Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Popups and redirects on Win7 Firefox


  • This topic is locked This topic is locked

#16
Vic from NJ

Vic from NJ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

C:\Windows\System32>FRST/FRST64

'FRST' is not recognized as an internal or external command,

operable program or batch file.


  • 0

Advertisements


#17
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hello,

Right click on FRST/FRST64 Icon on the desktop and delete it, then re-download it. Try the fix again. Lets see what that does.

Joe
  • 0

#18
Vic from NJ

Vic from NJ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

please post a link for FRST download

What is the diff of FRST and FRST64  and Run FRST/FRST64?

Thanks Vic


  • 0

#19
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Farbar Recovery Scan Tool

Save it to the desktop make sure it's on the desktop.
  • 0

#20
Vic from NJ

Vic from NJ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

FRST64....

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014 01
Ran by Lido at 2014-10-31 10:19:29 Run:1
Running from C:\Users\Lido\Desktop
Loaded Profile: Lido (Available profiles: Lido)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKCU - 0D110202C5D0481BB698C74B24C2428C URL = http://search.condui...q={searchTerms}
SearchScopes: HKCU - {24714634-4714-4F24-AB36-D070CE465A52} URL =
FF Keyword.URL: hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_dnldstr0103_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyDzzyD0B0C0AtB0AzztBtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyBtB0FyDtD0B0FzztGzztCyB0AtG0E0AtC0BtG0E0F0C0DtGyCzy0EtA0ByBtAyC0D0ByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzz0C0F0FtCzztGyByCtC0AtG0EtDzy0EtG0C0C0FyEtGyCtCzzyDyD0FtC0DtAtAtAyE2Q&cr=1715490871&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_dnldstr0103_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyDzzyD0B0C0AtB0AzztBtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyBtB0FyDtD0B0FzztGzztCyB0AtG0E0AtC0BtG0E0F0C0DtGyCzy0EtA0ByBtAyC0D0ByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzz0C0F0FtCzztGyByCtC0AtG0EtDzy0EtG0C0C0FyEtGyCtCzzyDyD0FtC0DtAtAtAyE2Q&cr=1715490871&ir="
CHR DefaultSearchKeyword: Default -> astromenda.com
CHR DefaultSearchURL: Default -> http://astromenda.co...=1715490871&ir=
C:\Users\Lido\AppData\Local\Temp\Quarantine.exe
C:\Users\Lido\AppData\Local\Temp\sqlite3.dll
Task: {21AE7929-92FC-463E-912F-0B20F88F13AF} - \The weDownload Manager-chromeinstaller No Task File <==== ATTENTION
Task: {4A1B994F-64F6-476F-9AF4-CECE320AB522} - \The weDownload Manager-enabler No Task File <==== ATTENTION
Task: {6626E2EE-FC5B-43B9-A606-5AEBEFD824A4} - \The weDownload Manager-updater No Task File <==== ATTENTION
Task: {66420AFB-7C44-4F5C-9F3E-E07C798C21EB} - \The weDownload Manager-codedownloader No Task File <==== ATTENTION
Task: {F090C608-D4F8-45D6-B051-485C7D46F7B0} - \The weDownload Manager-firefoxinstaller No Task File <==== ATTENTION
reboot:
end
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\0D110202C5D0481BB698C74B24C2428C" => Key deleted successfully.
"HKCR\CLSID\0D110202C5D0481BB698C74B24C2428C" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{24714634-4714-4F24-AB36-D070CE465A52}" => Key deleted successfully.
"HKCR\CLSID\{24714634-4714-4F24-AB36-D070CE465A52}" => Key not found.
Firefox Keyword.URL deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
C:\Users\Lido\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Lido\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{21AE7929-92FC-463E-912F-0B20F88F13AF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21AE7929-92FC-463E-912F-0B20F88F13AF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-chromeinstaller" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4A1B994F-64F6-476F-9AF4-CECE320AB522}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A1B994F-64F6-476F-9AF4-CECE320AB522}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-enabler" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6626E2EE-FC5B-43B9-A606-5AEBEFD824A4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6626E2EE-FC5B-43B9-A606-5AEBEFD824A4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{66420AFB-7C44-4F5C-9F3E-E07C798C21EB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66420AFB-7C44-4F5C-9F3E-E07C798C21EB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-codedownloader" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F090C608-D4F8-45D6-B051-485C7D46F7B0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F090C608-D4F8-45D6-B051-485C7D46F7B0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-firefoxinstaller" => Key deleted successfully.


