Removed FireFox...Now have Microsoft Error and now have message to call # within 5 minutes

[Sandra1960]

I had issues with FireFox minimizing and not able to open from taskbar...uninstalled it and shutdown system. Reinstalled and still issue. Then received Microsoft error message and the adware popup. Like a fool, called the # and now have people calling off the hook.

Found your forum via searching on phone for removing adware, but wanted to ensure I was doing correctly. Before proceeding, created a thread. Guess I need hand holding....

 

[TwinHeadedEagle]

Hello and welcome


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
  
  
  
  
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[Sandra1960]

Hello,
When trying to download the 64 bit, I received error: FRST64 (1).EXE is not commonly downloaded and could harm your computer.

Options are Delete \ run or view downloads....

Help?

 

[TwinHeadedEagle]

It is false detection, you can run FRST, no worries.

 

[Sandra1960]

It is false detection, you can run FRST, no worries.

THANK YOU!!! Here are reports!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by Sandra (administrator) on BABYCAKES (18-04-2016 19:04:49)
Running from C:\Users\Sandra\Downloads
Loaded Profiles: Sandra (Available Profiles: Sandra)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Pulse Secure, LLC) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
() C:\Windows\jmesoft\Service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(Pokki) C:\Users\Sandra\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Leader Technologies Inc.) C:\Program Files (x86)\LTCM Client\ltcmClient.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Pokki) C:\Users\Sandra\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Sandra\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Sandra\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
(Farbar) C:\Users\Sandra\Downloads\FRST64 (2).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1583808 2009-03-02] (Leader Technologies Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [522552 2015-12-10] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2015-12-10] (Citrix Systems, Inc.)
HKU\S-1-5-21-4136084066-1488815536-574882589-1002\...\Run: [EPSON Artisan 50 Series] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFFA.EXE [223232 2008-10-09] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4136084066-1488815536-574882589-1002\...\RunOnce: [Application Restart #0] => C:\Users\Sandra\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-cl (the data entry has 551 more characters).
HKU\S-1-5-18\...\Run: [EPSON Artisan 50 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFFA.EXE [223232 2008-10-09] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{C35511DA-A935-4AF9-B170-14EA87E347BC}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://[URL="http://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_5"]www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_5[/URL]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://[URL="http://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_5"]www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_5[/URL]
HKU\S-1-5-21-4136084066-1488815536-574882589-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://[URL="http://www.bing.com/?pc=cosp&ptag=ADC890F4567&form=CONMHP&conlogo=CT3210127"]www.bing.com/?pc=cosp&ptag=ADC890F4567&form=CONMHP&conlogo=CT3210127[/URL]
HKU\S-1-5-21-4136084066-1488815536-574882589-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4136084066-1488815536-574882589-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKU\S-1-5-21-4136084066-1488815536-574882589-1002 -> DefaultScope {8B56AF47-2F25-11E5-BE9E-7427EAC7C62F} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4136084066-1488815536-574882589-1002 -> {8B56AF47-2F25-11E5-BE9E-7427EAC7C62F} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4136084066-1488815536-574882589-1002 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://search.coupons.com/search.asp?p=df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4136084066-1488815536-574882589-1002 -> {AC2B5C00-B391-4D0B-B254-5F7AC38E4D05} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20140522,20028,0,88,0
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-14] (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\bin\IPS\IPSBHO.DLL [2014-09-12] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://mypc-wdc.wellington.com/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\lvt1pr04.default
FF DefaultSearchEngine: Web Search
FF DefaultSearchEngine.US: Web Search
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.2: 
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://homepage-web.com/?s=lenovo&m=start
FF Keyword.URL: hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20140522,20030,0,88,0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-12-10] (Citrix Systems, Inc.)
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll [2010-10-18] (Exent Technologies Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-07-22] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-05-24] (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: [URL="http://www.exent.com/GameTreatWidget"]www.exent.com/GameTreatWidget[/URL] -> C:\Program Files (x86)\FreeRide Games\NPGameTreatPlugin.dll [No File]
FF user.js: detected! => C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\lvt1pr04.default\user.js [2014-05-31]
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\lvt1pr04.default\searchplugins\Web Search.xml [2015-07-20]
