Users\asoto\AppData\Local\ToolwizCareFree
2014-09-16 08:02 - 2014-09-16 08:33 - 00000112 _____ () C:\Windows\setupact.log
2014-09-16 08:02 - 2014-09-16 08:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-16 07:36 - 2014-09-16 07:58 - 00000000 ____D () C:\Users\rpcarley\AppData\Local\ToolwizCareFree
2014-09-16 07:36 - 2014-09-16 07:36 - 07539416 _____ (ToolWiz) C:\Users\rpcarley\Downloads\Setup_ToolwizCare.exe
2014-09-16 07:36 - 2014-09-16 07:36 - 00048640 _____ (Toolwiz.com) C:\Windows\system32\Drivers\KSafeDISK.sys
2014-09-16 07:36 - 2014-09-16 07:36 - 00045952 _____ (Toolwiz.com) C:\Windows\system32\Drivers\BTOWSVF.sys
2014-09-16 07:36 - 2014-09-16 07:36 - 00027648 _____ (Toolwiz.com) C:\Windows\system32\Drivers\BTOWSFF.sys
2014-09-16 07:36 - 2014-09-16 07:36 - 00001047 _____ () C:\Users\rpcarley\Desktop\Toolwiz Care.lnk
2014-09-16 07:36 - 2014-09-16 07:36 - 00001047 _____ () C:\Users\asoto\Desktop\Toolwiz Care.lnk
2014-09-16 07:36 - 2014-09-16 07:36 - 00001047 _____ () C:\Users\administrator\Desktop\Toolwiz Care.lnk
2014-09-16 07:36 - 2014-09-16 07:36 - 00000000 ___HD () C:\TOOLWIZ
2014-09-16 07:36 - 2014-09-16 07:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ToolwizCareFree
2014-09-16 07:36 - 2014-09-16 07:36 - 00000000 ____D () C:\Program Files\ToolwizCareFree
2014-09-16 07:32 - 2014-09-16 07:33 - 00000935 _____ () C:\Users\rpcarley\Downloads\gu5setup.exe
2014-09-16 07:31 - 2014-09-16 07:31 - 14236992 _____ () C:\Users\rpcarley\Downloads\Glary_Utilities_v5.7.0.14.exe.bb1b6av.partial
2014-09-16 07:31 - 2014-09-16 07:31 - 00000000 __RSH () C:\MSDOS.SYS
2014-09-16 07:31 - 2014-09-16 07:31 - 00000000 __RSH () C:\IO.SYS
2014-09-16 07:30 - 2014-09-16 07:30 - 00000000 ____D () C:\Users\rpcarley\AppData\Roaming\Macromedia
2014-09-16 07:29 - 2014-09-16 07:33 - 00000000 ____D () C:\Users\rpcarley\AppData\Roaming\Google
2014-09-16 07:28 - 2014-09-16 07:28 - 00000000 ____D () C:\Users\rpcarley\AppData\Roaming\GlarySoft
2014-09-15 15:57 - 2014-09-15 15:57 - 00026440 _____ () C:\ComboFix.txt
2014-09-15 15:44 - 2014-09-15 15:44 - 00000000 ____D () C:\found.001
2014-09-15 14:49 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-15 14:49 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-15 14:49 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-15 14:49 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-15 14:49 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-15 14:49 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-15 14:49 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-15 14:49 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-15 14:39 - 2014-09-15 14:39 - 00003838 __RSH () C:\Users\rpcarley\ntuser.pol
2014-09-15 14:39 - 2014-09-15 14:39 - 00000000 ____D () C:\Users\rpcarley\AppData\Roaming\Adobe
2014-09-15 12:10 - 2014-09-15 15:58 - 00000000 ____D () C:\Qoobox
2014-09-15 11:55 - 2014-09-15 15:56 - 00000000 ____D () C:\Windows\erdnt
2014-09-15 10:18 - 2014-09-16 08:53 - 00000000 ____D () C:\FRST
2014-09-15 09:51 - 2014-09-15 09:51 - 00000000 ____D () C:\Users\asoto\AppData\Roaming\GlarySoft
2014-09-15 08:28 - 2014-09-15 08:29 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 08:28 - 2014-09-15 08:28 - 00001075 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-15 08:28 - 2014-09-15 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-15 08:28 - 2014-09-15 08:28 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-15 08:28 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-15 08:28 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-13 19:06 - 2014-09-13 19:07 - 00000000 ____D () C:\Users\asoto\Desktop\PP IN JU1
2014-09-12 03:21 - 2014-08-16 22:57 - 14369280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 03:21 - 2014-08-16 22:57 - 13757440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 03:21 - 2014-08-16 22:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 03:21 - 2014-08-16 22:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 03:21 - 2014-08-16 22:57 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 03:21 - 2014-08-16 22:57 - 01440768 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 03:21 - 2014-08-16 22:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 03:21 - 2014-08-16 22:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-12 03:21 - 2014-08-16 22:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 03:21 - 2014-08-16 22:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 03:21 - 2014-08-16 22:57 