The system needed a reboot.

==== End of Fixlog ====


  • 0

#21
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hello,

Lets run a scan with Malwarebytes.

Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log

Thanks
Joe :)
  • 0

#22
Vic from NJ

Vic from NJ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

AntiMalware did not request reboot

-----------------------------Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/2/2014
Scan Time: 4:38:44 PM
Logfile: AntiMalwareDetailLog.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.02.07
Rootkit Database: v2014.11.01.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lido

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360870
Time Elapsed: 39 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.SunriseBrowse.A, HKLM\SOFTWARE\WOW6432NODE\SunriseBrowse, No Action By User, [8c0f84b2e69668ceac0dcd66d2318878],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, No Action By User, [4d4e0036e795b08672a3471eaa599967],
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, No Action By User, [4c4f91a5afcd96a00c586e11ba4a8779],
PUP.Optional.SunriseBrowse.A, HKU\S-1-5-21-1135327352-3689979529-191883833-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SunriseBrowse, No Action By User, [2e6d3ff78af256e081392a0904ff3dc3],

Registry Values: 1
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, SSWEETPACKS, No Action By User, [4c4f91a5afcd96a00c586e11ba4a8779]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.OfferBundler.ST, C:\Users\Lido\Desktop\MyDocumentsGoldie\Downloads\SoftonicDownloader_for_erunt.exe, No Action By User, [eab186b0641824129d8d9b0717e957a9],
PUP.Optional.OpenCandy, C:\Users\Lido\Desktop\MyDocumentsGoldie\Downloads\winamp561_full_emusic-7plus_en-us.exe, No Action By User, [e6b50c2ab1cbeb4bbbf24f0ef80d06fa],
PUP.Optional.SunriseBrowse.A, C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\{fef7f75c-f985-4250-96f9-8183cd04238b}.xpi, No Action By User, [5843cf677c002c0a65237eb2798a9a66],
PUP.Optional.Conduit.A, C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\searchplugins\utorrentcontrolv6-customized-web-search.xml, No Action By User, [594231052a5266d0c7252d149b688f71],

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#23
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hello,

Thanks for that Malwarebytes log. It shows No Action By User

Let Malwarebytes remove those items that were found so it says Quarantined and deleted successfully.

Thanks
Joe :)
  • 0

#24
Vic from NJ

Vic from NJ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/3/2014
Scan Time: 8:52:57 AM
Logfile: MalwareLog.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.03.05
Rootkit Database: v2014.11.01.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lido

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360105
Time Elapsed: 40 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.SunriseBrowse.A, HKLM\SOFTWARE\WOW6432NODE\SunriseBrowse, Quarantined, [b2e9ea4cb3c941f520f12410996a06fa],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Quarantined, [e1bacf67c9b3da5c4627b4b107fca25e],
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, Quarantined, [148783b32b5171c5d7e559267a8afe02],
PUP.Optional.SunriseBrowse.A, HKU\S-1-5-21-1135327352-3689979529-191883833-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SunriseBrowse, Quarantined, [3b600d296e0e7bbbca48b08441c21be5],