FF Extension: 20-20 3D Viewer - WEB - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\lvt1pr04.default\Extensions\2020Player_WEB@2020Technologies.com [2014-09-01] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 dsNcService; C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe [675952 2015-07-06] (Pulse Secure, LLC)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-03] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-05-24] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe [144496 2014-09-12] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe [394592 2014-09-12] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-13] (Advanced Micro Devices)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20160401.015\BHDrvx64.sys [1766640 2016-03-11] (Symantec Corporation)
R1 ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys [162392 2014-09-12] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-30] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-30] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20160408.011\IDSvia64.sys [767224 2015-12-10] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20160410.022\ENG64.SYS [138488 2015-10-31] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20160410.022\EX64.SYS [2148080 2015-10-31] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSP64.SYS [880856 2014-09-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSPX64.SYS [37592 2014-09-12] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\SyDvCtrl64.sys [36952 2014-09-12] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\symefasi\0500010.01F\symefasi.sys [1611992 2015-07-03] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SymELAM.sys [23568 2014-09-12] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-07-03] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\Ironx64.SYS [266968 2014-09-12] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SYMNETS.SYS [593112 2014-09-12] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [159552 2015-07-03] (Symantec Corporation)
R1 Teefer2; C:\Windows\system32\DRIVERS\Teefer.sys [103384 2014-09-12] (Symantec Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-18 19:04 - 2016-04-18 19:06 - 00023027 _____ C:\Users\Sandra\Downloads\FRST.txt
2016-04-18 19:04 - 2016-04-18 19:04 - 00000000 ____D C:\FRST
2016-04-18 19:03 - 2016-04-18 19:03 - 02375680 _____ (Farbar) C:\Users\Sandra\Downloads\FRST64 (2).exe
2016-04-16 19:13 - 2016-04-16 19:13 - 02375168 _____ (Farbar) C:\Users\Sandra\Downloads\FRST64 (1).exe
2016-04-16 19:12 - 2016-04-16 19:12 - 01726464 _____ (Farbar) C:\Users\Sandra\Downloads\FRST.exe
2016-04-16 19:10 - 2016-04-16 19:10 - 02375168 _____ (Farbar) C:\Users\Sandra\Downloads\FRST64.exe
2016-04-13 12:17 - 2016-02-02 14:16 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-04-13 12:17 - 2016-01-21 15:35 - 00952928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-04-13 12:17 - 2016-01-21 14:42 - 00786152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-04-13 12:16 - 2016-04-04 02:35 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-04-13 12:16 - 2016-04-02 09:26 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-04-13 12:16 - 2016-04-02 09:26 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-04-13 12:16 - 2016-03-30 20:54 - 25817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 12:16 - 2016-03-30 20:31 - 02892800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-04-13 12:16 - 2016-03-30 20:28 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-04-13 12:16 - 2016-03-30 20:25 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-04-13 12:16 - 2016-03-30 20:17 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-04-13 12:16 - 2016-03-30 20:03 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 12:16 - 2016-03-30 19:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-04-13 12:16 - 2016-03-30 19:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-04-13 12:16 - 2016-03-30 19:55 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-04-13 12:16 - 2016-03-30 19:53 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-04-13 12:16 - 2016-03-30 19:51 - 02285056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-04-13 12:16 - 2016-03-30 19:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-04-13 12:16 - 2016-03-30 19:45 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-04-13 12:16 - 2016-03-30 19:45 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-04-13 12:16 - 2016-03-30 19:43 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-04-13 12:16 - 2016-03-30 19:43 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-04-13 12:16 - 2016-03-30 19:43 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-04-13 12:16 - 2016-03-30 19:42 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-04-13 12:16 - 2016-03-30 19:39 - 15415808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 12:16 - 2016-03-30 19:30 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-04-13 12:16 - 2016-03-30 19:30 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 12:16 - 2016-03-30 19:30 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-04-13 12:16 - 2016-03-30 19:30 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-04-13 12:16 - 2016-03-30 19:27 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-04-13 12:16 - 2016-03-30 19:24 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-04-13 12:16 - 2016-03-30 19:23 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-04-13 12:16 - 2016-03-30 19:23 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-04-13 12:16 - 2016-03-30 19:23 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-04-13 12:16 - 2016-03-30 19:21 - 13811712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 12:16 - 2016-03-30 19:18 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 12:16 - 2016-03-30 19:06 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-04-13 12:16 - 2016-03-30 19:05 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 12:16 - 2016-03-30 19:02 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 12:16 - 2016-03-30 19:00 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-04-13 12:16 - 2016-03-28 09:21 - 00698368 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-04-13 12:16 - 2016-03-28 09:21 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-04-13 12:16 - 2016-03-28 09:21 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-04-13 12:16 - 2016-03-28 09:21 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-04-13 12:16 - 2016-03-28 09:21 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-04-13 12:16 - 2016-03-15 19:00 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 12:16 - 2016-03-15 10:14 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 12:16 - 2016-03-11 10:48 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 12:16 - 2016-03-10 14:22 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-04-13 12:16 - 2016-03-10 14:21 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-04-13 12:16 - 2016-03-10 14:20 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-04-13 12:16 - 2016-03-10 13:44 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-04-13 12:16 - 2016-03-10 13:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-04-13 12:16 - 2016-03-10 13:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 12:16 - 2016-03-10 12:48 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 12:14 - 2016-03-10 15:19 - 07452512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 12:14 - 2016-03-10 15:17 - 01663192 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 12:14 - 2016-03-10 15:17 - 01523216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 12:14 - 2016-03-10 15:17 - 01490128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 12:14 - 2016-03-10 15:17 - 01358960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 12:14 - 2016-03-10 15:17 - 01133752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-04-13 12:14 - 2016-03-10 13:48 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-04-13 12:14 - 2016-03-10 13:43 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 12:14 - 2016-03-10 12:55 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 12:14 - 2016-03-10 12:42 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 12:14 - 2016-03-03 12:47 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 12:14 - 2016-03-03 12:33 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 12:14 - 2016-03-02 21:39 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-04-13 12:14 - 2016-03-02 21:39 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-04-13 12:14 - 2016-02-08 21:31 - 22365472 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-04-13 12:14 - 2016-02-08 21:31 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-04-13 12:14 - 2016-02-08 21:31 - 02757616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-04-13 12:14 - 2016-02-08 21:31 - 02412576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-04-13 12:14 - 2016-02-08 21:31 - 00273264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 12:14 - 2016-02-08 16:55 - 02712576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-04-13 12:14 - 2016-02-08 16:15 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-04-13 12:14 - 2016-02-08 16:02 - 01197056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-04-13 12:14 - 2016-02-08 15:48 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 12:14 - 2016-02-08 15:43 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-04-13 12:14 - 2016-02-08 15:40 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-04-13 12:14 - 2016-02-08 15:39 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-04-13 12:14 - 2016-02-08 15:37 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2016-04-13 12:14 - 2016-02-08 15:35 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-04-13 12:14 - 2016-02-08 15:34 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-04-13 12:14 - 2016-02-08 15:33 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-04-13 12:14 - 2016-02-08 14:50 - 03120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-04-13 12:14 - 2016-02-08 13:55 - 02592256 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-04-13 12:14 - 2016-02-08 13:33 - 01278464 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-04-13 12:14 - 2016-02-08 13:12 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 12:14 - 2016-02-08 13:02 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-04-13 12:14 - 2016-02-08 13:00 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-04-13 12:14 - 2016-02-08 12:58 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-04-13 12:14 - 2016-02-08 12:55 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2016-04-13 12:14 - 2016-02-08 12:53 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2016-04-13 12:14 - 2016-02-08 12:53 - 01348096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 12:14 - 2016-02-08 12:50 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-04-13 12:14 - 2016-02-08 12:50 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-04-13 12:14 - 2016-02-08 12:48 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-04-13 12:14 - 2016-02-08 12:47 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2016-04-13 12:14 - 2016-02-08 12:44 - 00955392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 12:14 - 2016-02-06 19:05 - 00551256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-04-13 12:14 - 2016-02-06 18:41 - 00316760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-04-13 12:14 - 2016-02-05 15:07 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-04-13 12:14 - 2016-02-05 11:11 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 12:14 - 2016-02-05 11:11 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 12:14 - 2016-02-05 11:07 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 12:14 - 2016-02-05 11:02 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 12:14 - 2016-02-05 10:46 - 01455104 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2016-04-13 12:14 - 2016-02-04 14:07 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpsapi.dll
