Reply to thread

Message: <blockquote data-quote="Sandra1960" data-source="post: 502489" data-attributes="member: 51819">THANK YOU!!!  Here are reports![code]Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016Ran by Sandra (administrator) on BABYCAKES (18-04-2016 19:04:49)Running from C:\Users\Sandra\DownloadsLoaded Profiles: Sandra (Available Profiles: Sandra)Platform: Windows 8.1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL]==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AMD) C:\Windows\System32\atiesrxx.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Pulse Secure, LLC) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe() C:\Windows\jmesoft\Service.exe(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE() C:\Program Files\CyberLink\Shared files\RichVideo64.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(AMD) C:\Windows\System32\atieclxx.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe(Pokki) C:\Users\Sandra\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Lenovo) C:\Windows\jmesoft\hotkey.exe() C:\Windows\jmesoft\JME_LOAD.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe(Leader Technologies Inc.) C:\Program Files (x86)\LTCM Client\ltcmClient.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe(Pokki) C:\Users\Sandra\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe(Pokki) C:\Users\Sandra\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe(Pokki) C:\Users\Sandra\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe(Farbar) C:\Users\Sandra\Downloads\FRST64 (2).exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exeHKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exeHKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeyHKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1583808 2009-03-02] (Leader Technologies Inc.)HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [522552 2015-12-10] (Citrix Systems, Inc.)HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2015-12-10] (Citrix Systems, Inc.)HKU\S-1-5-21-4136084066-1488815536-574882589-1002\...\Run: [EPSON Artisan 50 Series] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFFA.EXE [223232 2008-10-09] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-4136084066-1488815536-574882589-1002\...\RunOnce: [Application Restart #0] => C:\Users\Sandra\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-cl (the data entry has 551 more characters).HKU\S-1-5-18\...\Run: [EPSON Artisan 50 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFFA.EXE [223232 2008-10-09] (SEIKO EPSON CORPORATION)ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76Tcpip\..\Interfaces\{C35511DA-A935-4AF9-B170-14EA87E347BC}: [DhcpNameServer] 75.75.75.75 75.75.76.76Internet Explorer:==================HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://[URL="http://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_5"]www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_5[/URL]HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://[URL="http://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_5"]www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_5[/URL]HKU\S-1-5-21-4136084066-1488815536-574882589-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://[URL="http://www.bing.com/?pc=cosp&ptag=ADC890F4567&form=CONMHP&conlogo=CT3210127"]www.bing.com/?pc=cosp&ptag=ADC890F4567&form=CONMHP&conlogo=CT3210127[/URL]HKU\S-1-5-21-4136084066-1488815536-574882589-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.comHKU\S-1-5-21-4136084066-1488815536-574882589-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.comSearchScopes: HKU\S-1-5-21-4136084066-1488815536-574882589-1002 -> DefaultScope {8B56AF47-2F25-11E5-BE9E-7427EAC7C62F} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}SearchScopes: HKU\S-1-5-21-4136084066-1488815536-574882589-1002 -> {8B56AF47-2F25-11E5-BE9E-7427EAC7C62F} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}SearchScopes: HKU\S-1-5-21-4136084066-1488815536-574882589-1002 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://search.coupons.com/search.asp?p=df&q={searchTerms}SearchScopes: HKU\S-1-5-21-4136084066-1488815536-574882589-1002 -> {AC2B5C00-B391-4D0B-B254-5F7AC38E4D05} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20140522,20028,0,88,0BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-14] (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No FileBHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-14] (Microsoft Corporation)BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\bin\IPS\IPSBHO.DLL [2014-09-12] (Symantec Corporation)BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation)DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cabDPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://mypc-wdc.wellington.com/dana-cached/sc/JuniperSetupClient.cabHandler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)FireFox:========FF ProfilePath: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\lvt1pr04.defaultFF DefaultSearchEngine: Web SearchFF DefaultSearchEngine.US: Web SearchFF SearchEngineOrder.1: YahooFF SearchEngineOrder.2: FF SelectedSearchEngine: Web SearchFF Homepage: hxxp://homepage-web.com/?s=lenovo&m=startFF Keyword.URL: hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20140522,20030,0,88,0FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-12-10] (Citrix Systems, Inc.)FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll [2010-10-18] (Exent Technologies Ltd.)FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-07-22] (Microsoft Corporation)FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-05-24] (Nitro PDF)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)FF Plugin-x32: [URL="http://www.exent.com/GameTreatWidget"]www.exent.com/GameTreatWidget[/URL] -> C:\Program Files (x86)\FreeRide Games\NPGameTreatPlugin.dll [No File]FF user.js: detected! => C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\lvt1pr04.default\user.js [2014-05-31]FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\lvt1pr04.default\searchplugins\Web Search.xml [2015-07-20]FF Extension: 20-20 3D Viewer - WEB - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\lvt1pr04.default\Extensions\2020Player_WEB@2020Technologies.com [2014-09-01] [not signed]==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)R2 dsNcService; C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe [675952 2015-07-06] (Pulse Secure, LLC)R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-03] ()R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-05-24] (Nitro PDF Software)R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe [144496 2014-09-12] (Symantec Corporation)S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe [394592 2014-09-12] (Symantec Corporation)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)S2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [X]S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-13] (Advanced Micro Devices)R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20160401.015\BHDrvx64.sys [1766640 2016-03-11] (Symantec Corporation)R1 ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys [162392 2014-09-12] (Symantec Corporation)S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-30] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-30] (Symantec Corporation)R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20160408.011\IDSvia64.sys [767224 2015-12-10] (Symantec Corporation)R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20160410.022\ENG64.SYS [138488 2015-10-31] (Symantec Corporation)R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20160410.022\EX64.SYS [2148080 2015-10-31] (Symantec Corporation)R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSP64.SYS [880856 2014-09-12] (Symantec Corporation)R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSPX64.SYS [37592 2014-09-12] (Symantec Corporation)S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\SyDvCtrl64.sys [36952 2014-09-12] (Symantec Corporation)R0 SymEFASI; C:\Windows\System32\drivers\symefasi\0500010.01F\symefasi.sys [1611992 2015-07-03] (Symantec Corporation)S0 SymELAM; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SymELAM.sys [23568 2014-09-12] (Symantec Corporation)R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-07-03] (Symantec Corporation)R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\Ironx64.SYS [266968 2014-09-12] (Symantec Corporation)R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SYMNETS.SYS [593112 2014-09-12] (Symantec Corporation)R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [159552 2015-07-03] (Symantec Corporation)R1 Teefer2; C:\Windows\system32\DRIVERS\Teefer.sys [103384 2014-09-12] (Symantec Corporation)U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation)S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2016-04-18 19:04 - 2016-04-18 19:06 - 00023027 _____ C:\Users\Sandra\Downloads\FRST.txt2016-04-18 19:04 - 2016-04-18 19:04 - 00000000 ____D C:\FRST2016-04-18 19:03 - 2016-04-18 19:03 - 02375680 _____ (Farbar) C:\Users\Sandra\Downloads\FRST64 (2).exe2016-04-16 19:13 - 2016-04-16 19:13 - 02375168 _____ (Farbar) C:\Users\Sandra\Downloads\FRST64 (1).exe2016-04-16 19:12 - 2016-04-16 19:12 - 01726464 _____ (Farbar) C:\Users\Sandra\Downloads\FRST.exe2016-04-16 19:10 - 2016-04-16 19:10 - 02375168 _____ (Farbar) C:\Users\Sandra\Downloads\FRST64.exe2016-04-13 12:17 - 2016-02-02 14:16 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys2016-04-13 12:17 - 2016-01-21 15:35 - 00952928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll2016-04-13 12:17 - 2016-01-21 14:42 - 00786152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll2016-04-13 12:16 - 2016-04-04 02:35 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe2016-04-13 12:16 - 2016-04-02 09:26 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll2016-04-13 12:16 - 2016-04-02 09:26 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll2016-04-13 12:16 - 2016-03-30 20:54 - 25817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2016-04-13 12:16 - 2016-03-30 20:31 - 02892800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2016-04-13 12:16 - 2016-03-30 20:28 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2016-04-13 12:16 - 2016-03-30 20:25 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2016-04-13 12:16 - 2016-03-30 20:17 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll2016-04-13 12:16 - 2016-03-30 20:03 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2016-04-13 12:16 - 2016-03-30 19:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll2016-04-13 12:16 - 2016-03-30 19:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2016-04-13 12:16 - 2016-03-30 19:55 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll2016-04-13 12:16 - 2016-03-30 19:53 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2016-04-13 12:16 - 2016-03-30 19:51 - 02285056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2016-04-13 12:16 - 2016-03-30 19:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll2016-04-13 12:16 - 2016-03-30 19:45 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll2016-04-13 12:16 - 2016-03-30 19:45 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll2016-04-13 12:16 - 2016-03-30 19:43 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2016-04-13 12:16 - 2016-03-30 19:43 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2016-04-13 12:16 - 2016-03-30 19:43 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2016-04-13 12:16 - 2016-03-30 19:42 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2016-04-13 12:16 - 2016-03-30 19:39 - 15415808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2016-04-13 12:16 - 2016-03-30 19:30 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2016-04-13 12:16 - 2016-03-30 19:30 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2016-04-13 12:16 - 2016-03-30 19:30 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll2016-04-13 12:16 - 2016-03-30 19:30 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll2016-04-13 12:16 - 2016-03-30 19:27 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll2016-04-13 12:16 - 2016-03-30 19:24 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll2016-04-13 12:16 - 2016-03-30 19:23 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2016-04-13 12:16 - 2016-03-30 19:23 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2016-04-13 12:16 - 2016-03-30 19:23 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2016-04-13 12:16 - 2016-03-30 19:21 - 13811712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2016-04-13 12:16 - 2016-03-30 19:18 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2016-04-13 12:16 - 2016-03-30 19:06 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2016-04-13 12:16 - 2016-03-30 19:05 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2016-04-13 12:16 - 2016-03-30 19:02 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2016-04-13 12:16 - 2016-03-30 19:00 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2016-04-13 12:16 - 2016-03-28 09:21 - 00698368 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll2016-04-13 12:16 - 2016-03-28 09:21 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll2016-04-13 12:16 - 2016-03-28 09:21 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll2016-04-13 12:16 - 2016-03-28 09:21 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll2016-04-13 12:16 - 2016-03-28 09:21 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll2016-04-13 12:16 - 2016-03-15 19:00 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys2016-04-13 12:16 - 2016-03-15 10:14 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll2016-04-13 12:16 - 2016-03-11 10:48 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll2016-04-13 12:16 - 2016-03-10 14:22 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys2016-04-13 12:16 - 2016-03-10 14:21 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys2016-04-13 12:16 - 2016-03-10 14:20 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys2016-04-13 12:16 - 2016-03-10 13:44 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll2016-04-13 12:16 - 2016-03-10 13:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll2016-04-13 12:16 - 2016-03-10 13:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll2016-04-13 12:16 - 2016-03-10 12:48 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll2016-04-13 12:14 - 2016-03-10 15:19 - 07452512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2016-04-13 12:14 - 2016-03-10 15:17 - 01663192 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi2016-04-13 12:14 - 2016-03-10 15:17 - 01523216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe2016-04-13 12:14 - 2016-03-10 15:17 - 01490128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi2016-04-13 12:14 - 