Registry Values: 1
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, SSWEETPACKS, Quarantined, [148783b32b5171c5d7e559267a8afe02]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.OfferBundler.ST, C:\Users\Lido\Desktop\MyDocumentsGoldie\Downloads\SoftonicDownloader_for_erunt.exe, Quarantined, [683344f20577de58ba7e3d6540c0d030],
PUP.Optional.OpenCandy, C:\Users\Lido\Desktop\MyDocumentsGoldie\Downloads\winamp561_full_emusic-7plus_en-us.exe, Quarantined, [9704a78f2656bf77c84d58064fb602fe],
PUP.Optional.SunriseBrowse.A, C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\{fef7f75c-f985-4250-96f9-8183cd04238b}.xpi, Quarantined, [940777bf9be103333fa1c070818234cc],
PUP.Optional.Conduit.A, C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\searchplugins\utorrentcontrolv6-customized-web-search.xml, Quarantined, [dac1c96d97e53105b490291936cdbf41],

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#25
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Very good,

Can you post a new FRST Log for me.

Thanks
Joe :)
  • 0

Advertisements


#26
Vic from NJ

Vic from NJ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

FRST64 ran and required reboot

On reboot my internet connection was gone.  Did reboot on DLink - all OK

-----------------------------------------------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Lido at 2014-11-04 09:18:10 Run:2
Running from C:\Users\Lido\Desktop
Loaded Profile: Lido (Available profiles: Lido)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKCU - 0D110202C5D0481BB698C74B24C2428C URL = http://search.condui...q={searchTerms}
SearchScopes: HKCU - {24714634-4714-4F24-AB36-D070CE465A52} URL =
FF Keyword.URL: hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_dnldstr0103_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyDzzyD0B0C0AtB0AzztBtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyBtB0FyDtD0B0FzztGzztCyB0AtG0E0AtC0BtG0E0F0C0DtGyCzy0EtA0ByBtAyC0D0ByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzz0C0F0FtCzztGyByCtC0AtG0EtDzy0EtG0C0C0FyEtGyCtCzzyDyD0FtC0DtAtAtAyE2Q&cr=1715490871&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_dnldstr0103_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyDzzyD0B0C0AtB0AzztBtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyBtB0FyDtD0B0FzztGzztCyB0AtG0E0AtC0BtG0E0F0C0DtGyCzy0EtA0ByBtAyC0D0ByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzz0C0F0FtCzztGyByCtC0AtG0EtDzy0EtG0C0C0FyEtGyCtCzzyDyD0FtC0DtAtAtAyE2Q&cr=1715490871&ir="
CHR DefaultSearchKeyword: Default -> astromenda.com
CHR DefaultSearchURL: Default -> http://astromenda.co...=1715490871&ir=
C:\Users\Lido\AppData\Local\Temp\Quarantine.exe
C:\Users\Lido\AppData\Local\Temp\sqlite3.dll
Task: {21AE7929-92FC-463E-912F-0B20F88F13AF} - \The weDownload Manager-chromeinstaller No Task File <==== ATTENTION
Task: {4A1B994F-64F6-476F-9AF4-CECE320AB522} - \The weDownload Manager-enabler No Task File <==== ATTENTION
Task: {6626E2EE-FC5B-43B9-A606-5AEBEFD824A4} - \The weDownload Manager-updater No Task File <==== ATTENTION
Task: {66420AFB-7C44-4F5C-9F3E-E07C798C21EB} - \The weDownload Manager-codedownloader No Task File <==== ATTENTION
Task: {F090C608-D4F8-45D6-B051-485C7D46F7B0} - \The weDownload Manager-firefoxinstaller No Task File <==== ATTENTION
reboot:
end
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key not found.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key not found.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key not found.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key not found.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\0D110202C5D0481BB698C74B24C2428C" => Key not found.
"HKCR\CLSID\0D110202C5D0481BB698C74B24C2428C" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{24714634-4714-4F24-AB36-D070CE465A52}" => Key not found.
"HKCR\CLSID\{24714634-4714-4F24-AB36-D070CE465A52}" => Key not found.
Firefox Keyword.URL deleted successfully.
Chrome HomePage not detected.
Chrome StartupUrls not detected.
Chrome DefaultSearchKeyword not detected.
Chrome DefaultSearchURL not detected.
"C:\Users\Lido\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Lido\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21AE7929-92FC-463E-912F-0B20F88F13AF}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-chromeinstaller" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A1B994F-64F6-476F-9AF4-CECE320AB522}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-enabler" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6626E2EE-FC5B-43B9-A606-5AEBEFD824A4}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-updater" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66420AFB-7C44-4F5C-9F3E-E07C798C21EB}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-codedownloader" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F090C608-D4F8-45D6-B051-485C7D46F7B0}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-firefoxinstaller" => Key not found.