2016-04-13 12:14 - 2016-02-04 13:35 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpsapi.dll
2016-04-13 12:14 - 2016-02-04 12:23 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-04-13 12:14 - 2016-02-04 12:22 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2016-04-13 12:14 - 2016-02-03 11:14 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2016-04-13 12:14 - 2016-02-03 11:11 - 01673728 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2016-04-13 12:14 - 2016-02-02 13:51 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2016-04-13 12:14 - 2016-02-02 13:19 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2016-04-13 12:14 - 2016-02-02 13:18 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2016-04-13 12:14 - 2016-02-02 13:15 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2016-04-13 12:14 - 2016-02-02 13:01 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2016-04-13 12:14 - 2016-02-02 12:51 - 02609152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-04-13 12:14 - 2016-02-02 12:48 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2016-04-13 12:14 - 2016-02-02 12:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll
2016-04-13 12:14 - 2016-02-02 12:41 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-04-13 12:14 - 2016-02-02 12:39 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2016-04-13 12:14 - 2016-01-31 13:17 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe
2016-04-13 12:14 - 2016-01-27 11:18 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2016-04-13 12:14 - 2016-01-26 15:15 - 00072024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2016-04-13 12:14 - 2016-01-22 01:22 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-04-13 12:14 - 2016-01-22 01:11 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-04-13 12:14 - 2016-01-20 18:40 - 00099672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2016-04-13 12:14 - 2014-11-07 22:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-04-13 12:14 - 2014-11-07 22:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-04-13 12:13 - 2016-03-29 10:05 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-04-13 12:13 - 2016-03-03 12:13 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-13 11:42 - 2016-04-16 18:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-18 19:03 - 2014-04-12 16:38 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4136084066-1488815536-574882589-1002
2016-04-18 19:02 - 2014-11-20 18:16 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B7CEC2C3-DBDF-44CF-BABC-717B3C17A085}
2016-04-18 19:02 - 2014-04-12 16:15 - 00000000 ____D C:\Users\Sandra\AppData\Local\SweetLabs App Platform
2016-04-18 18:58 - 2014-11-20 18:02 - 00000000 ____D C:\Users\Sandra\OneDrive
2016-04-16 19:03 - 2014-09-24 03:15 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-16 19:03 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2016-04-16 18:59 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-16 18:56 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-16 18:56 - 2013-08-22 10:44 - 00506320 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-14 11:38 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-14 11:37 - 2014-12-26 14:14 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-14 11:37 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-04-14 11:22 - 2014-05-16 08:24 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-14 10:56 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-14 10:55 - 2014-04-13 17:12 - 00002448 _____ C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2016-04-14 10:53 - 2014-04-14 19:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-14 10:52 - 2015-10-31 09:43 - 00003312 _____ C:\WINDOWS\System32\Tasks\SweetLabs App Platform
2016-04-14 10:48 - 2014-04-14 19:12 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-14 10:40 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-13 12:08 - 2016-01-14 18:29 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-04-13 12:07 - 2016-03-12 10:05 - 01737080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-04-13 12:07 - 2016-03-12 10:05 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-04-13 12:07 - 2016-03-12 10:05 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-04-11 11:02 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2016-04-11 10:25 - 2014-05-11 09:07 - 00000000 ____D C:\ProgramData\Symantec
2016-04-08 07:22 - 2014-05-16 08:24 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-04-05 17:53 - 2015-04-18 09:43 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-05 17:53 - 2015-04-18 09:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-03 10:53 - 2014-04-12 16:26 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\Nitro PDF
2016-03-29 14:53 - 2015-04-07 17:35 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-03-29 14:53 - 2015-04-07 17:35 - 00000000 ___SD C:\WINDOWS\system32\GWX

