[Vic from NJ]

C:\Windows\System32>FRST/FRST64

'FRST' is not recognized as an internal or external command,

operable program or batch file.

[Advertisements]

Hello,

Right click on FRST/FRST64 Icon on the desktop and delete it, then re-download it. Try the fix again. Lets see what that does.

Joe

[zep516]

Hello,

Right click on FRST/FRST64 Icon on the desktop and delete it, then re-download it. Try the fix again. Lets see what that does.

Joe

[Vic from NJ]

please post a link for FRST download

What is the diff of FRST and FRST64  and Run FRST/FRST64?

Thanks Vic

[zep516]

Farbar Recovery Scan Tool

Save it to the desktop make sure it's on the desktop.

[Vic from NJ]

FRST64....

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014 01
Ran by Lido at 2014-10-31 10:19:29 Run:1
Running from C:\Users\Lido\Desktop
Loaded Profile: Lido (Available profiles: Lido)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKCU - 0D110202C5D0481BB698C74B24C2428C URL = http://search.condui...q={searchTerms}
SearchScopes: HKCU - {24714634-4714-4F24-AB36-D070CE465A52} URL =
FF Keyword.URL: hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_dnldstr0103_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyDzzyD0B0C0AtB0AzztBtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyBtB0FyDtD0B0FzztGzztCyB0AtG0E0AtC0BtG0E0F0C0DtGyCzy0EtA0ByBtAyC0D0ByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzz0C0F0FtCzztGyByCtC0AtG0EtDzy0EtG0C0C0FyEtGyCtCzzyDyD0FtC0DtAtAtAyE2Q&cr=1715490871&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_dnldstr0103_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyDzzyD0B0C0AtB0AzztBtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyBtB0FyDtD0B0FzztGzztCyB0AtG0E0AtC0BtG0E0F0C0DtGyCzy0EtA0ByBtAyC0D0ByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzz0C0F0FtCzztGyByCtC0AtG0EtDzy0EtG0C0C0FyEtGyCtCzzyDyD0FtC0DtAtAtAyE2Q&cr=1715490871&ir="
CHR DefaultSearchKeyword: Default -> astromenda.com
CHR DefaultSearchURL: Default -> http://astromenda.co...=1715490871&ir=
C:\Users\Lido\AppData\Local\Temp\Quarantine.exe
C:\Users\Lido\AppData\Local\Temp\sqlite3.dll
Task: {21AE7929-92FC-463E-912F-0B20F88F13AF} - \The weDownload Manager-chromeinstaller No Task File <==== ATTENTION
Task: {4A1B994F-64F6-476F-9AF4-CECE320AB522} - \The weDownload Manager-enabler No Task File <==== ATTENTION
Task: {6626E2EE-FC5B-43B9-A606-5AEBEFD824A4} - \The weDownload Manager-updater No Task File <==== ATTENTION
Task: {66420AFB-7C44-4F5C-9F3E-E07C798C21EB} - \The weDownload Manager-codedownloader No Task File <==== ATTENTION
Task: {F090C608-D4F8-45D6-B051-485C7D46F7B0} - \The weDownload Manager-firefoxinstaller No Task File <==== ATTENTION
reboot:
end
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\0D110202C5D0481BB698C74B24C2428C" => Key deleted successfully.
"HKCR\CLSID\0D110202C5D0481BB698C74B24C2428C" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{24714634-4714-4F24-AB36-D070CE465A52}" => Key deleted successfully.
"HKCR\CLSID\{24714634-4714-4F24-AB36-D070CE465A52}" => Key not found.
Firefox Keyword.URL deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
C:\Users\Lido\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Lido\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{21AE7929-92FC-463E-912F-0B20F88F13AF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21AE7929-92FC-463E-912F-0B20F88F13AF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-chromeinstaller" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4A1B994F-64F6-476F-9AF4-CECE320AB522}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A1B994F-64F6-476F-9AF4-CECE320AB522}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-enabler" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6626E2EE-FC5B-43B9-A606-5AEBEFD824A4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6626E2EE-FC5B-43B9-A606-5AEBEFD824A4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{66420AFB-7C44-4F5C-9F3E-E07C798C21EB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66420AFB-7C44-4F5C-9F3E-E07C798C21EB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-codedownloader" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F090C608-D4F8-45D6-B051-485C7D46F7B0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F090C608-D4F8-45D6-B051-485C7D46F7B0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-firefoxinstaller" => Key deleted successfully.