The system needed a reboot.

==== End of Fixlog ====


  • 0

#27
Vic from NJ

Vic from NJ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

should I remove Nimbus? Gi


  • 0

#28
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hello vic,

I'm not sure what that is (Nimbus? Gi) where is it? where do you see it ?

Post another FRST Log please, when you open FRST at the bottom make sure there is a check mark in the additions.txt log I want to see that log too.

In your next reply post
  • FRST.TXT log
  • Additions.txt log
Thanks
Joe :)
  • 0

#29
Vic from NJ

Vic from NJ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Lido at 2014-11-06 13:56:02 Run:3
Running from C:\Users\Lido\Desktop
Loaded Profile: Lido (Available profiles: Lido)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKCU - 0D110202C5D0481BB698C74B24C2428C URL = http://search.condui...q={searchTerms}
SearchScopes: HKCU - {24714634-4714-4F24-AB36-D070CE465A52} URL =
FF Keyword.URL: hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_dnldstr0103_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyDzzyD0B0C0AtB0AzztBtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyBtB0FyDtD0B0FzztGzztCyB0AtG0E0AtC0BtG0E0F0C0DtGyCzy0EtA0ByBtAyC0D0ByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzz0C0F0FtCzztGyByCtC0AtG0EtDzy0EtG0C0C0FyEtGyCtCzzyDyD0FtC0DtAtAtAyE2Q&cr=1715490871&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_dnldstr0103_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyDzzyD0B0C0AtB0AzztBtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyBtB0FyDtD0B0FzztGzztCyB0AtG0E0AtC0BtG0E0F0C0DtGyCzy0EtA0ByBtAyC0D0ByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzz0C0F0FtCzztGyByCtC0AtG0EtDzy0EtG0C0C0FyEtGyCtCzzyDyD0FtC0DtAtAtAyE2Q&cr=1715490871&ir="
CHR DefaultSearchKeyword: Default -> astromenda.com
CHR DefaultSearchURL: Default -> http://astromenda.co...=1715490871&ir=
C:\Users\Lido\AppData\Local\Temp\Quarantine.exe
C:\Users\Lido\AppData\Local\Temp\sqlite3.dll
Task: {21AE7929-92FC-463E-912F-0B20F88F13AF} - \The weDownload Manager-chromeinstaller No Task File <==== ATTENTION
Task: {4A1B994F-64F6-476F-9AF4-CECE320AB522} - \The weDownload Manager-enabler No Task File <==== ATTENTION
Task: {6626E2EE-FC5B-43B9-A606-5AEBEFD824A4} - \The weDownload Manager-updater No Task File <==== ATTENTION
Task: {66420AFB-7C44-4F5C-9F3E-E07C798C21EB} - \The weDownload Manager-codedownloader No Task File <==== ATTENTION
Task: {F090C608-D4F8-45D6-B051-485C7D46F7B0} - \The weDownload Manager-firefoxinstaller No Task File <==== ATTENTION
reboot:
end
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key not found.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key not found.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key not found.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key not found.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\0D110202C5D0481BB698C74B24C2428C" => Key not found.
"HKCR\CLSID\0D110202C5D0481BB698C74B24C2428C" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{24714634-4714-4F24-AB36-D070CE465A52}" => Key not found.
"HKCR\CLSID\{24714634-4714-4F24-AB36-D070CE465A52}" => Key not found.
Firefox Keyword.URL deleted successfully.
Chrome HomePage not detected.
Chrome StartupUrls not detected.
Chrome DefaultSearchKeyword not detected.
Chrome DefaultSearchURL not detected.
"C:\Users\Lido\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Lido\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21AE7929-92FC-463E-912F-0B20F88F13AF}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-chromeinstaller" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A1B994F-64F6-476F-9AF4-CECE320AB522}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-enabler" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6626E2EE-FC5B-43B9-A606-5AEBEFD824A4}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-updater" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66420AFB-7C44-4F5C-9F3E-E07C798C21EB}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-codedownloader" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F090C608-D4F8-45D6-B051-485C7D46F7B0}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-firefoxinstaller" => Key not found.