==================== Files in the root of some directories =======

2014-07-23 16:06 - 2014-07-23 16:06 - 0037881 _____ () C:\Users\Sandra\AppData\Roaming\Comma Separated Values.ADR
2013-09-11 21:54 - 2013-09-11 21:54 - 0000198 ____H () C:\ProgramData\Lenovo-29283.vbs

Some files in TEMP:
====================
C:\Users\Sandra\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Sandra\AppData\Local\Temp\JuniperSetupClientInstaller.exe
C:\Users\Sandra\AppData\Local\Temp\neoNCSetup64.exe
C:\Users\Sandra\AppData\Local\Temp\oct116D.tmp.exe
C:\Users\Sandra\AppData\Local\Temp\oct1DDB.tmp.exe
C:\Users\Sandra\AppData\Local\Temp\oct31C0.tmp.exe
C:\Users\Sandra\AppData\Local\Temp\oct5535.tmp.exe
C:\Users\Sandra\AppData\Local\Temp\oct7A78.tmp.exe
C:\Users\Sandra\AppData\Local\Temp\oct7C3F.tmp.exe
C:\Users\Sandra\AppData\Local\Temp\octA0B1.tmp.exe
C:\Users\Sandra\AppData\Local\Temp\octAE49.tmp.exe
C:\Users\Sandra\AppData\Local\Temp\octB698.tmp.exe
C:\Users\Sandra\AppData\Local\Temp\octBB2.tmp.exe
C:\Users\Sandra\AppData\Local\Temp\octC9B.tmp.exe
C:\Users\Sandra\AppData\Local\Temp\octCB1B.tmp.exe
C:\Users\Sandra\AppData\Local\Temp\octFEAC.tmp.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-01 15:50

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by Sandra (2016-04-18 19:08:59)
Running from C:\Users\Sandra\Downloads
Windows 8.1 (X64) (2014-11-20 21:58:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4136084066-1488815536-574882589-500 - Administrator - Disabled)
Guest (S-1-5-21-4136084066-1488815536-574882589-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4136084066-1488815536-574882589-1006 - Limited - Enabled)
Sandra (S-1-5-21-4136084066-1488815536-574882589-1002 - Administrator - Enabled) => C:\Users\Sandra