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 03:21 - 2014-08-16 22:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 03:21 - 2014-08-16 22:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 03:21 - 2014-08-16 22:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 03:21 - 2014-08-16 22:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-12 03:21 - 2014-08-16 22:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 03:21 - 2014-08-16 22:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 03:21 - 2014-08-16 22:57 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 03:21 - 2014-08-16 22:57 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 03:21 - 2014-08-16 22:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 03:21 - 2014-08-16 01:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 03:21 - 2014-08-16 00:53 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-09-12 03:19 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 12:22 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 12:22 - 2014-07-06 20:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 12:22 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 12:22 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 07:32 - 2014-09-11 07:32 - 70200077 _____ () C:\Users\asoto\Downloads\FirstGradeJourneysPrintandGoUnitBundle (1).zip
2014-09-10 08:33 - 2014-09-11 11:53 - 02839189 _____ () C:\Users\asoto\Desktop\Calendar2014-2015.notebook
2014-09-05 16:02 - 2014-09-05 16:02 - 00183939 _____ () C:\Users\asoto\Desktop\timer.notebook
2014-08-31 14:50 - 2014-09-12 11:21 - 02848843 _____ () C:\Users\asoto\Desktop\Calendar 2014-2015.notebook
2014-08-28 08:30 - 2014-08-28 08:30 - 00000000 ____D () C:\Users\asoto\Desktop\Math Intervention class
2014-08-28 01:35 - 2014-08-22 20:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 01:35 - 2014-08-22 19:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 13:34 - 2014-08-24 13:34 - 01328283 _____ () C:\Users\asoto\Downloads\HowFullisYourBucketLesson.notebook
2014-08-23 16:02 - 2014-09-15 13:25 - 00000000 ____D () C:\Users\asoto\Desktop\2014 First Week of School
2014-08-20 16:17 - 2014-05-14 11:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-20 16:17 - 2014-05-14 11:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-20 16:17 - 2014-05-14 11:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-20 16:17 - 2014-05-14 11:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-20 16:16 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-20 16:16 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-20 16:16 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-20 16:15 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-20 16:15 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-20 03:10 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-20 03:10 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-20 03:09 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-20 03:09 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-19 17:18 - 2014-07-13 20:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-19 17:18 - 2014-06-15 20:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-19 17:18 - 2014-06-15 20:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-19 17:18 - 2014-06-15 20:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-19 17:17 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-19 17:17 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-08-19 17:16 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-19 17:16 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-08-19 17:16 - 2014-06-03 04:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-19 17:16 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-19 17:16 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-19 17:16 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-19 17:16 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-08-19 17:16 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-08-19 17:16 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-08-19 17:16 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-08-19 17:16 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-08-19 17:16 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-08-19 17:16 - 2014-05-30 01:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-08-19 11:59 - 2014-08-19 11:59 - 00000000 ____D () C:\Bluetooth Exchange Folder