The system needed a reboot.

==== End of Fixlog ====

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01
Ran by Lido at 2014-10-28 11:15:38
Running from C:\Users\Lido\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acoustic Labs Multitrack Recorder (Demo) (HKLM-x32\...\Acoustic Labs Multitrack Recorder (Demo)) (Version: 3.3 - Acoustic Labs Software LLC)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1997225166.48.56.34147562 - Audible, Inc.)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3 Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)
Bamboo (HKLM-x32\...\Pen Tablet Driver) (Version:  - Wacom Technology Corp.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J4510DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Canta 1.11 (HKLM-x32\...\Canta) (Version: 1.11 - Chaumet Software)
Cantovation Sing & See Student v1.5.4 (HKLM-x32\...\SING & SEE STUDENT_is1) (Version: 1.5.4 - Cantovation Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.110 - Corel Inc.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2420.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2420.0 - CyberLink Corp.) Hidden
CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.4203 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct MIDI to MP3 Converter version 6.2.2.46 (HKLM-x32\...\Direct MIDI to MP3 Converter_is1) (Version: 6.2.2.46 - Piston Software)
DIRECTV Player (HKLM-x32\...\{dbaba6a3-366e-43a7-8f4e-b0a868c06ab3}) (Version: 10.0 - DIRECTV)
Driver Install 64-Bit (HKLM-x32\...\InstallShield_{AA107568-1B58-407E-9867-D51F71C9F446}) (Version: 6.0.107.0 - China)
Driver Install 64-Bit (x32 Version: 6.0.107.0 - China) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
EdiView Finder v1.0.7 (HKLM-x32\...\EdiView Finder Utility_is1) (Version:  - Edimax Technology Co., Ltd.)
EZ Grabber (HKLM-x32\...\{8543A572-5993-4101-BACC-C83884E183A4}) (Version: 2.00.0000 - EZ Grabber)
FFmpeg for Audacity on Windows (HKLM-x32\...\FFmpeg for Audacity on Windows_is1) (Version:  - )
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )
FLV and Media Player 4.2.1.1 (HKLM-x32\...\FLV and Media Player) (Version: 4.2.1.1 - Applian Technologies)
Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Inkling Sketch Manager (HKLM-x32\...\{2D0D4A16-6486-48B5-A9AA-92C93BE62802}) (Version: 1.01.64 - Wacom  Co. Ltd.)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
IPCam Surveillance Software 3.0.5.7 (HKLM-x32\...\IPCam Surveillance Software_is1) (Version:  - Edimax Technology Co., Ltd.)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.2.90.0 - NortonLive Services)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.1.24 - Intuit)
Quicken WillMaker Plus 2010 (HKLM-x32\...\Quicken WillMaker Plus 2010) (Version:  - Nolo)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.13.112.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Replay Media Catcher 5 (5.0.1.54) (HKLM-x32\...\Replay Media Catcher 5) (Version: 5.0.1.54 - Applian Technologies)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.301 - SanDisk Corporation)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Serif PanoramaPlus Starter Edition (HKLM-x32\...\{64AEB598-E518-4AD0-B02B-99F365B8054C}) (Version: 2.0.0.001 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SunriseBrowse (HKLM\...\SunriseBrowse) (Version: 2014.08.19.200231 - SunriseBrowse) <==== ATTENTION
Switch Sound File Converter (HKLM-x32\...\Switch) (Version:  - NCH Software)
TiVo Desktop 2.8.3 (HKLM-x32\...\{4E839090-3B68-436A-B3CF-A2A08C38DD26}) (Version: 2.8.412.370 - TiVo Inc.)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.07.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.11.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.2.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.22C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.22C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.6.22 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.9C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
TreeSize Free V3.0.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.48 - NCH Software)
WD Quick View (HKLM-x32\...\{D0A3A97D-7918-4B0B-B91E-775E00C36122}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{2d588de7-f4f6-4d6d-8719-32cbb9637e9e}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.4 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.3 - Wacom Technology Corp.)
What's Running 3.0 (HKLM-x32\...\What's Running_is1) (Version: 3.0 - WhatsRunning.net)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4100 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lido\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Lido\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Lido\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Lido\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Lido\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Lido\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{E86236DE-9BD2-42b7-86F6-A829D8EC768C}\InprocServer32 -> C:\Users\Lido\AppData\Local\DIRECTV Player\win64\npPlayerPlugin.dll (DIRECTV)
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lido\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Lido\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Lido\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Lido\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