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Enabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Symantec Endpoint Protection (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon) <==== ATTENTION
AMD Catalyst Install Manager (HKLM\...\{C10D88EF-0AA9-7E56-CB0E-78C390D90A4D}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.0 - AppEx Networks)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.4.0.8014 - Citrix Systems, Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.9) (Version: 5.0.0.9 - Coupons.com Incorporated)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)
EPSON Artisan 50 Series Printer Uninstall (HKLM\...\EPSON Artisan 50 Series) (Version:  - SEIKO EPSON Corporation)
Epson CreativeZone (HKLM-x32\...\{E6C82F8F-2031-4825-8CC3-98C5960875C1}) (Version:  - )
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
FontForge version 1.0 (HKLM-x32\...\{16CB5DA9-AB24-4F1E-9D55-C088245B8120}_is1) (Version: 1.0 - Download Freely, LLC)
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.83.01 - Exent Technologies)
Game Arcade (HKU\S-1-5-21-4136084066-1488815536-574882589-1002\...\Pokki_8c0fb60d03e3ff6fd84a1ee0ac970f06a99b8304) (Version: 1.0.2.40574 - Pokki)
Host App Service (HKU\S-1-5-21-4136084066-1488815536-574882589-1002\...\SweetLabs_AP) (Version: 0.269.7.927 - Pokki)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
join.me (HKU\S-1-5-21-4136084066-1488815536-574882589-1002\...\JoinMe) (Version: 1.15.0.136 - LogMeIn, Inc.)
Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.30599 - Juniper Networks)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1511 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1511 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{13BD494D-9ACD-420B-A291-E145DED92EF6}) (Version: 2.6.001.00 - Lenovo Group Limited)
LTCM Client (HKLM-x32\...\LTCM Client) (Version:  - Leader Technologies Inc.)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2 - Mozilla)
Nitro Pro 8 (HKLM\...\{5B441131-BBE4-4AB7-BBD2-974B9E6F5587}) (Version: 8.5.4.11 - Nitro)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.4.0.8014 - Citrix Systems, Inc.) Hidden
Pulse Secure Network Connect 8.1 (HKLM-x32\...\Pulse Secure Network Connect 8.1) (Version: 8.1.4.37085 - Pulse Secure, LLC)
Pulse Secure Setup Client (HKU\S-1-5-21-4136084066-1488815536-574882589-1002\...\Juniper_Setup_Client) (Version: 8.1.4.60057 - Pulse Secure, LLC)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.7.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6864 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Self-service Plug-in (x32 Version: 4.4.0.11833 - Citrix Systems, Inc.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Start Menu (HKU\S-1-5-21-4136084066-1488815536-574882589-1002\...\SweetLabs_Start_Menu) (Version: 0.269.7.927 - Pokki)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Symantec Endpoint Protection (HKLM\...\{A5DCF955-5D4A-471D-8CB3-DCFDF5C5DEE7}) (Version: 12.1.5337.5000 - Symantec Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {258C1C75-C8E8-484B-AA43-7071E4F6D0FC} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-03] (Lenovo)
Task: {29D8A275-4965-4B1B-A085-69C5CF15DD20} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-03] ()
Task: {2F44FE90-EB0B-447E-AF75-5DA1086750E7} - System32\Tasks\SweetLabs App Platform => C:\Users\Sandra\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-04-14] (Pokki)
Task: {30550B12-A1F0-46B0-AABC-DE297B2C2136} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {4E755C26-1489-4169-972B-02721223FE45} - System32\Tasks\Lenovo\Lenovo-29283 => C:\ProgramData\Lenovo-29283.vbs [2013-09-11] ()
Task: {54E7345A-62AA-4E28-BA88-66EA3AB07F69} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-31] (Microsoft Corporation)
Task: {62E299CF-DE32-45F1-98B8-256DC404FF2D} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-09-03] (Lenovo)
Task: {65CA9170-178E-406B-8E6B-6364766DC0F9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {95F0A614-C128-4DFE-A393-AF0AD49D6C0D} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {9B0B0C34-9715-420A-A202-64729C9727F4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {A3196D2D-E999-4151-AD0B-57504A623DEA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {AB7A5C4F-EAB4-4B80-86CF-45BFD9F97FC3} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-03] ()
Task: {CB32C681-771C-4295-8CAE-4FB83CD57A2E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-31] (Microsoft Corporation)
Task: {D6229634-164F-4D22-AFD4-663302F7ABAB} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-09-03] (Lenovo)
Task: {EA930DAA-3BB4-4DB0-A080-3AA0D988AD35} - System32\Tasks\MsgUpdateCheck (de5e9f60-5adf-404f-9048-3ab8bfd91685) => C:\SmartDraw CI\MarkedUp\tray\TrayNotifierNET35.exe [2014-08-20] (MarkedUp Inc)
Task: {EC2A0109-69A5-4ADE-A7C6-AF94E64B2415} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {FA3ECF91-2F01-4B66-BADF-04874D5B5214} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-14] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Sandra\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\13849309640.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -pinnedSite -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0xae86fc1c -pinnedTimeHigh 0x01cf097f -securityFlags 0x00000000 -url 0x00000021 hxxps://[URL="http://www.facebook.com/home.php"]www.facebook.com/home.php[/URL]