2016-03-10 15:17 - 01358960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe2016-04-13 12:14 - 2016-03-10 15:17 - 01133752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll2016-04-13 12:14 - 2016-03-10 13:48 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll2016-04-13 12:14 - 2016-03-10 13:43 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll2016-04-13 12:14 - 2016-03-10 12:55 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll2016-04-13 12:14 - 2016-03-10 12:42 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll2016-04-13 12:14 - 2016-03-03 12:47 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll2016-04-13 12:14 - 2016-03-03 12:33 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll2016-04-13 12:14 - 2016-03-02 21:39 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll2016-04-13 12:14 - 2016-03-02 21:39 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll2016-04-13 12:14 - 2016-02-08 21:31 - 22365472 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll2016-04-13 12:14 - 2016-02-08 21:31 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll2016-04-13 12:14 - 2016-02-08 21:31 - 02757616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe2016-04-13 12:14 - 2016-02-08 21:31 - 02412576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe2016-04-13 12:14 - 2016-02-08 21:31 - 00273264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe2016-04-13 12:14 - 2016-02-08 16:55 - 02712576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll2016-04-13 12:14 - 2016-02-08 16:15 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll2016-04-13 12:14 - 2016-02-08 16:02 - 01197056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll2016-04-13 12:14 - 2016-02-08 15:48 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll2016-04-13 12:14 - 2016-02-08 15:43 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe2016-04-13 12:14 - 2016-02-08 15:40 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll2016-04-13 12:14 - 2016-02-08 15:39 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll2016-04-13 12:14 - 2016-02-08 15:37 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll2016-04-13 12:14 - 2016-02-08 15:35 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll2016-04-13 12:14 - 2016-02-08 15:34 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll2016-04-13 12:14 - 2016-02-08 15:33 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll2016-04-13 12:14 - 2016-02-08 14:50 - 03120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll2016-04-13 12:14 - 2016-02-08 13:55 - 02592256 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll2016-04-13 12:14 - 2016-02-08 13:33 - 01278464 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll2016-04-13 12:14 - 2016-02-08 13:12 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll2016-04-13 12:14 - 2016-02-08 13:02 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe2016-04-13 12:14 - 2016-02-08 13:00 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll2016-04-13 12:14 - 2016-02-08 12:58 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll2016-04-13 12:14 - 2016-02-08 12:55 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll2016-04-13 12:14 - 2016-02-08 12:53 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll2016-04-13 12:14 - 2016-02-08 12:53 - 01348096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll2016-04-13 12:14 - 2016-02-08 12:50 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll2016-04-13 12:14 - 2016-02-08 12:50 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll2016-04-13 12:14 - 2016-02-08 12:48 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll2016-04-13 12:14 - 2016-02-08 12:47 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll2016-04-13 12:14 - 2016-02-08 12:44 - 00955392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll2016-04-13 12:14 - 2016-02-06 19:05 - 00551256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys2016-04-13 12:14 - 2016-02-06 18:41 - 00316760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys2016-04-13 12:14 - 2016-02-05 15:07 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys2016-04-13 12:14 - 2016-02-05 11:11 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL2016-04-13 12:14 - 2016-02-05 11:11 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL2016-04-13 12:14 - 2016-02-05 11:07 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL2016-04-13 12:14 - 2016-02-05 11:02 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL2016-04-13 12:14 - 2016-02-05 10:46 - 01455104 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe2016-04-13 12:14 - 2016-02-04 14:07 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpsapi.dll2016-04-13 12:14 - 2016-02-04 13:35 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpsapi.dll2016-04-13 12:14 - 2016-02-04 12:23 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll2016-04-13 12:14 - 2016-02-04 12:22 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll2016-04-13 12:14 - 2016-02-03 11:14 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys2016-04-13 12:14 - 2016-02-03 11:11 - 01673728 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll2016-04-13 12:14 - 2016-02-02 13:51 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll2016-04-13 12:14 - 2016-02-02 13:19 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll2016-04-13 12:14 - 2016-02-02 13:18 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe2016-04-13 12:14 - 2016-02-02 13:15 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll2016-04-13 12:14 - 2016-02-02 13:01 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll2016-04-13 12:14 - 2016-02-02 12:51 - 02609152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll2016-04-13 12:14 - 2016-02-02 12:48 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll2016-04-13 12:14 - 2016-02-02 12:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll2016-04-13 12:14 - 2016-02-02 12:41 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll2016-04-13 12:14 - 2016-02-02 12:39 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll2016-04-13 12:14 - 2016-01-31 13:17 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe2016-04-13 12:14 - 2016-01-27 11:18 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll2016-04-13 12:14 - 2016-01-26 15:15 - 00072024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys2016-04-13 12:14 - 2016-01-22 01:22 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll2016-04-13 12:14 - 2016-01-22 01:11 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll2016-04-13 12:14 - 2016-01-20 18:40 - 00099672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys2016-04-13 12:14 - 2014-11-07 22:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll2016-04-13 12:14 - 2014-11-07 22:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll2016-04-13 12:13 - 2016-03-29 10:05 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2016-04-13 12:13 - 2016-03-03 12:13 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll2016-04-13 11:42 - 2016-04-16 18:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2016-04-18 19:03 - 2014-04-12 16:38 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4136084066-1488815536-574882589-10022016-04-18 19:02 - 2014-11-20 18:16 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B7CEC2C3-DBDF-44CF-BABC-717B3C17A085}2016-04-18 19:02 - 2014-04-12 16:15 - 00000000 ____D C:\Users\Sandra\AppData\Local\SweetLabs App Platform2016-04-18 18:58 - 2014-11-20 18:02 - 00000000 ____D C:\Users\Sandra\OneDrive2016-04-16 19:03 - 2014-09-24 03:15 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI2016-04-16 19:03 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf2016-04-16 18:59 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM2016-04-16 18:56 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2016-04-16 18:56 - 2013-08-22 10:44 - 00506320 _____ C:\WINDOWS\system32\FNTCACHE.DAT2016-04-14 11:38 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI2016-04-14 11:37 - 2014-12-26 14:14 - 00000000 ____D C:\WINDOWS\system32\appraiser2016-04-14 11:37 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData2016-04-14 11:22 - 2014-05-16 08:24 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2016-04-14 10:56 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp2016-04-14 10:55 - 2014-04-13 17:12 - 00002448 _____ C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk2016-04-14 10:53 - 2014-04-14 19:12 - 00000000 ____D C:\WINDOWS\system32\MRT2016-04-14 10:52 - 2015-10-31 09:43 - 00003312 _____ C:\WINDOWS\System32\Tasks\SweetLabs App Platform2016-04-14 10:48 - 2014-04-14 19:12 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2016-04-14 10:40 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness2016-04-13 12:08 - 2016-01-14 18:29 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys2016-04-13 12:07 - 2016-03-12 10:05 - 01737080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll2016-04-13 12:07 - 2016-03-12 10:05 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll2016-04-13 12:07 - 2016-03-12 10:05 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll2016-04-11 11:02 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache2016-04-11 10:25 - 2014-05-11 09:07 - 00000000 ____D C:\ProgramData\Symantec2016-04-08 07:22 - 2014-05-16 08:24 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater2016-04-05 17:53 - 2015-04-18 09:43 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2016-04-05 17:53 - 2015-04-18 09:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2016-04-03 10:53 - 2014-04-12 16:26 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\Nitro PDF2016-03-29 14:53 - 2015-04-07 17:35 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX2016-03-29 14:53 - 2015-04-07 17:35 - 00000000 ___SD C:\WINDOWS\system32\GWX==================== Files in the root of some directories =======2014-07-23 16:06 - 2014-07-23 