The system needed a reboot.

==== End of Fixlog ====

[zep516]

Hello,

Lets run a scan with Malwarebytes.

Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits



Go back to the Dashboard and select Scan Now



If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.





On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log

Thanks
Joe

[Vic from NJ]

AntiMalware did not request reboot

-----------------------------Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/2/2014
Scan Time: 4:38:44 PM
Logfile: AntiMalwareDetailLog.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.02.07
Rootkit Database: v2014.11.01.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lido

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360870
Time Elapsed: 39 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.SunriseBrowse.A, HKLM\SOFTWARE\WOW6432NODE\SunriseBrowse, No Action By User, [8c0f84b2e69668ceac0dcd66d2318878],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, No Action By User, [4d4e0036e795b08672a3471eaa599967],
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, No Action By User, [4c4f91a5afcd96a00c586e11ba4a8779],
PUP.Optional.SunriseBrowse.A, HKU\S-1-5-21-1135327352-3689979529-191883833-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SunriseBrowse, No Action By User, [2e6d3ff78af256e081392a0904ff3dc3],

Registry Values: 1
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, SSWEETPACKS, No Action By User, [4c4f91a5afcd96a00c586e11ba4a8779]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.OfferBundler.ST, C:\Users\Lido\Desktop\MyDocumentsGoldie\Downloads\SoftonicDownloader_for_erunt.exe, No Action By User, [eab186b0641824129d8d9b0717e957a9],
PUP.Optional.OpenCandy, C:\Users\Lido\Desktop\MyDocumentsGoldie\Downloads\winamp561_full_emusic-7plus_en-us.exe, No Action By User, [e6b50c2ab1cbeb4bbbf24f0ef80d06fa],
PUP.Optional.SunriseBrowse.A, C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\{fef7f75c-f985-4250-96f9-8183cd04238b}.xpi, No Action By User, [5843cf677c002c0a65237eb2798a9a66],
PUP.Optional.Conduit.A, C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\searchplugins\utorrentcontrolv6-customized-web-search.xml, No Action By User, [594231052a5266d0c7252d149b688f71],

Physical Sectors: 0
(No malicious items detected)


(end)

[zep516]

Hello,

Thanks for that Malwarebytes log. It shows No Action By User

Let Malwarebytes remove those items that were found so it says Quarantined and deleted successfully.

Thanks
Joe

[Vic from NJ]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/3/2014
Scan Time: 8:52:57 AM
Logfile: MalwareLog.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.03.05
Rootkit Database: v2014.11.01.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lido

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360105
Time Elapsed: 40 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.SunriseBrowse.A, HKLM\SOFTWARE\WOW6432NODE\SunriseBrowse, Quarantined, [b2e9ea4cb3c941f520f12410996a06fa],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Quarantined, [e1bacf67c9b3da5c4627b4b107fca25e],
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, Quarantined, [148783b32b5171c5d7e559267a8afe02],
PUP.Optional.SunriseBrowse.A, HKU\S-1-5-21-1135327352-3689979529-191883833-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SunriseBrowse, Quarantined, [3b600d296e0e7bbbca48b08441c21be5],

Registry Values: 1
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, SSWEETPACKS, Quarantined, [148783b32b5171c5d7e559267a8afe02]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.OfferBundler.ST, C:\Users\Lido\Desktop\MyDocumentsGoldie\Downloads\SoftonicDownloader_for_erunt.exe, Quarantined, [683344f20577de58ba7e3d6540c0d030],
PUP.Optional.OpenCandy, C:\Users\Lido\Desktop\MyDocumentsGoldie\Downloads\winamp561_full_emusic-7plus_en-us.exe, Quarantined, [9704a78f2656bf77c84d58064fb602fe],
PUP.Optional.SunriseBrowse.A, C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\{fef7f75c-f985-4250-96f9-8183cd04238b}.xpi, Quarantined, [940777bf9be103333fa1c070818234cc],
PUP.Optional.Conduit.A, C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\searchplugins\utorrentcontrolv6-customized-web-search.xml, Quarantined, [dac1c96d97e53105b490291936cdbf41],

Physical Sectors: 0
(No malicious items detected)


(end)

[zep516]

Very good,

Can you post a new FRST Log for me.

Thanks
Joe

[Vic from NJ]

FRST64 ran and required reboot

On reboot my internet connection was gone.  Did reboot on DLink - all OK

-----------------------------------------------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Lido at 2014-11-04 09:18:10 Run:2
Running from C:\Users\Lido\Desktop
Loaded Profile: Lido (Available profiles: Lido)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKCU - 0D110202C5D0481BB698C74B24C2428C URL = http://search.condui...q={searchTerms}
SearchScopes: HKCU - {24714634-4714-4F24-AB36-D070CE465A52} URL =
FF Keyword.URL: hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_dnldstr0103_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyDzzyD0B0C0AtB0AzztBtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyBtB0FyDtD0B0FzztGzztCyB0AtG0E0AtC0BtG0E0F0C0DtGyCzy0EtA0ByBtAyC0D0ByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzz0C0F0FtCzztGyByCtC0AtG0EtDzy0EtG0C0C0FyEtGyCtCzzyDyD0FtC0DtAtAtAyE2Q&cr=1715490871&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_dnldstr0103_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyDzzyD0B0C0AtB0AzztBtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyBtB0FyDtD0B0FzztGzztCyB0AtG0E0AtC0BtG0E0F0C0DtGyCzy0EtA0ByBtAyC0D0ByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzz0C0F0FtCzztGyByCtC0AtG0EtDzy0EtG0C0C0FyEtGyCtCzzyDyD0FtC0DtAtAtAyE2Q&cr=1715490871&ir="
CHR DefaultSearchKeyword: Default -> astromenda.com
CHR DefaultSearchURL: Default -> http://astromenda.co...=1715490871&ir=
C:\Users\Lido\AppData\Local\Temp\Quarantine.exe
C:\Users\Lido\AppData\Local\Temp\sqlite3.dll
Task: {21AE7929-92FC-463E-912F-0B20F88F13AF} - \The weDownload Manager-chromeinstaller No Task File <==== ATTENTION
Task: {4A1B994F-64F6-476F-9AF4-CECE320AB522} - \The weDownload Manager-enabler No Task File <==== ATTENTION
Task: {6626E2EE-FC5B-43B9-A606-5AEBEFD824A4} - \The weDownload Manager-updater No Task File <==== ATTENTION
Task: {66420AFB-7C44-4F5C-9F3E-E07C798C21EB} - \The weDownload Manager-codedownloader No Task File <==== ATTENTION
Task: {F090C608-D4F8-45D6-B051-485C7D46F7B0} - \The weDownload Manager-firefoxinstaller No Task File <==== ATTENTION
reboot:
end
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key not found.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key not found.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key not found.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key not found.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\0D110202C5D0481BB698C74B24C2428C" => Key not found.
"HKCR\CLSID\0D110202C5D0481BB698C74B24C2428C" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{24714634-4714-4F24-AB36-D070CE465A52}" => Key not found.
"HKCR\CLSID\{24714634-4714-4F24-AB36-D070CE465A52}" => Key not found.
Firefox Keyword.URL deleted successfully.
Chrome HomePage not detected.
Chrome StartupUrls not detected.
Chrome DefaultSearchKeyword not detected.
Chrome DefaultSearchURL not detected.
"C:\Users\Lido\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Lido\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21AE7929-92FC-463E-912F-0B20F88F13AF}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-chromeinstaller" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A1B994F-64F6-476F-9AF4-CECE320AB522}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-enabler" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6626E2EE-FC5B-43B9-A606-5AEBEFD824A4}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-updater" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66420AFB-7C44-4F5C-9F3E-E07C798C21EB}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-codedownloader" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F090C608-D4F8-45D6-B051-485C7D46F7B0}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-firefoxinstaller" => Key not found.


The system needed a reboot.

==== End of Fixlog ====

[Vic from NJ]

should I remove Nimbus? Gi

[zep516]

Hello vic,

I'm not sure what that is (Nimbus? Gi) where is it? where do you see it ?

Post another FRST Log please, when you open FRST at the bottom make sure there is a check mark in the additions.txt log I want to see that log too.

In your next reply post

• FRST.TXT log
• Additions.txt log

Thanks
Joe

[Vic from NJ]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Lido at 2014-11-06 13:56:02 Run:3
Running from C:\Users\Lido\Desktop
Loaded Profile: Lido (Available profiles: Lido)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKCU - 0D110202C5D0481BB698C74B24C2428C URL = http://search.condui...q={searchTerms}
SearchScopes: HKCU - {24714634-4714-4F24-AB36-D070CE465A52} URL =
FF Keyword.URL: hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_dnldstr0103_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyDzzyD0B0C0AtB0AzztBtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyBtB0FyDtD0B0FzztGzztCyB0AtG0E0AtC0BtG0E0F0C0DtGyCzy0EtA0ByBtAyC0D0ByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzz0C0F0FtCzztGyByCtC0AtG0EtDzy0EtG0C0C0FyEtGyCtCzzyDyD0FtC0DtAtAtAyE2Q&cr=1715490871&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_dnldstr0103_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyDzzyD0B0C0AtB0AzztBtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyBtB0FyDtD0B0FzztGzztCyB0AtG0E0AtC0BtG0E0F0C0DtGyCzy0EtA0ByBtAyC0D0ByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzz0C0F0FtCzztGyByCtC0AtG0EtDzy0EtG0C0C0FyEtGyCtCzzyDyD0FtC0DtAtAtAyE2Q&cr=1715490871&ir="
CHR DefaultSearchKeyword: Default -> astromenda.com
CHR DefaultSearchURL: Default -> http://astromenda.co...=1715490871&ir=
C:\Users\Lido\AppData\Local\Temp\Quarantine.exe
C:\Users\Lido\AppData\Local\Temp\sqlite3.dll
Task: {21AE7929-92FC-463E-912F-0B20F88F13AF} - \The weDownload Manager-chromeinstaller No Task File <==== ATTENTION
Task: {4A1B994F-64F6-476F-9AF4-CECE320AB522} - \The weDownload Manager-enabler No Task File <==== ATTENTION
Task: {6626E2EE-FC5B-43B9-A606-5AEBEFD824A4} - \The weDownload Manager-updater No Task File <==== ATTENTION
Task: {66420AFB-7C44-4F5C-9F3E-E07C798C21EB} - \The weDownload Manager-codedownloader No Task File <==== ATTENTION
Task: {F090C608-D4F8-45D6-B051-485C7D46F7B0} - \The weDownload Manager-firefoxinstaller No Task File <==== ATTENTION
reboot:
end
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key not found.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key not found.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key not found.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key not found.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\0D110202C5D0481BB698C74B24C2428C" => Key not found.
"HKCR\CLSID\0D110202C5D0481BB698C74B24C2428C" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{24714634-4714-4F24-AB36-D070CE465A52}" => Key not found.
"HKCR\CLSID\{24714634-4714-4F24-AB36-D070CE465A52}" => Key not found.
Firefox Keyword.URL deleted successfully.
Chrome HomePage not detected.
Chrome StartupUrls not detected.
Chrome DefaultSearchKeyword not detected.
Chrome DefaultSearchURL not detected.
"C:\Users\Lido\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Lido\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21AE7929-92FC-463E-912F-0B20F88F13AF}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-chromeinstaller" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A1B994F-64F6-476F-9AF4-CECE320AB522}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-enabler" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6626E2EE-FC5B-43B9-A606-5AEBEFD824A4}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-updater" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66420AFB-7C44-4F5C-9F3E-E07C798C21EB}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-codedownloader" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F090C608-D4F8-45D6-B051-485C7D46F7B0}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-firefoxinstaller" => Key not found.


The system needed a reboot.

==== End of Fixlog ====

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01
Ran by Lido at 2014-10-28 11:15:38
Running from C:\Users\Lido\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acoustic Labs Multitrack Recorder (Demo) (HKLM-x32\...\Acoustic Labs Multitrack Recorder (Demo)) (Version: 3.3 - Acoustic Labs Software LLC)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1997225166.48.56.34147562 - Audible, Inc.)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3 Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)
Bamboo (HKLM-x32\...\Pen Tablet Driver) (Version:  - Wacom Technology Corp.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J4510DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Canta 1.11 (HKLM-x32\...\Canta) (Version: 1.11 - Chaumet Software)
Cantovation Sing & See Student v1.5.4 (HKLM-x32\...\SING & SEE STUDENT_is1) (Version: 1.5.4 - Cantovation Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.110 - Corel Inc.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2420.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2420.0 - CyberLink Corp.) Hidden
CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.4203 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct MIDI to MP3 Converter version 6.2.2.46 (HKLM-x32\...\Direct MIDI to MP3 Converter_is1) (Version: 6.2.2.46 - Piston Software)
DIRECTV Player (HKLM-x32\...\{dbaba6a3-366e-43a7-8f4e-b0a868c06ab3}) (Version: 10.0 - DIRECTV)
Driver Install 64-Bit (HKLM-x32\...\InstallShield_{AA107568-1B58-407E-9867-D51F71C9F446}) (Version: 6.0.107.0 - China)
Driver Install 64-Bit (x32 Version: 6.0.107.0 - China) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
EdiView Finder v1.0.7 (HKLM-x32\...\EdiView Finder Utility_is1) (Version:  - Edimax Technology Co., Ltd.)
EZ Grabber (HKLM-x32\...\{8543A572-5993-4101-BACC-C83884E183A4}) (Version: 2.00.0000 - EZ Grabber)
FFmpeg for Audacity on Windows (HKLM-x32\...\FFmpeg for Audacity on Windows_is1) (Version:  - )
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )
FLV and Media Player 4.2.1.1 (HKLM-x32\...\FLV and Media Player) (Version: 4.2.1.1 - Applian Technologies)
Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Inkling Sketch Manager (HKLM-x32\...\{2D0D4A16-6486-48B5-A9AA-92C93BE62802}) (Version: 1.01.64 - Wacom  Co. Ltd.)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
IPCam Surveillance Software 3.0.5.7 (HKLM-x32\...\IPCam Surveillance Software_is1) (Version:  - Edimax Technology Co., Ltd.)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.2.90.0 - NortonLive Services)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.1.24 - Intuit)
Quicken WillMaker Plus 2010 (HKLM-x32\...\Quicken WillMaker Plus 2010) (Version:  - Nolo)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.13.112.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Replay Media Catcher 5 (5.0.1.54) (HKLM-x32\...\Replay Media Catcher 5) (Version: 5.0.1.54 - Applian Technologies)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.301 - SanDisk Corporation)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Serif PanoramaPlus Starter Edition (HKLM-x32\...\{64AEB598-E518-4AD0-B02B-99F365B8054C}) (Version: 2.0.0.001 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SunriseBrowse (HKLM\...\SunriseBrowse) (Version: 2014.08.19.200231 - SunriseBrowse) <==== ATTENTION
Switch Sound File Converter (HKLM-x32\...\Switch) (Version:  - NCH Software)
TiVo Desktop 2.8.3 (HKLM-x32\...\{4E839090-3B68-436A-B3CF-A2A08C38DD26}) (Version: 2.8.412.370 - TiVo Inc.)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.07.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.11.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.2.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.22C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.22C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.6.22 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.9C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
TreeSize Free V3.0.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.48 - NCH Software)
WD Quick View (HKLM-x32\...\{D0A3A97D-7918-4B0B-B91E-775E00C36122}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{2d588de7-f4f6-4d6d-8719-32cbb9637e9e}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.4 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.3 - Wacom Technology Corp.)
What's Running 3.0 (HKLM-x32\...\What's Running_is1) (Version: 3.0 - WhatsRunning.net)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4100 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lido\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Lido\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Lido\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Lido\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Lido\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Lido\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{E86236DE-9BD2-42b7-86F6-A829D8EC768C}\InprocServer32 -> C:\Users\Lido\AppData\Local\DIRECTV Player\win64\npPlayerPlugin.dll (DIRECTV)
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lido\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Lido\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Lido\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Lido\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