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-16 13:53 - 2014-09-16 08:51 - 01097728 _____ (Farbar) C:\Users\asoto\Desktop\FRST.exe
2014-09-16 09:02 - 2014-09-16 08:52 - 00022036 _____ () C:\Users\asoto\Desktop\FRST.txt
2014-09-16 08:53 - 2014-09-15 10:18 - 00000000 ____D () C:\FRST
2014-09-16 08:53 - 2011-09-03 21:46 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-16 08:52 - 2010-08-14 05:04 - 00000136 _____ () C:\Windows\system32\config\netlogon.ftl
2014-09-16 08:45 - 2009-07-13 23:34 - 00016976 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-16 08:45 - 2009-07-13 23:34 - 00016976 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-16 08:42 - 2010-08-14 01:56 - 01757352 _____ () C:\Windows\WindowsUpdate.log
2014-09-16 08:38 - 2012-10-03 08:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-16 08:34 - 2011-10-14 17:26 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-09-16 08:33 - 2014-09-16 08:02 - 00000112 _____ () C:\Windows\setupact.log
2014-09-16 08:33 - 2011-09-03 21:46 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-16 08:33 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-16 08:06 - 2014-09-16 08:06 - 00000000 ____D () C:\Users\asoto\AppData\Local\ToolwizCareFree
2014-09-16 08:06 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-16 08:03 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\tracing
2014-09-16 08:02 - 2014-09-16 08:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-16 07:58 - 2014-09-16 07:36 - 00000000 ____D () C:\Users\rpcarley\AppData\Local\ToolwizCareFree
2014-09-16 07:36 - 2014-09-16 07:36 - 07539416 _____ (ToolWiz) C:\Users\rpcarley\Downloads\Setup_ToolwizCare.exe
2014-09-16 07:36 - 2014-09-16 07:36 - 00048640 _____ (Toolwiz.com) C:\Windows\system32\Drivers\KSafeDISK.sys
2014-09-16 07:36 - 2014-09-16 07:36 - 00045952 _____ (Toolwiz.com) C:\Windows\system32\Drivers\BTOWSVF.sys
2014-09-16 07:36 - 2014-09-16 07:36 - 00027648 _____ (Toolwiz.com) C:\Windows\system32\Drivers\BTOWSFF.sys
2014-09-16 07:36 - 2014-09-16 07:36 - 00001047 _____ () C:\Users\rpcarley\Desktop\Toolwiz Care.lnk
2014-09-16 07:36 - 2014-09-16 07:36 - 00001047 _____ () C:\Users\ecarley\Desktop\Toolwiz Care.lnk
2014-09-16 07:36 - 2014-09-16 07:36 - 00001047 _____ () C:\Users\asoto\Desktop\Toolwiz Care.lnk
2014-09-16 07:36 - 2014-09-16 07:36 - 00001047 _____ () C:\Users\administrator\Desktop\Toolwiz Care.lnk
2014-09-16 07:36 - 2014-09-16 07:36 - 00000000 ___HD () C:\TOOLWIZ
2014-09-16 07:36 - 2014-09-16 07:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ToolwizCareFree
2014-09-16 07:36 - 2014-09-16 07:36 - 00000000 ____D () C:\Program Files\ToolwizCareFree
2014-09-16 07:33 - 2014-09-16 07:32 - 00000935 _____ () C:\Users\rpcarley\Downloads\gu5setup.exe
2014-09-16 07:33 - 2014-09-16 07:29 - 00000000 ____D () C:\Users\rpcarley\AppData\Roaming\Google
2014-09-16 07:31 - 2014-09-16 07:31 - 14236992 _____ () C:\Users\rpcarley\Downloads\Glary_Utilities_v5.7.0.14.exe.bb1b6av.partial
2014-09-16 07:31 - 2014-09-16 07:31 - 00000000 __RSH () C:\MSDOS.SYS
2014-09-16 07:31 - 2014-09-16 07:31 - 00000000 __RSH () C:\IO.SYS
2014-09-16 07:30 - 2014-09-16 07:30 - 00000000 ____D () C:\Users\rpcarley\AppData\Roaming\Macromedia
2014-09-16 07:29 - 2013-08-28 08:33 - 00000000 ____D () C:\Users\rpcarley\AppData\Local\Google
2014-09-16 07:28 - 2014-09-16 07:28 - 00000000 ____D () C:\Users\rpcarley\AppData\Roaming\GlarySoft
2014-09-16 07:28 - 2014-06-13 10:13 - 00000216 _____ () C:\BackupLoader.ini
2014-09-16 07:28 - 2014-06-13 10:12 - 00000000 ____D () C:\Program Files\Glary Utilities 5
2014-09-15 15:58 - 2014-09-15 12:10 - 00000000 ____D () C:\Qoobox
2014-09-15 15:58 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2014-09-15 15:58 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Default
2014-09-15 15:57 - 2014-09-15 15:57 - 00026440 _____ () C:\ComboFix.txt
2014-09-15 15:56 - 2014-09-15 11:55 - 00000000 ____D () C:\Windows\erdnt
2014-09-15 15:53 - 2009-07-13 21:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-15 15:44 - 2014-09-15 15:44 - 00000000 ____D () C:\found.001
2014-09-15 15:35 - 2009-07-13 21:03 - 68943872 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-15 15:35 - 2009-07-13 21:03 - 19136512 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-15 15:35 - 2009-07-13 21:03 - 00786432 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-09-15 15:35 - 2009-07-13 21:03 - 00032768 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-15 14:47 - 2013-03-26 08:03 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-15 14:41 - 2013-08-28 08:36 - 00130128 _____ () C:\Users\rpcarley\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-15 14:39 - 2014-09-15 14:39 - 00003838 __RSH () C:\Users\rpcarley\ntuser.pol
2014-09-15 14:39 - 2014-09-15 14:39 - 00000000 ____D () C:\Users\rpcarley\AppData\Roaming\Adobe
2014-09-15 14:39 - 2013-08-28 08:33 - 00000000 ____D () C:\Users\rpcarley
2014-09-15 13:28 - 2009-07-21 01:20 - 00000000 ____D () C:\Windows\Panther
2014-09-15 13:25 - 2014-08-23 16:02 - 00000000 ____D () C:\Users\asoto\Desktop\2014 First Week of School
2014-09-15 13:25 - 2012-08-24 20:14 - 00000000 ____D () C:\Users\asoto\AppData\Roaming\Microsoft\Windows\Start Menu\PDF Reader
2014-09-15 13:25 - 2011-12-12 13:32 - 00000000 ____D () C:\Users\asoto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
2014-09-15 09:51 - 2014-09-15 09:51 - 00000000 ____D () C:\Users\asoto\AppData\Roaming\GlarySoft
2014-09-15 09:27 - 2013-03-12 07:34 - 00000000 ____D () C:\Program Files\Ask.com
2014-09-15 08:29 - 2014-09-15 08:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 08:29 - 2009-07-21 00:30 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-15 08:28 - 2014-09-15 08:28 - 00001075 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-15 08:28 - 2014-09-15 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-15 08:28 - 2014-09-15 08:28 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-15 08:28 - 2011-12-14 10:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-15 08:18 - 2009-07-13 21:03 - 00028672 _____ () C:\Windows\system32\config\SAM.bak
2014-09-14 12:28 - 2013-09-30 11:19 - 00000000 ____D () C:\Users\asoto\Desktop\homework
2014-09-14 09:52 - 2010-08-18 12:42 - 00001024 _____ () C:\Users\asoto\.rnd
2014-09-13 19:07 - 2014-09-13 19:06 - 00000000 ____D () C:\Users\asoto\Desktop\PP IN JU1
2014-09-12 11:21 - 2014-08-31 14:50 - 02848843 _____ () C:\Users\asoto\Desktop\Calendar 2014-2015.notebook
2014-09-12 03:37 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-12 03:20 - 2010-08-14 05:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 03:19 - 2014-06-13 12:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 03:07 - 2010-08-14 02:56 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 11:53 - 2014-09-10 08:33 - 02839189 _____ () C:\Users\asoto\Desktop\Calendar2014-2015.notebook
2014-09-11 07:32 - 2014-09-11 07:32 - 70200077 _____ () C:\Users\asoto\Downloads\FirstGradeJourneysPrintandGoUnitBundle (1).zip
2014-09-11 02:30 - 2013-09-29 00:40 - 00002140 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-10 09:15 - 2014-04-20 13:31 - 00000000 ____D () C:\Users\asoto\Desktop\Journeys
2014-09-08 08:30 - 2010-09-15 15:40 - 00000000 ____D () C:\SMART Notebook
2014-09-08 08:27 - 2014-09-08 08:27 - 00000170 _____ () C:\Users\asoto\Desktop\Lac Courte Oreilles Ojibwe School.url
2014-09-05 16:02 - 2014-09-05 16:02 - 00183939 _____ () C:\Users\asoto\Desktop\timer.notebook
2014-09-02 11:11 - 2012-08-21 08:33 - 00000000 ____D () C:\Users\asoto\AppData\Local\Deployment
2014-09-02 07:39 - 2013-04-08 07:45 - 00000000 ____D () C:\Users\asoto\Desktop\Envision Math
2014-09-01 17:10 - 2013-12-08 09:03 - 00000000 ____D () C:\Users\asoto\Desktop\literacy printables
2014-09-01 13:55 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-30 22:25 - 2014-05-06 07:32 - 00000000 ____D () C:\Users\asoto\Desktop\writing 2014
2014-08-28 08:30 - 2014-08-28 08:30 - 00000000 ____D () C:\Users\asoto\Desktop\Math Intervention class
2014-08-28 03:07 - 2009-07-13 23:33 - 00466400 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 06:53 - 2010-08-14 02:58 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-24 13:34 - 2014-08-24 13:34 - 01328283 _____ () C:\Users\asoto\Downloads\HowFullisYourBucketLesson.notebook
2014-08-23 14:22 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-08-22 20:46 - 2014-08-28 01:35 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 19:42 - 2014-08-28 01:35 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 03:36 - 2010-08-16 11:22 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-20 03:31 - 2009-07-21 06:47 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-20 03:08 - 2010-08-16 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-19 12:44 - 2010-08-14 01:51 - 00000000 ____D () C:\swshare
2014-08-19 11:59 - 2014-08-19 11:59 - 00000000 ____D () C:\Bluetooth Exchange Folder
2014-08-19 11:58 - 2010-08-16 11:15 - 00130128 _____ () C:\Users\asoto\AppData\Local\GDIPFONTCACHEV1.DAT
 