15-10-2014 20:55:31 Windows Update
23-10-2014 13:41:55 Scheduled Checkpoint
26-10-2014 16:48:43 OTL Restore Point - 10/26/2014 12:48:40 PM

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-10-26 12:50 - 00000098 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00E821E4-D0D5-42C5-8214-2B94406FC982} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {0231DCC6-D674-4FA7-A871-2B522B60A34F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1135327352-3689979529-191883833-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {0483DDC3-8306-4722-B6A8-DC9540C08192} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.)
Task: {05119F5C-8EF8-4C0D-884C-FD9B79577078} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1135327352-3689979529-191883833-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {0AD744C0-1872-4FD2-AA9A-614ED8B95954} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-02] (Adobe Systems Incorporated)
Task: {0D2EBC0B-02E4-4355-AF3A-7DD25DC008A7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {21AE7929-92FC-463E-912F-0B20F88F13AF} - \The weDownload Manager-chromeinstaller No Task File <==== ATTENTION
Task: {279CC4B7-9A1E-4A45-A346-BB034E2F9715} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1135327352-3689979529-191883833-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {3631FA42-B88C-400F-9067-9E0961B5096E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.)
Task: {3F00DD29-A191-4030-B20B-F935188ED277} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {4A1B994F-64F6-476F-9AF4-CECE320AB522} - \The weDownload Manager-enabler No Task File <==== ATTENTION
Task: {5F7643F9-0446-41B9-A56A-74EBB772D2EC} - System32\Tasks\Western Digital\SmartWare\____Volume_100c5218_9240_11e0_8b26_806e6f6e6963______Volume_da464cbb_9dd2_11e0_8986_b870f4585bca__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-07-22] (Western Digital Technologies, Inc.)
Task: {6626E2EE-FC5B-43B9-A606-5AEBEFD824A4} - \The weDownload Manager-updater No Task File <==== ATTENTION
Task: {66420AFB-7C44-4F5C-9F3E-E07C798C21EB} - \The weDownload Manager-codedownloader No Task File <==== ATTENTION
Task: {6F0A1264-3FB2-47E9-A9C1-657056D21D04} - System32\Tasks\{F4FE2973-21E4-4C20-A5FA-302AA5DE992C} => Firefox.exe http://www.skype.com...LastError=12007
Task: {8552CE22-5B4F-458B-999D-5E46F1542222} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {9A1ED33E-CC65-42E5-9DFD-B0F67ABD2FF4} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1135327352-3689979529-191883833-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B36501FD-7E6D-4378-BDD2-391AB5794E27} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2013-02-24] (Symantec Corporation)
Task: {BA01709D-2897-45B8-AB07-865010C3D781} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001Core => C:\Users\Lido\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-14] (Google Inc.)
Task: {BECACD72-AA3F-46C8-9C9B-BC5FAAA3993D} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {C5138AB2-EDE5-4CF3-A8B2-135729A3AD0D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001UA => C:\Users\Lido\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-14] (Google Inc.)
Task: {C8CD50BF-E76E-4ED2-B68F-38DDDEF69D96} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {E0CCB74C-2D7C-482D-94F5-139D28CA7F19} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {F090C608-D4F8-45D6-B051-485C7D46F7B0} - \The weDownload Manager-firefoxinstaller No Task File <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001Core.job => C:\Users\Lido\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001UA.job => C:\Users\Lido\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-01-08 11:04 - 2012-08-08 22:36 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-04-21 09:47 - 2005-04-22 00:36 - 00143360 ____R () C:\windows\system32\BrSNMP64.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 01523560 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-23 22:21 - 2011-11-23 22:21 - 00105576 ____R () C:\Program Files (x86)\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll
2014-02-03 18:50 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 05979488 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\PCShowServer.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 03261280 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\DrmSingleton.dll
2014-03-26 18:42 - 2014-03-26 18:42 - 00338784 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\ndsLogStore.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 02229096 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\DiscoveryManager.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 00689000 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 01403224 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\libxml2-2.dll
2014-03-26 18:42 - 2014-03-26 18:42 - 00091976 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\z.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 00060272 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\libgstinterfaces-0.10.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 00043880 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\libgstvideo-0.10.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 00205672 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\libgstbase-0.10.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 07730016 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\gsttspplugin.dll
2014-06-18 23:07 - 2014-04-01 14:37 - 00371712 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-01-04 15:27 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2013-07-07 09:20 - 2014-09-25 14:31 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Freemake Improver => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: IviRegMgr => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Norton PC Checkup Application Launcher => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: RichVideo64 => 2
MSCONFIG\Services: SafeCopy Crawler => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: Updater By SweetPacks => 2
MSCONFIG\Services: WDBackup => 2
MSCONFIG\Services: WDDriveService => 2
MSCONFIG\Services: WDRulesService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\windows\pss\Audible Download Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Lido^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DW6 => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Lido\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: HWSetup => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeNotify => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SafeCopy => C:\Program Files\SafeCopy\SafeCopy.exe
MSCONFIG\startupreg: sketchmanager => C:\Program Files (x86)\Wacom\Inkling Sketch Manager\SketchManager.exe tray
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TivoNotify => C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify
MSCONFIG\startupreg: TivoServer => C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer
MSCONFIG\startupreg: TivoTransfer => C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\real\realplayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TranscodingService => C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\Lido\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