==================== Loaded Modules (Whitelisted) ==============

2014-07-22 15:55 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-11 21:51 - 2011-08-16 23:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2013-09-11 22:15 - 2013-05-14 14:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-10-31 09:48 - 2015-09-01 12:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-03 12:40 - 2015-07-03 12:40 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-09-11 21:51 - 2011-08-16 23:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2014-07-04 22:33 - 2014-07-04 22:33 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-09-11 21:51 - 2011-05-17 16:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-04 19:59 - 2009-12-04 19:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 20:04 - 2009-12-04 20:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2016-02-28 09:16 - 2016-02-28 09:16 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-05-03 19:51 - 2015-05-03 19:52 - 01754296 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\tmpod.dll
2016-02-28 09:16 - 2016-02-28 09:16 - 01032360 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2016-04-13 19:00 - 2016-04-13 19:00 - 00569856 _____ () C:\Users\Sandra\AppData\Local\SweetLabs App Platform\Engine\ppGoogleNaClPluginChrome.dll
2016-04-13 19:00 - 2016-04-13 19:00 - 01400846 _____ () C:\Users\Sandra\AppData\Local\SweetLabs App Platform\Engine\avcodec-54.dll
2016-04-13 19:00 - 2016-04-13 19:00 - 00151054 _____ () C:\Users\Sandra\AppData\Local\SweetLabs App Platform\Engine\avutil-51.dll
2016-04-13 19:00 - 2016-04-13 19:00 - 00222734 _____ () C:\Users\Sandra\AppData\Local\SweetLabs App Platform\Engine\avformat-54.dll
2014-07-22 15:27 - 2015-07-22 20:40 - 00122024 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll
2016-02-28 09:16 - 2016-02-28 09:16 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4136084066-1488815536-574882589-1002\...\wellington.com -> hxxps://mypc-wdc.wellington.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2015-12-21 04:22 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4136084066-1488815536-574882589-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E65916E1-182B-4F0A-827A-AA615892CAB9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{87C94900-338D-43C3-9452-1D652247C122}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe
FirewallRules: [{2F1A8C4F-AE37-4B11-BA5A-F33277B7A9FC}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe
FirewallRules: [{CA731E3A-C41C-4DCF-B539-21A5C777D287}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
FirewallRules: [{C93CBD10-7E13-446E-9372-6333F01939F4}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
FirewallRules: [{4E5E57A1-13D1-4877-84CD-CD027390B7F0}] => (Block) C:\program files (x86)\citrix\ica client\wfica32.exe
FirewallRules: [{11EA10D8-3D54-414A-BCD9-550A580276BC}] => (Block) C:\program files (x86)\citrix\ica client\wfica32.exe
FirewallRules: [UDP Query User{D4A695E9-666E-486A-A76C-825EF2CC4E1A}C:\program files (x86)\citrix\ica client\wfica32.exe] => (Allow) C:\program files (x86)\citrix\ica client\wfica32.exe
FirewallRules: [TCP Query User{9CC28B22-6BD0-442F-AD71-48EE20794781}C:\program files (x86)\citrix\ica client\wfica32.exe] => (Allow) C:\program files (x86)\citrix\ica client\wfica32.exe
FirewallRules: [{671582AD-CA99-46FC-92FA-A71819516C0D}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{443F1380-6E8C-4037-8BE6-426BFC029B72}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{898D6789-A6CA-4BE4-895E-5B464EA43521}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{8468A450-BDFE-4BBD-94BF-663C9E451CD3}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{6E83C269-E89B-48AE-90CF-017C4B6D6061}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{EC15E5CA-6B2A-4E97-966A-A671D639B2F6}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{349A7CC9-E40C-4293-B7A8-E5EF43D7CD50}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{AA40132A-51D9-4ED6-A4FA-F1468743E5A0}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{7B20FBFB-B116-4D4A-BE8A-A9C15577EAAD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{AC9318ED-27A6-4A13-AC7B-E572E348ED78}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\Smc.exe
FirewallRules: [{D467FA14-B2E3-4D5F-BDA7-D77619B0EB4B}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\Smc.exe
FirewallRules: [{FFABB08F-C0BA-4167-BC64-8FD6574898C9}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe
FirewallRules: [{DE437B27-C8FD-4A05-9044-FD86234A5153}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe
FirewallRules: [{36E8D81D-40D5-49E7-BE58-22DED0DF9F58}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{B79390B7-2E7B-407E-815F-23FAFED1C266}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

==================== Restore Points =========================

16-03-2016 20:06:09 Installed DirectX
29-03-2016 14:35:18 Windows Update
11-04-2016 10:56:52 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2016 11:49:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 0.0.0.0, time stamp: 0x57070ec1
Faulting module name: xul.dll, version: 0.0.0.0, time stamp: 0x57071d18
Exception code: 0x80000003
Fault offset: 0x008d9d45
Faulting process id: 0x15f0
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3
Faulting package full name: firefox.exe4
Faulting package-relative application ID: firefox.exe5

Error: (04/11/2016 10:05:42 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (04/11/2016 10:05:36 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/11/2016 09:59:04 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (04/11/2016 09:58:48 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/11/2016 09:46:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 16a8

Start Time: 01d193f720a5ad9c

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: c1a77cbc-ffeb-11e5-beab-7427eac7c62f

Faulting package full name:

Faulting package-relative application ID:

Error: (04/11/2016 09:38:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program setup-stub.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ed8

Start Time: 01d193f7518398d9

Termination Time: 0

Application Path: C:\Users\Sandra\AppData\Local\Temp\7zS134A.tmp\setup-stub.exe

Report Id: a66cb298-ffea-11e5-beab-7427eac7c62f

Faulting package full name:

Faulting package-relative application ID:

Error: (04/08/2016 05:30:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 45.0.1.5918 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c5c

Start Time: 01d191da783815d0

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 254ce693-fdd1-11e5-beab-7427eac7c62f

Faulting package full name:

Faulting package-relative application ID:

Error: (03/30/2016 02:33:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 170

Start Time: 01d18ab11fc58d17

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: e9199022-f6a5-11e5-beab-7427eac7c62f

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/19/2016 10:11:53 AM) (Source: Microsoft Office 15) (EventID: 2000) (User: )
Description: Microsoft Outlook: Accepted Safe Mode action : Outlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.

Do you want to start in safe mode?.
Accepted Safe Mode action : Microsoft Outlook.


System errors:
=============
Error: (04/16/2016 07:20:03 PM) (Source: DCOM) (EventID: 10010) (User: BABYCAKES)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/16/2016 07:20:03 PM) (Source: DCOM) (EventID: 10010) (User: BABYCAKES)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/16/2016 07:20:03 PM) (Source: DCOM) (EventID: 10010) (User: BABYCAKES)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/16/2016 07:20:03 PM) (Source: DCOM) (EventID: 10010) (User: BABYCAKES)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/16/2016 07:20:02 PM) (Source: DCOM) (EventID: 10010) (User: BABYCAKES)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/16/2016 07:20:02 PM) (Source: DCOM) (EventID: 10010) (User: BABYCAKES)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/16/2016 06:56:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Coupon Printer Service service failed to start due to the following error: 
%%2

Error: (04/16/2016 06:56:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: 
%%31

Error: (04/16/2016 06:56:24 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)

Error: (04/13/2016 01:28:43 PM) (Source: DCOM) (EventID: 10010) (User: BABYCAKES)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


CodeIntegrity:
===================================
  Date: 2015-07-03 12:35:56.823
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-03 12:35:56.338
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-03 12:35:55.854
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-03 12:35:54.729
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-03 12:35:54.166
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-03 12:35:38.729
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-03 12:35:38.135
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-03 12:35:37.635
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-03 12:35:37.088
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-03 12:35:36.479
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD A6-5200 APU with Radeon(TM) HD Graphics 
Percentage of memory in use: 38%
Total physical RAM: 5551.02 MB
Available physical RAM: 3389.63 MB
Total Virtual: 6447.02 MB
Available Virtual: 3985.05 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:904.81 GB) (Free:855.96 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Seagate Expansion Drive) (Fixed) (Total:1863.02 GB) (Free:1853.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 74BBD78D)

Partition: GPT.

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 90A0DBAA)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[TwinHeadedEagle]

Reports should be attached(uploaded) and not copied.

 

[Sandra1960]

Reports should be attached(uploaded) and not copied.

UGH...try these....

Thank you!

 

[TwinHeadedEagle]

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  emptyclsid;
  emptyalltemp;
  ipconfig /flushdns >>"%temp%\log.txt";b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.

 

[Sandra1960]

Attached is the zoek-results log.

Thank you!!

 

[TwinHeadedEagle]

How is your PC behaving now?

 

[Sandra1960]

Attached is the zoek-results log.

Thank you!!

I just logged on and yes seems to be!! That Zoek thingie you had me run...did that remove a virus?

Appreciate your help!

 

[TwinHeadedEagle]

Yes, Zoek is a great tool