Some content of TEMP:
====================
C:\Users\asoto\AppData\Local\Temp\JavaIC.dll
C:\Users\asoto\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\asoto\AppData\Local\Temp\msscct32.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-16 00:37
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by asoto at 2014-09-16 09:19:56
Running from C:\Users\asoto\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Symantec Endpoint Protection (Enabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
32 Bit HP CIO Components Installer (Version: 13.1.2 - Hewlett-Packard) Hidden
AccelScan (HKLM\...\{F3995CB5-833F-4E86-A189-25D2ABA8F31B}) (Version: 1.43 - Renaissance Learning)
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.15.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.36191 - Ask.com) <==== ATTENTION
AT&T Service Activation (HKLM\...\{D81486A1-2371-4059-AC70-1AB894AC96E6}) (Version: 1.8.7.0 - AT&T)
BabylonObjectInstaller (HKLM\...\{83AA2913-C123-4146-85BD-AD8F93971D39}) (Version: 2.0.0.3 - Babylon Ltd) <==== ATTENTION
BIE Patch Helper 1.0 (HKLM\...\{865A6D29-F90E-40D6-B9EC-A7DC90CB9FBE}_is1) (Version:  - DMW)
Bing Bar (HKLM\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Client Security - Password Manager (HKLM\...\{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}) (Version: 8.30.0023.00 - Lenovo Group Limited)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.10.0 - Conexant)
Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Dell Photo AIO Printer 924 (HKLM\...\Dell Photo AIO Printer 924) (Version:  - )
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Download Updater (AOL LLC) (HKLM\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
Epson Connect (HKLM\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
EPSON WP-4020 Series Printer Uninstall (HKLM\...\EPSON WP-4020 Series) (Version:  - SEIKO EPSON Corporation)
Glary Utilities 5.1 (HKLM\...\Glary Utilities 5) (Version: 5.1.0.4 - Glarysoft Ltd)
Google Chrome (HKLM\...\{F2A0E1AA-3126-36FF-81E8-15E4A295AEBC}) (Version: 65.51.16463 - Google, Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Integrated Camera Driver Installer Package Ver.1.27.500.0 (HKLM\...\{82EB6CEA-749A-410F-8AD2-372A286BA3BE}) (Version: 1.27.500.0 - RICOH)
Integrated Camera TWAIN (HKLM\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.7.331 - Chicony Electronics Co.,Ltd.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.112 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0.20.112 - InterVideo Inc.) Hidden
iTunes (HKLM\...\{11E568E0-3244-4BCB-875E-F334269DFDCB}) (Version: 11.0.3.42 - Apple Inc.)
Java 7 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java 7 Update 9 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Lenovo Fingerprint Software (HKLM\...\{2D440AF4-7330-43F0-A085-35DE1A90E703}) (Version: 3.3.0.50 - AuthenTec, Inc.)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.01 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5387.13 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 2.0.017.0 - Lenovo)
LiveUpdate 3.3 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.3.0.96 - Symantec Corporation)
Lockdown Browser (HKLM\...\{6966D969-ED0A-42BB-98CE-80A8DB70F708}) (Version: 5.0.93.0 - NWEA)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Research AutoCollage Touch 2009 (HKLM\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50701 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.50706 - Microsoft Corporation) Hidden
Mitel Unified Communicator Advanced 6.0 (HKLM\...\{93677D71-C30C-4127-A6A2-27316CAD2CD8}) (Version: 6.0.120.0 - Mitel Networks)
Mobile Broadband Connect (HKLM\...\{5C111F14-D9BE-459D-B0B6-B4D082F03749}) (Version: 3.5.0006 - Lenovo)
Mozilla Firefox (en-US) (HKLM\...\{7DDE41BB-E544-484E-B172-9B91D8932E23}) (Version: 5.0.1.0 - FrontMotion)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 5.32.00 - )
Palm Desktop by ACCESS (HKLM\...\{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}) (Version: 6.4.0.0 - Palm, Inc.)
PDF Reader (HKCU\...\PDF Reader) (Version:  - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
RLPrintPlugin (HKLM\...\{C8DEE701-578F-4D1B-9889-A5D7EB51E5F0}) (Version: 1.3.13 - Renaissance Learning)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Central Audio (Version: 3.8.0 - Roxio) Hidden
Roxio Central Copy (Version: 3.8.0 - Roxio) Hidden
Roxio Central Core (Version: 3.8.0 - Roxio) Hidden
Roxio Central Data (Version: 3.8.0 - Roxio) Hidden
Roxio Central Tools (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio Creator Business Edition (Version: 10.3.081 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
SMART Common Files (HKLM\...\{ED2455F7-6AA6-4D3C-85E9-A72297DD7051}) (Version: 11.0.246.0 - SMART Technologies ULC)
SMART Ink (HKLM\...\{4A1F2472-6164-43FA-9D2F-B35E71A8DF32}) (Version: 1.0.430.1 - SMART Technologies ULC)
SMART Notebook (HKLM\...\{AFE024C7-7CA7-4C8E-90EE-D877C7CD96A3}) (Version: 11.0.583.0 - SMART Technologies ULC)
SMART Product Drivers (HKLM\...\{E3189F44-F7BD-4F96-B756-A0AEFAF61D3A}) (Version: 11.0.222.0 - SMART Technologies ULC)
SMART Product Update (HKLM\...\{8D4B716A-0ABE-4238-9090-D208E5F57A5E}) (Version: 5.0.108.0 - SMART Technologies ULC)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
Spark (HKLM\...\{5764B672-0073-4DA0-8437-97FC0F2810C0}) (Version: 2.6.3 - Jive Software)
Symantec Endpoint Protection (HKLM\...\{FA272494-8DEA-43CF-9BFF-652553C04265}) (Version: 11.0.6100.645 - Symantec Corporation)
System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0007 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.06 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.04 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkPad UltraNav Utility (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.11 - Lenovo)
ThinkVantage Access Connections (HKLM\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.40 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.70 - Lenovo)
Toolwiz Care (HKLM\...\ToolwizCareFree) (Version: 3.1.0.5500 - ToolWiz Care)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Verizon Wireless Mobile Broadband Self Activation (HKLM\...\{7A408D56-A9CF-4219-9F78-23E6B48A1C0D}) (Version: 3.1.1 - Smith Micro Software, Inc.)
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric  (07/07/2009 8.1.2.56) (HKLM\...\8E6CE26AD682E6D46DCCDD39CD93277A2EAF2449) (Version: 07/07/2009 8.1.2.56 - AuthenTec Inc.)
Windows Driver Package - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55) (HKLM\...\112AA64E0C8CC704E307FE914F7DEC1C0035598E) (Version: 08/18/2009 1.55 - Lenovo)
Windows Driver Package - Ricoh (5U875UVC) Image  (07/08/2009 1.27.500.0) (HKLM\...\E59560E2F5B162D40255FCD327ACA5E989D995D2) (Version: 07/08/2009 1.27.500.0 - Ricoh)
Windows Driver Package - Ricoh Company (rimsptsk) hdc  (06/25/2009 6.10.01.03) (HKLM\...\D91056A9B3130B90EC1BB37F232FA5C4D61DF66F) (Version: 06/25/2009 6.10.01.03 - Ricoh Company)
Windows Driver Package - Ricoh Company (rismxdp) hdc  (06/25/2009 6.10.01.04) (HKLM\...\414685941AB074B2478B18498E0CCA85F81CCBE6) (Version: 06/25/2009 6.10.01.04 - Ricoh Company)
Windows Driver Package - Ricoh Company MMC Host Controller (06/25/2009 6.10.01.03) (HKLM\...\6F84AC23718E31DE66E2EBEDAE047257F4E785D0) (Version: 06/25/2009 6.10.01.03 - Ricoh Company)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1987714715-2013816924-165636572-1790_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
 
==================== Restore Points  =========================
 
15-09-2014 13:29:50 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2014-09-15 15:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {04093701-0FA3-4C35-A69A-00AC56C65745} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: {05FB7B80-3C18-4A4E-863E-FAE9737A0BE5} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-02-08] () <==== ATTENTION
Task: {15704C88-3B45-4D9B-8783-E55F149B5688} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {2C5BFCCE-A170-41B3-A05A-2891BCED0068} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe [2009-08-25] (PC-Doctor, Inc.)
Task: {31ABD00F-5CF4-4665-A91A-811D1424CB3F} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {506B664C-6AF6-4AE2-A807-FAD557D2BD71} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {5FC1885B-68AB-4D26-8530-4F4CE29579B6} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {7B360BF9-B1B0-4E81-ACEC-CF37A3457BE3} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {7CCB4324-3EBA-4271-ADA3-BD213DD8BF5F} - System32\Tasks\GU5SkipUAC => C:\Program Files\Glary Utilities 5\Integrator.exe [2014-06-02] (Glarysoft Ltd)
Task: {83A9B245-B7A6-4C41-81D6-2293856D1095} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {A675338F-1BA5-4781-B50D-C1E1F352B80A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-03] (Google Inc.)
Task: {B332B797-F237-4FF7-BE26-90E0D2431C5C} - System32\Tasks\JavaUpdateSched => C:\Windows\System32\jusched.exe
Task: {C04252C1-BF32-4D91-BCB3-BC3DF57CACC5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {C618581E-D2FA-43AD-880A-46239636E22C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-03] (Google Inc.)
Task: {CE572032-27D9-416F-A924-C78527011577} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2009-08-23] (Lenovo Group Limited)
Task: {E2AD59C0-C28E-46B0-9222-8B85F2174592} - System32\Tasks\ToolwizCareFree => C:\Program Files\ToolwizCareFree\ToolwizCares.exe [2014-09-16] (Toolwiz)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-09-01 01:32 - 2009-09-01 01:32 - 00098304 ____N () C:\Windows\system32\DTS.exe
2005-06-21 16:22 - 2005-06-21 16:22 - 00483328 ____N () C:\Windows\System32\dlcclmpm.DLL
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 ____N () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 ____N () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 ____N () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-09-20 09:47 - 2011-09-20 09:47 - 00051120 ____N () C:\Windows\WinSxS\x86_smarttech.boost_date_time.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_50d6b3902c95d15a\boost_date_time-vc100-mt-1_44.dll
2011-09-20 09:47 - 2011-09-20 09:47 - 00054184 ____N () C:\Windows\WinSxS\x86_smarttech.boost_thread.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_472b4edec4bf8550\boost_thread-vc100-mt-1_44.dll
2009-07-01 20:03 - 2009-07-01 20:03 - 00132384 ____N () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: MpKslfb285c22
Description: MpKslfb285c22
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKslfb285c22
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/16/2014 08:04:29 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (3576) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\asoto\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
Event Info:  Set Information Process
Action Taken:  Logged
Actor Process:  C:\Program Files\ToolwizCareFree\ToolwizCares.exe (PID 3900)
Time:  Tuesday, September 16, 2014  7:51:37 AM
 
Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
Event Info:  Set Information Process
Action Taken:  Logged
Actor Process:  C:\Program Files\ToolwizCareFree\ToolwizCares.exe (PID 3900)
Time:  Tuesday, September 16, 2014  7:51:37 AM
 
Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
Event Info:  Set Information Process
Action Taken:  Logged
Actor Process:  C:\Program Files\ToolwizCareFree\ToolwizCares.exe (PID 3900)
Time:  Tuesday, September 16, 2014  7:51:37 AM
 
Target:  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
Event Info:  Set Information Process
Action Taken:  Logged
Actor Process:  C:\Program Files\ToolwizCareFree\ToolwizCares.exe (PID 3900)
Time:  Tuesday, September 16, 2014  7:51:37 AM
 
Error: (09/15/2014 04:51:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/15/2014 04:50:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/15/2014 04:50:02 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
 
System errors:
=============
Error: (09/16/2014 09:28:43 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (09/16/2014 09:28:43 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (09/16/2014 09:28:43 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (09/16/2014 09:28:43 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Windows7_OS.
 
Error: (09/16/2014 09:28:43 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (09/16/2014 09:16:56 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Windows7_OS.
 
Error: (09/16/2014 09:16:56 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Windows7_OS.
 
Error: (09/16/2014 09:16:56 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (09/16/2014 09:16:56 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Windows7_OS.
 
Error: (09/16/2014 09:16:55 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Windows7_OS.
 
 
Microsoft Office Sessions:
=========================
Error: (09/16/2014 08:04:29 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost3576WebCacheLocal: C:\Users\asoto\AppData\Local\Microsoft\Windows\WebCache\V01.log-1811 (0xfffff8ed)
 
Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
Event Info:  Set Information Process
Action Taken:  Logged
Actor Process:  C:\Program Files\ToolwizCareFree\ToolwizCares.exe (PID 3900)
Time:  Tuesday, September 16, 2014  7:51:37 AM
 
Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
Event Info:  Set Information Process
Action Taken:  Logged
Actor Process:  C:\Program Files\ToolwizCareFree\ToolwizCares.exe (PID 3900)
Time:  Tuesday, September 16, 2014  7:51:37 AM
 
Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
Event Info:  Set Information Process
Action Taken:  Logged
Actor Process:  C:\Program Files\ToolwizCareFree\ToolwizCares.exe (PID 3900)
Time:  Tuesday, September 16, 2014  7:51:37 AM
 
Target:  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
Event Info:  Set Information Process
Action Taken:  Logged
Actor Process:  C:\Program Files\ToolwizCareFree\ToolwizCares.exe (PID 3900)
Time:  Tuesday, September 16, 2014  7:51:37 AM
 
Error: (09/15/2014 04:51:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\glary utilities 5\DPInst64.exe
 
Error: (09/15/2014 04:50:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Common Files\SMART Technologies\Support\dpinst64.exe
 
Error: (09/15/2014 04:50:02 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dllC:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll0
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 72%
Total physical RAM: 1944.03 MB
Available physical RAM: 527.24 MB
Total Pagefile: 4507.98 MB
Available Pagefile: 541.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.28 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:286.66 GB) (Free:210.76 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:10.25 GB) (Free:5.25 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 444B32C9)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=286.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:58 AM

Posted 16 September 2014 - 12:18 PM

Hi,

please do this:


Step 1

Please download this attached Attached File  fixlist.txt   1.47KB   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 3

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:58 AM

Posted 29 September 2014 - 09:10 AM

I haven't heard from you for some time.
Do you still need help?

#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:58 AM

Posted 04 October 2014 - 09:27 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users