========================= Accounts: ==========================

Administrator (S-1-5-21-1135327352-3689979529-191883833-500 - Administrator - Disabled)
Guest (S-1-5-21-1135327352-3689979529-191883833-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1135327352-3689979529-191883833-1002 - Limited - Enabled)
Lido (S-1-5-21-1135327352-3689979529-191883833-1001 - Administrator - Enabled) => C:\Users\Lido

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/28/2014 09:18:54 AM) (Source: TabletServicePen) (EventID: 0) (User: )
Description: Could not init tablet driver


System errors:
=============
Error: (10/27/2014 01:18:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (10/28/2014 09:18:54 AM) (Source: TabletServicePen) (EventID: 0) (User: )
Description: Could not init tablet driver


CodeIntegrity Errors:
===================================
  Date: 2012-10-31 20:20:03.485
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-10-31 20:20:03.405
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-10-31 20:20:03.315
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-10-31 20:20:03.215
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-13 14:37:13.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-13 14:37:13.724
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-13 14:37:13.296
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-13 14:37:13.219
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-13 14:37:13.135
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-13 14:37:13.037
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 45%
Total physical RAM: 3890.67 MB
Available physical RAM: 2103.04 MB
Total Pagefile: 7779.52 MB
Available Pagefile: 5621.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI106041W0C) (Fixed) (Total:452.7 GB) (Free:269.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (My Book) (Fixed) (Total:931.48 GB) (Free:296.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 2604F481)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=452.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.6 GB) - (Type=17)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00073856)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#30
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hello,

What issues remain with the computer ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP