Need Help with Vitruvian and Conduit -please

[2wisted]

Malwarebytes found the following: Vitruvian and Conduit

 

Deleted from quarenteen - then after reboot I ran Farbar discovery tool:

 

Files are attached as the post is too long with just one file.

 

*** I have not proceeded after running farbar recovery.  results posted below. Would appreciate next steps.  Thanks a Ton 2wisted !

Discovery.docx

protection-log-2015-08-20.xml

mbam-log-2015-08-20 (02-57-00).xml

Addition.txt

FRST.txt

[TwinHeadedEagle]

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

• We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
• Note that we may live in totally different time zones, what may cause some delays between answers.
• Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
• Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
• Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 

---

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:

  createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns >>"%temp%\log.txt";b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
• Post its content into your next reply.

[2wisted]

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by dreamrecords on Sun 08/23/2015 at 10:00:42.62.
Microsoft Windows 10 Home 10.0.10240  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\dreamrecords\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

8/23/2015 10:04:30 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Cisco deleted successfully
C:\Program Files\McAfee deleted successfully
C:\Program Files\Common Files\Intel deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\Cozi deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\dreamrecords\AppData\LocalGoogle deleted successfully
C:\Users\dreamrecords\AppData\Local\CRE deleted successfully
C:\Users\dreamrecords\AppData\Local\DataSafeOnline deleted successfully
C:\Users\dreamrecords\AppData\Local\EmieSiteList deleted successfully
C:\Users\dreamrecords\AppData\Local\EmieUserList deleted successfully
C:\Users\dreamrecords\AppData\Local\NetworkTiles deleted successfully
C:\Users\dreamrecords\AppData\Local\Opera Software deleted successfully
C:\Users\dreamrecords\AppData\Local\PackageAware deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4087391027-3474875736-3329529687-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{10327240-9E24-4442-A32F-152C51BF3DDC} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\DREAMR~1\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default

user.js not found
---- Lines valueApps removed from prefs.js ----
user_pref("valueApps.storage.mam_gk_userId", "36633833346634662D396630612D346539612D386264392D373164366261646463633030");
---- FireFox user.js and prefs.js backups ----

prefs_20150823_1030_.backup

==== Batch Command(s) Run By Tool======================


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Cisco not found
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~2\Windows Live SkyDrive deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Photo Pro X3 deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\wininit.ini deleted
C:\WINDOWS\Syswow64\SETE91D.tmp deleted
C:\WINDOWS\Syswow64\SETE9CA.tmp deleted
C:\Users\DREAMR~1\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\searchplugins\bingp.xml deleted
C:\PROGRA~3\TempMOBK-update-4ec82966293498cc5bd9350557ef54e8.exe deleted
C:\PROGRA~3\TempMOBK-update-f83e734ebeb77aba27db234c8e16f028.exe deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\DREAMR~1\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default
user_pref("browser.startup.homepage", "http://www.msn.com/?pc=BDT5&ocid=BDT5DHP&osmkt=en-us&DT=081815|http://www.google.com/");
user_pref("browser.search.defaultenginename", "Bing ");
user_pref("browser.search.selectedEngine", "Bing ");
user_pref("keyword.URL", "http://www.bing.com/search?FORM=BDT5DF&PC=BDT5&dt=081815&q=");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"bdwteff@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff" [08/13/2015 06:52 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"bdwteff@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff" [08/13/2015 06:52 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\DREAMR~1\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default
- Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default
3C39B899EB79C85746124ABF44B83587    - C:\Users\dreamrecords\AppData\Roaming\raidcall\plugins\nprcplugin.dll -    Raidcall plugin
4BF70B35B943BD73BD6E13EB7C1BA4B3    - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll -    Shockwave Flash
2557FBC582910A71CDEB0F22886D118D    - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll -    Shockwave Flash
EC55112EDB2CE5BC2BFCACDB9C2150F4    - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll -    Shockwave Flash
A1ED62FB6112C50AAEEF78BFC780662A    - C:\Users\dreamrecords\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll -    Microsoft Lync Web App Plug-in
3CD19649B2C3023D65E67C056457A2BC    - C:\Users\dreamrecords\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll -    Facebook Video Calling Plugin
A1ED62FB6112C50AAEEF78BFC780662A    - C:\Users\dreamrecords\AppData\Roaming\Mozilla\plugins\npLWAPlugin15.8.dll -    Microsoft Lync Web App Plug-in


==== Chromium Look ======================

Google Chrome Version: 44.0.2403.157

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fabcmochhfpldjekobfaaggijgohadih - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
fcfenmboojpjinhpgggodefccipikbpd - No path found[]
ncmdmcjifbkefpaijakdbgfjbpaonjhg - No path found[]

Comodo Drag&Drop Service - dreamrecords\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - dreamrecords\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
PrivDog - dreamrecords\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Bitdefender Wallet - dreamrecords\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih
Chrome Hotword Shared Module - dreamrecords\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Gamers Unite Snag Bar - dreamrecords\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncmdmcjifbkefpaijakdbgfjbpaonjhg

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=BDT5&ocid=BDT5DHP&osmkt=en-us&DT=081815"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=BDT5&ocid=BDT5DHP&osmkt=en-us&DT=081815"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?FORM=BDT5DF&PC=BDT5&DT=081815&q={searchTerms}&src=IE-SearchBox"
{2C7E0D1A-0E36-48F9-A15E-F48521F15313} Unknown  Url="Not_Found"
{F0F017B0-488A-4100-BE16-04297A129ACD} Unknown  Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4087391027-3474875736-3329529687-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{27B4851A-3207-45A2-B947-BE8AFE6163AB} deleted successfully
HKEY_USERS\S-1-5-21-4087391027-3474875736-3329529687-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{27B4851A-3207-45A2-B947-BE8AFE6163AB} deleted successfully
HKEY_USERS\S-1-5-21-4087391027-3474875736-3329529687-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2C7E0D1A-0E36-48F9-A15E-F48521F15313} deleted successfully
HKEY_USERS\S-1-5-21-4087391027-3474875736-3329529687-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F0F017B0-488A-4100-BE16-04297A129ACD} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2C7E0D1A-0E36-48F9-A15E-F48521F15313} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F0F017B0-488A-4100-BE16-04297A129ACD} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\dreamrecords\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\dreamrecords\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\dreamrecords\AppData\Local\Mozilla\Firefox\Profiles\9nmicjl3.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\dreamrecords\AppData\Local\Comodo\Dragon\User Data\Default\Cache emptied successfully
C:\Users\dreamrecords\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=11 folders=2 28788103 bytes)

==== Empty Temp Folders ======================

C:\Users\dreamrecords\AppData\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\DREAMR~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Sun 08/23/2015 at 11:05:36.71 ======================
 

[2wisted]

Thank you for all your help Mr  TwinHeadedEagle !!!

[TwinHeadedEagle]

How is your PC behaving now?

[2wisted]

Now that the conduit and vitruvian are cleaned up - i now have the 'dreaded double-click' - mouse issue.  I noticed a few things from my internet;

ad double click   adserver adtechus.com search doubleverify  olm.moster.com 

 

Then a suspcisious script from the following:

 

http:/ff6-us.adhigh.net/p/if....gAKoOTMrwEAA%eD%eD&w=0.73333:18

 

am running throuough scan again  today, however nothing was found yesturday.  Any thoughts ?

[TwinHeadedEagle]

Does it happen in all browsers?

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on icon and select Run as Administrator to start the tool.

  (XP users click run after receipt of Windows Security Warning - Open File).

• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

[2wisted]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-08-2015
Ran by dreamrecords (2015-08-30 19:30:05)
Running from C:\Users\dreamrecords\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================

Administrator (S-1-5-21-4087391027-3474875736-3329529687-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4087391027-3474875736-3329529687-503 - Limited - Disabled)
dreamrecords (S-1-5-21-4087391027-3474875736-3329529687-1000 - Administrator - Enabled) => C:\Users\dreamrecords
Guest (S-1-5-21-4087391027-3474875736-3329529687-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4087391027-3474875736-3329529687-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accelerometer (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 1.06.08.17 - STMicroelectronics)
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 3.9.2 - Atomi Systems, Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.475.0 - Microsoft Corporation)
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 19.2.0.151 - Bitdefender)
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Corel PaintShop Photo Pro X3 (HKLM-x32\...\_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}) (Version: 1.6.1.98 - Corel Corporation)
Corel PaintShop Photo Pro X3 (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 14.0.2.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) Hidden
EMCGadgets64 (Version: 1.0.302 - Sonic) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
FastAccess (HKLM\...\{876F4556-6811-4341-A6D7-78C3F15420E2}) (Version: 2.4.91.1 - Sensible Vision)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
ICA (x32 Version: 1.6.1.98 - Corel Corporation) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2097 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
IPM_PSP_Pro (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LoJack Factory Installer (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0 - Absolute Software)
Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.1.0.2483 - McAfee, Inc.)
Microsoft Lync Basic 2013 (HKLM-x32\...\Office15.LYNCENTRY) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{9D849A85-766F-4862-8390-2AE57BC4C53B}) (Version: 15.8.8308.301 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Access 2003 Runtime (HKLM-x32\...\{901C0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaintShop Photo Pro X3 Registration Incentive (x32 Version: 1.00.0000 - Corel Corporation) Hidden
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
PSPPContent (x32 Version: 1.00.0000 - Corel Corporation) Hidden
PSPPRO_DCRAW (x32 Version: 13.0.0 - Corel Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.18 - Dell Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.8-1.0.8500.20 - raidcall.com)
Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
Screenshot Captor 4.03.00 (HKLM-x32\...\ScreenshotCaptor_is1) (Version:  - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-012D-0000-0000-0000000FF1CE}_Office15.LYNCENTRY_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Setup (x32 Version: 1.6.1.98 - Corel Corporation) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sound Blaster X-Fi MB (HKLM-x32\...\{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}) (Version: 1.0 - Creative Technology Limited)
Sound Organizer (HKLM-x32\...\{95B9D945-C782-44F8-AD12-F9FE48EE7C94}) (Version: 1.1.0.12070 - Sony Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
Toshiba AutoTask (HKLM-x32\...\Toshiba AutoTask) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.LYNCENTRY_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version:  - Microsoft)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9603 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4087391027-3474875736-3329529687-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4087391027-3474875736-3329529687-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\dreamrecords\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4087391027-3474875736-3329529687-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\dreamrecords\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4087391027-3474875736-3329529687-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\dreamrecords\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4087391027-3474875736-3329529687-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\dreamrecords\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4087391027-3474875736-3329529687-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\dreamrecords\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4087391027-3474875736-3329529687-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\dreamrecords\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4087391027-3474875736-3329529687-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\dreamrecords\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4087391027-3474875736-3329529687-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\dreamrecords\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4087391027-3474875736-3329529687-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\dreamrecords\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4087391027-3474875736-3329529687-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\dreamrecords\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

23-08-2015 10:03:55 zoek.exe restore point
25-08-2015 16:22:08 Windows Modules Installer
28-08-2015 18:08:48 Windows Update
28-08-2015 18:10:20 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-08-17 18:42 - 00000029 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {033EE30E-6B70-4D0F-BC0D-4BDAD73F2F18} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {04C05CEF-C45F-4525-853C-1BBFB9646070} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {0CD38D9A-6FD4-436A-9E00-C97063328304} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {12D82A65-C2DA-49B9-A380-F347498BD64D} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {15782C9F-FEFB-475E-BDDC-2709569CD237} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {16409356-0F64-4974-A002-48E499236077} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {176F99D8-74FF-489D-8CB2-D6CB72889345} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {2BF8663B-20CF-4E38-8D1C-4910439933B2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {2EF1312B-19CE-4224-AA67-4AF1E40BBF4C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {2F594900-AE4F-48E4-8185-16F165399347} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {35800892-5648-41E3-8553-4A801F779EB1} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {36A7568F-F762-48DD-9115-B192660078C2} - System32\Tasks\LoJack for Laptops Install => C:\Program Files (x86)\Absolute Software\LoJack Install\FactoryInstaller.exe [2009-11-26] (Absolute Software)
Task: {3AA4239E-3F8D-4767-94E4-45DD6C78779E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {3F05CCAB-DE04-4618-9A98-9C64AD95C812} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {3F8EA8EC-693E-432E-AD0C-063CDA451692} - System32\Tasks\{F6CEBBA6-8231-4E64-B1AD-E8037E3E3786} => pcalua.exe -a "C:\Program Files (x86)\ERUNT\unins000.exe"
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {4D2B5BDC-EED3-46BB-B67C-AB55F297CDA2} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {5E9E4E08-9665-4588-8A74-47F4DB51DB8B} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {61ABC73D-DB78-4F37-BC8B-BF8CC4D94272} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {68D2670C-ACF5-42D5-B6BC-9455AEFA9805} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {78FB4DDF-C64D-4543-A0A6-BA505D859F6A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {79BA9627-5B41-4D41-AFBA-3DC5F4D7DAA3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {7C4B7F82-B2CA-4C3F-8ADB-27DD991AFCDE} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {7EF56D3D-C8CF-4D4D-BB70-767C31411716} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {8009EE18-FB72-43F5-9AEF-18D70FA2A244} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {821D4CC9-4A9C-47B7-9814-874E894D8B6A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {845E6347-B790-4867-83AC-65CC61C74BF5} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {86FF4561-9DFB-4E9F-A725-061B7DBCC219} - System32\Tasks\{51A82457-8142-46AD-BDB4-F8675D1D2D4A} => pcalua.exe -a C:\Users\dreamrecords\Desktop\erunt-setup.exe -d C:\Users\dreamrecords\Desktop
Task: {8958C9B1-2B01-42DF-B309-3FBD979BBF82} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-08-17] (Microsoft Corporation)
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {ACA0A9BC-4A1E-41A7-8079-7B9631F67E82} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6a3f5d16366 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {AE0C4ED1-30A6-48F8-B1FB-B6AA6FD337BA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {C1F332E7-5CF8-4782-A932-B530DEFED63E} - System32\Tasks\Disk Cleanup => C:\Windows\System32\cleanmgr.exe [2015-07-10] (Microsoft Corporation)
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {CDD1DC36-F67E-4EDF-BD1E-E1962BCFFC89} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {CE70C581-7948-499C-B509-07DD2FC92C71} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {CFAA4E62-58EC-4F6B-A33D-8BCD89122990} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {DB2A5F9A-30B9-4DA0-8FAA-55918E3986FE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-29] (Adobe Systems Incorporated)
Task: {E0BF55AF-57E4-442B-A42D-EB45BD1EFECB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {F30D2625-0B70-4FBD-B7EB-496A9F35B75D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {F850DA5F-EC68-4D54-A40A-29D2E6CC0CA5} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf6a3f5d16366.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-17 23:53 - 2015-08-17 23:53 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-20 09:46 - 2015-04-22 16:55 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2015-08-20 09:45 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2015-08-20 09:46 - 2015-08-13 18:36 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2015-08-20 09:46 - 2012-10-29 14:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-08-27 09:54 - 2015-08-27 09:54 - 00875352 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00750_003\ashttpbr.mdl
2015-08-27 09:54 - 2015-08-27 09:54 - 00741952 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00750_003\ashttpdsp.mdl
2015-08-27 09:54 - 2015-08-27 09:54 - 02800952 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00750_003\ashttpph.mdl
2015-08-27 09:54 - 2015-08-27 09:54 - 01413024 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00750_003\ashttprbl.mdl
2015-08-18 18:17 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-08-29 16:46 - 2015-08-18 02:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-29 16:46 - 2015-08-18 02:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-14 12:57 - 2015-07-14 12:57 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-06-19 18:30 - 2011-08-18 10:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2015-07-10 05:59 - 2015-07-10 05:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-17 23:53 - 2015-08-17 23:53 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-18 18:17 - 2015-08-11 03:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-17 23:53 - 2015-08-17 23:53 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 01807680 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2009-06-18 21:46 - 2009-06-18 21:46 - 00494064 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2015-08-20 09:45 - 2015-06-25 11:06 - 00472080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdidntconp.dll
2015-08-20 09:46 - 2015-08-13 18:36 - 00188928 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\ui\bdidntconp.ui
2015-08-26 18:08 - 2015-08-26 18:08 - 00133568 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.6027.10071.0_x64__8wekyb3d8bbwe\textinputdriver.dll
2010-02-22 15:25 - 2010-02-22 15:25 - 00094536 _____ () C:\WINDOWS\SYSTEM32\FAIEExtension.DLL
2010-02-09 13:34 - 2010-02-09 13:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2015-08-17 21:54 - 2014-09-05 11:55 - 00132808 _____ () C:\Users\dreamrecords\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\zoek-delete.exe:BDU
AlternateDataStreams: C:\Users\dreamrecords\Desktop\AdwCleaner.exe:BDU
AlternateDataStreams: C:\Users\dreamrecords\Downloads\Firefox Setup Stub 40.0.3 (1).exe:BDU

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4087391027-3474875736-3329529687-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\dreamrecords\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\VersionIndependent\images\45551.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{37724540-941D-4514-9F21-874498A225BA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A63E3EEA-9CFE-42AF-8201-8CBC01BCEA7E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C216899B-5A81-4AFD-831E-07BEB4E496A8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{CDBDA70F-E9E9-4A7E-B082-C0F7E1A62DE4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{6DE43C97-F9AB-4DF3-8E83-8B9C2D50A64D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{522AF6DC-7CD5-42BD-A3A4-4B726BCC5BC3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BBDF3F2A-184E-4AE7-AF61-E9299DB9E43D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{4AF4C9D3-8AD3-4903-B83C-39A8B34A4BD6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{97248D2A-560D-4953-9713-73825C4ECF9B}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [{AF94A532-794B-461B-8955-0779B89F309E}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe
FirewallRules: [{FD645250-B1A0-4D74-87AA-58BF6D65DC42}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe
FirewallRules: [{36004A84-A1B3-48B9-B04A-6C5F05684CD5}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{2F23B98C-29DF-4296-AA84-99B371DD4ED7}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{583CC10C-BB8F-42DB-B1A3-68503167DDCD}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{02C3CBF7-C67D-4BA1-B399-9DCF4C05457B}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{6BF144D0-A68B-49C7-B90F-3FDDFE3628D1}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [{B2A632CF-95AA-4F2B-9D97-5541D3F4DE1B}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [{2957E765-7662-4D5B-97A1-3D68C80C86A9}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{9CD03CD7-BBEA-4B93-B467-DBA96D3BBDAD}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{97723BE3-C1EA-4095-B40D-0660AD163E34}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{66C31F5C-931F-4B92-A39C-DECA01CCC7F9}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{5C013D96-78DF-4732-A609-66CFCB09CB5E}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{B5433DCD-AA28-477B-832D-E48E237F7DFE}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{FF55CC65-CB11-4623-A9E3-9A589A7841AF}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{09012D9E-BDA9-4B8A-A16A-A68CA8661695}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{05F05400-8F58-457E-8BE4-10C010C5E15F}] => (Allow) svchost.exe
FirewallRules: [{63A73365-51E6-4B89-AE9E-9D8D2CC70663}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{85A74D69-4D39-4235-9E5E-2D80354861B6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{89DCED9C-05DE-4D08-8345-CDFA4B2389A7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{50468104-64CC-46CB-A247-E10C1D1F0ABD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{07DB5899-8059-4185-B7C0-2CD45A99B676}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B28026AE-FF60-42EC-942B-41292E5484E9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{10C8BB27-65CF-4C0D-AF5D-4872ED035911}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{96E4964B-6844-4346-AFC8-21B57AD8F2BF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{82758BBF-B596-4230-86A7-C05B21E1EF48}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{793784E0-DF99-423A-B4C9-357C7D77C6B8}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E9DCBD47-C708-4E4F-8758-2E3044BBD887}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: facap, FastAccess Video Capture
Description: facap, FastAccess Video Capture
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Sensible Vision
Service: FACAP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/30/2015 07:11:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: onenoteim.exe, version: 16.0.6027.1007, time stamp: 0x55d451ad
Faulting module name: MSOIMM.dll, version: 16.0.6027.1007, time stamp: 0x55d45018
Exception code: 0xc0000005
Fault offset: 0x000000000077d934
Faulting process id: 0x678
Faulting application start time: 0xonenoteim.exe0
Faulting application path: onenoteim.exe1
Faulting module path: onenoteim.exe2
Report Id: onenoteim.exe3
Faulting package full name: onenoteim.exe4
Faulting package-relative application ID: onenoteim.exe5

Error: (08/30/2015 05:54:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OHub.exe, version: 16.0.6121.2376, time stamp: 0x55d7a527
Faulting module name: Mso30Imm.dll, version: 16.0.6118.1000, time stamp: 0x55d39fcf
Exception code: 0xc0000005
Fault offset: 0x0000000000012535
Faulting process id: 0x2550
Faulting application start time: 0xOHub.exe0
Faulting application path: OHub.exe1
Faulting module path: OHub.exe2
Report Id: OHub.exe3
Faulting package full name: OHub.exe4
Faulting package-relative application ID: OHub.exe5

Error: (08/30/2015 05:49:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DREAMRECORDS-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/30/2015 05:49:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DREAMRECORDS-PC)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/30/2015 05:49:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10240.16425, time stamp: 0x55bec5f5
Faulting module name: StartUI.dll, version: 10.0.10240.16431, time stamp: 0x55c9bb30
Exception code: 0xc0000005
Fault offset: 0x00000000003c3ba4
Faulting process id: 0x1a44
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5

Error: (08/30/2015 05:09:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 40.0.3.5716, time stamp: 0x55ddb213
Faulting module name: mozglue.dll, version: 40.0.3.5716, time stamp: 0x55dda062
Exception code: 0x80000003
Fault offset: 0x0000e250
Faulting process id: 0x728
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (08/30/2015 05:07:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 10.0.10240.16384, time stamp: 0x559f38cb
Faulting module name: wuaueng.dll, version: 10.0.10240.16463, time stamp: 0x55d56211
Exception code: 0xc0000005
Fault offset: 0x0000000000056840
Faulting process id: 0x2cc
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3
Faulting package full name: svchost.exe_wuauserv4
Faulting package-relative application ID: svchost.exe_wuauserv5

Error: (08/30/2015 04:42:10 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (08/30/2015 03:36:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OHub.exe, version: 16.0.6121.2376, time stamp: 0x55d7a527
Faulting module name: Mso30Imm.dll, version: 16.0.6118.1000, time stamp: 0x55d39fcf
Exception code: 0xc0000005
Fault offset: 0x0000000000012535
Faulting process id: 0x262c
Faulting application start time: 0xOHub.exe0
Faulting application path: OHub.exe1
Faulting module path: OHub.exe2
Report Id: OHub.exe3
Faulting package full name: OHub.exe4
Faulting package-relative application ID: OHub.exe5

Error: (08/30/2015 03:31:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DREAMRECORDS-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (08/30/2015 07:20:47 PM) (Source: DCOM) (EventID: 10029) (User: DREAMRECORDS-PC)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv

Error: (08/30/2015 06:24:27 PM) (Source: DCOM) (EventID: 10029) (User: DREAMRECORDS-PC)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv

Error: (08/30/2015 05:54:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/30/2015 05:52:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (08/30/2015 05:50:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (08/30/2015 05:49:26 PM) (Source: DCOM) (EventID: 10010) (User: DREAMRECORDS-PC)
Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca

Error: (08/30/2015 05:49:25 PM) (Source: DCOM) (EventID: 10010) (User: DREAMRECORDS-PC)
Description: App

Error: (08/30/2015 05:49:23 PM) (Source: DCOM) (EventID: 10010) (User: DREAMRECORDS-PC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (08/30/2015 05:49:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/30/2015 05:49:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


Microsoft Office:
=========================

CodeIntegrity:
===================================
  Date: 2015-08-30 15:43:35.843
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-30 15:43:35.775
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-30 15:43:33.617
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-30 15:43:33.597
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-30 15:43:33.568
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-30 15:43:33.467
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-30 15:43:32.767
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-30 15:08:06.153
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-30 15:08:06.116
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-30 15:08:05.986
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 48%
Total physical RAM: 3892.52 MB
Available physical RAM: 1992.81 MB
Total Virtual: 7860.52 MB
Available Virtual: 5350.68 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:345.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 06D985AF)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[2wisted]

First30.txt - too long to post so its attached.

 

*****************  yes it happens with all browswers which is the wierdest thing ..FRST aug 30.txt

[TwinHeadedEagle]

When exactly this happens? Does it happen on all websites?

[2wisted]

Ran ADwarecleaner and CCCleaner see below.  This issue is prevalant EVERywhere... simple things like trying to move a minimized browser, happens with all the office products; websites etc.  its not just a doubleclick its like the mouse has a mind of its own.  I am going to do some surfing and rerun the cleaner see what else pops up .. i haven't read the forum today either to see if there is a new virus that causes this behavior - or the MS forums will do though ... thank you TwinHeaded Eagle !!!

 

# AdwCleaner v5.004 - Logfile created 30/08/2015 at 09:27:56
# Updated 26/08/2015 by Xplode
# Database : 2015-08-30.1 [server]
# Operating system : Windows 10 Home  (x64)
# Username : dreamrecords - DREAMRECORDS-PC
# Running from : C:\Users\dreamrecords\Downloads\AdwCleaner(1).exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\dreamrecords\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
[-] Folder Deleted : C:\Users\dreamrecords\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[x] Folder Not Deleted : C:\Users\dreamrecords\AppData\Roaming\download Manager
[x] Folder Not Deleted : C:\Users\dreamrecords\Desktop\Conduit

***** [ Files ] *****

[-] File Deleted : C:\Users\dreamrecords\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage
[-] File Deleted : C:\Users\dreamrecords\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage-journal
[-] File Deleted : C:\Users\dreamrecords\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fcfenmboojpjinhpgggodefccipikbpd_0.localstorage
[-] File Deleted : C:\Users\dreamrecords\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fcfenmboojpjinhpgggodefccipikbpd_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key Deleted : HKCU\Software\AffiliatedUpdate
[!] Key Not Deleted : [x64] HKCU\Software\AffiliatedUpdate

***** [ Web browsers ] *****

[-] [C:\Users\dreamrecords\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com
[-] [C:\Users\dreamrecords\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com
[-] [C:\Users\dreamrecords\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] [search Provider] Deleted : aol.com
[-] [C:\Users\dreamrecords\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] [search Provider] Deleted : ask.com

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2609 bytes] ##########

 

[TwinHeadedEagle]

Do you have home router? Does it happen on other devices?

[2wisted]

I have a cable modem and a wifi netgear router.  Two private and secure networks ( access point protection on both ) - i have tested with all my other devices. Mac, surface, tablet and other PCs ... none of them are acting like this dell - i think its time to wipe this one clean.  Its been a year of virus' and i have no clue how it got in - in the first place.  talk about anoying !!! unless you have any other ideas i am totally willing to do just about anything ....  by the way, it happens with all my browsers, edge included...

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on icon and select Run as Administrator to start the tool.

  (XP users click run after receipt of Windows Security Warning - Open File).

• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

[2wisted]

Files attached too large to post.  Thank you so very much ... really thank you.

Addition.txt

FRST.txt

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.

  (XP users click run after receipt of Windows Security Warning - Open File).

• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please upload it to your reply.

---

Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Follow the prompts and let this process run uninterrupted.
• This scan can take a while, depending on your System specs.
• Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!

Please also manually reboot your machine after this procedure.

fixlist.txt

[2wisted]

fixlog.txt

Fixlog.txt

[2wisted]

please see attached

JRT.txt

[TwinHeadedEagle]

Good. How is your PC behaving now?

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!