15-10-2014 20:55:31 Windows Update
23-10-2014 13:41:55 Scheduled Checkpoint
26-10-2014 16:48:43 OTL Restore Point - 10/26/2014 12:48:40 PM

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-10-26 12:50 - 00000098 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00E821E4-D0D5-42C5-8214-2B94406FC982} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {0231DCC6-D674-4FA7-A871-2B522B60A34F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1135327352-3689979529-191883833-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {0483DDC3-8306-4722-B6A8-DC9540C08192} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.)
Task: {05119F5C-8EF8-4C0D-884C-FD9B79577078} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1135327352-3689979529-191883833-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {0AD744C0-1872-4FD2-AA9A-614ED8B95954} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-02] (Adobe Systems Incorporated)
Task: {0D2EBC0B-02E4-4355-AF3A-7DD25DC008A7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {21AE7929-92FC-463E-912F-0B20F88F13AF} - \The weDownload Manager-chromeinstaller No Task File <==== ATTENTION
Task: {279CC4B7-9A1E-4A45-A346-BB034E2F9715} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1135327352-3689979529-191883833-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {3631FA42-B88C-400F-9067-9E0961B5096E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.)
Task: {3F00DD29-A191-4030-B20B-F935188ED277} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {4A1B994F-64F6-476F-9AF4-CECE320AB522} - \The weDownload Manager-enabler No Task File <==== ATTENTION
Task: {5F7643F9-0446-41B9-A56A-74EBB772D2EC} - System32\Tasks\Western Digital\SmartWare\____Volume_100c5218_9240_11e0_8b26_806e6f6e6963______Volume_da464cbb_9dd2_11e0_8986_b870f4585bca__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-07-22] (Western Digital Technologies, Inc.)
Task: {6626E2EE-FC5B-43B9-A606-5AEBEFD824A4} - \The weDownload Manager-updater No Task File <==== ATTENTION
Task: {66420AFB-7C44-4F5C-9F3E-E07C798C21EB} - \The weDownload Manager-codedownloader No Task File <==== ATTENTION
Task: {6F0A1264-3FB2-47E9-A9C1-657056D21D04} - System32\Tasks\{F4FE2973-21E4-4C20-A5FA-302AA5DE992C} => Firefox.exe http://www.skype.com...LastError=12007
Task: {8552CE22-5B4F-458B-999D-5E46F1542222} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {9A1ED33E-CC65-42E5-9DFD-B0F67ABD2FF4} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1135327352-3689979529-191883833-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B36501FD-7E6D-4378-BDD2-391AB5794E27} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2013-02-24] (Symantec Corporation)
Task: {BA01709D-2897-45B8-AB07-865010C3D781} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001Core => C:\Users\Lido\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-14] (Google Inc.)
Task: {BECACD72-AA3F-46C8-9C9B-BC5FAAA3993D} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {C5138AB2-EDE5-4CF3-A8B2-135729A3AD0D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001UA => C:\Users\Lido\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-14] (Google Inc.)
Task: {C8CD50BF-E76E-4ED2-B68F-38DDDEF69D96} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {E0CCB74C-2D7C-482D-94F5-139D28CA7F19} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {F090C608-D4F8-45D6-B051-485C7D46F7B0} - \The weDownload Manager-firefoxinstaller No Task File <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001Core.job => C:\Users\Lido\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001UA.job => C:\Users\Lido\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-01-08 11:04 - 2012-08-08 22:36 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-04-21 09:47 - 2005-04-22 00:36 - 00143360 ____R () C:\windows\system32\BrSNMP64.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 01523560 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-23 22:21 - 2011-11-23 22:21 - 00105576 ____R () C:\Program Files (x86)\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll
2014-02-03 18:50 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 05979488 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\PCShowServer.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 03261280 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\DrmSingleton.dll
2014-03-26 18:42 - 2014-03-26 18:42 - 00338784 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\ndsLogStore.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 02229096 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\DiscoveryManager.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 00689000 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 01403224 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\libxml2-2.dll
2014-03-26 18:42 - 2014-03-26 18:42 - 00091976 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\z.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 00060272 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\libgstinterfaces-0.10.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 00043880 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\libgstvideo-0.10.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 00205672 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\libgstbase-0.10.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 07730016 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\gsttspplugin.dll
2014-06-18 23:07 - 2014-04-01 14:37 - 00371712 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-01-04 15:27 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2013-07-07 09:20 - 2014-09-25 14:31 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Freemake Improver => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: IviRegMgr => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Norton PC Checkup Application Launcher => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: RichVideo64 => 2
MSCONFIG\Services: SafeCopy Crawler => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: Updater By SweetPacks => 2
MSCONFIG\Services: WDBackup => 2
MSCONFIG\Services: WDDriveService => 2
MSCONFIG\Services: WDRulesService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\windows\pss\Audible Download Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Lido^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DW6 => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Lido\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: HWSetup => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeNotify => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SafeCopy => C:\Program Files\SafeCopy\SafeCopy.exe
MSCONFIG\startupreg: sketchmanager => C:\Program Files (x86)\Wacom\Inkling Sketch Manager\SketchManager.exe tray
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TivoNotify => C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify
MSCONFIG\startupreg: TivoServer => C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer
MSCONFIG\startupreg: TivoTransfer => C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\real\realplayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TranscodingService => C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\Lido\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

========================= Accounts: ==========================

Administrator (S-1-5-21-1135327352-3689979529-191883833-500 - Administrator - Disabled)
Guest (S-1-5-21-1135327352-3689979529-191883833-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1135327352-3689979529-191883833-1002 - Limited - Enabled)
Lido (S-1-5-21-1135327352-3689979529-191883833-1001 - Administrator - Enabled) => C:\Users\Lido

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/28/2014 09:18:54 AM) (Source: TabletServicePen) (EventID: 0) (User: )
Description: Could not init tablet driver


System errors:
=============
Error: (10/27/2014 01:18:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (10/28/2014 09:18:54 AM) (Source: TabletServicePen) (EventID: 0) (User: )
Description: Could not init tablet driver


CodeIntegrity Errors:
===================================
  Date: 2012-10-31 20:20:03.485
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-10-31 20:20:03.405
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-10-31 20:20:03.315
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-10-31 20:20:03.215
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-13 14:37:13.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-13 14:37:13.724
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-13 14:37:13.296
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-13 14:37:13.219
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-13 14:37:13.135
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-13 14:37:13.037
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 45%
Total physical RAM: 3890.67 MB
Available physical RAM: 2103.04 MB
Total Pagefile: 7779.52 MB
Available Pagefile: 5621.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI106041W0C) (Fixed) (Total:452.7 GB) (Free:269.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (My Book) (Fixed) (Total:931.48 GB) (Free:296.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 2604F481)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=452.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.6 GB) - (Type=17)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00073856)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[zep516]

Hello,

What issues remain with the computer ?