16:06 - 0037881 _____ () C:\Users\Sandra\AppData\Roaming\Comma Separated Values.ADR2013-09-11 21:54 - 2013-09-11 21:54 - 0000198 ____H () C:\ProgramData\Lenovo-29283.vbsSome files in TEMP:====================C:\Users\Sandra\AppData\Local\Temp\jre-8u31-windows-au.exeC:\Users\Sandra\AppData\Local\Temp\JuniperSetupClientInstaller.exeC:\Users\Sandra\AppData\Local\Temp\neoNCSetup64.exeC:\Users\Sandra\AppData\Local\Temp\oct116D.tmp.exeC:\Users\Sandra\AppData\Local\Temp\oct1DDB.tmp.exeC:\Users\Sandra\AppData\Local\Temp\oct31C0.tmp.exeC:\Users\Sandra\AppData\Local\Temp\oct5535.tmp.exeC:\Users\Sandra\AppData\Local\Temp\oct7A78.tmp.exeC:\Users\Sandra\AppData\Local\Temp\oct7C3F.tmp.exeC:\Users\Sandra\AppData\Local\Temp\octA0B1.tmp.exeC:\Users\Sandra\AppData\Local\Temp\octAE49.tmp.exeC:\Users\Sandra\AppData\Local\Temp\octB698.tmp.exeC:\Users\Sandra\AppData\Local\Temp\octBB2.tmp.exeC:\Users\Sandra\AppData\Local\Temp\octC9B.tmp.exeC:\Users\Sandra\AppData\Local\Temp\octCB1B.tmp.exeC:\Users\Sandra\AppData\Local\Temp\octFEAC.tmp.exe==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\wininit.exe => File is digitally signedC:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\SysWOW64\explorer.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\SysWOW64\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\SysWOW64\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\SysWOW64\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\dnsapi.dll => File is digitally signedC:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2016-04-01 15:50==================== End of FRST.txt ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016Ran by Sandra (2016-04-18 19:08:59)Running from C:\Users\Sandra\DownloadsWindows 8.1 (X64) (2014-11-20 21:58:10)Boot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-4136084066-1488815536-574882589-500 - Administrator - Disabled)Guest (S-1-5-21-4136084066-1488815536-574882589-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-4136084066-1488815536-574882589-1006 - Limited - Enabled)Sandra (S-1-5-21-4136084066-1488815536-574882589-1002 - Administrator - Enabled) => C:\Users\Sandra==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Symantec Endpoint Protection (Enabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Symantec Endpoint Protection (Enabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}FW: Symantec Endpoint Protection (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}==================== Installed Programs ======================(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon) <==== ATTENTIONAMD Catalyst Install Manager (HKLM\...\{C10D88EF-0AA9-7E56-CB0E-78C390D90A4D}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.0 - AppEx Networks)Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.4.0.8014 - Citrix Systems, Inc.)Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.9) (Version: 5.0.0.9 - Coupons.com Incorporated)CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) HiddenDriver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)EPSON Artisan 50 Series Printer Uninstall (HKLM\...\EPSON Artisan 50 Series) (Version:  - SEIKO EPSON Corporation)Epson CreativeZone (HKLM-x32\...\{E6C82F8F-2031-4825-8CC3-98C5960875C1}) (Version:  - )Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)FontForge version 1.0 (HKLM-x32\...\{16CB5DA9-AB24-4F1E-9D55-C088245B8120}_is1) (Version: 1.0 - Download Freely, LLC)FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.83.01 - Exent Technologies)Game Arcade (HKU\S-1-5-21-4136084066-1488815536-574882589-1002\...\Pokki_8c0fb60d03e3ff6fd84a1ee0ac970f06a99b8304) (Version: 1.0.2.40574 - Pokki)Host App Service (HKU\S-1-5-21-4136084066-1488815536-574882589-1002\...\SweetLabs_AP) (Version: 0.269.7.927 - Pokki)Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)join.me (HKU\S-1-5-21-4136084066-1488815536-574882589-1002\...\JoinMe) (Version: 1.15.0.136 - LogMeIn, Inc.)Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.30599 - Juniper Networks)Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) HiddenLenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) HiddenLenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1511 - CyberLink Corp.)Lenovo Rescue System (Version: 4.0.0.1511 - CyberLink Corp.) HiddenLenovo Solution Center (HKLM\...\{13BD494D-9ACD-420B-A291-E145DED92EF6}) (Version: 2.6.001.00 - Lenovo Group Limited)LTCM Client (HKLM-x32\...\LTCM Client) (Version:  - Leader Technologies Inc.)LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2 - Mozilla)Nitro Pro 8 (HKLM\...\{5B441131-BBE4-4AB7-BBD2-974B9E6F5587}) (Version: 8.5.4.11 - Nitro)Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) HiddenOnline Plug-in (x32 Version: 14.4.0.8014 - Citrix Systems, Inc.) HiddenPulse Secure Network Connect 8.1 (HKLM-x32\...\Pulse Secure Network Connect 8.1) (Version: 8.1.4.37085 - Pulse Secure, LLC)Pulse Secure Setup Client (HKU\S-1-5-21-4136084066-1488815536-574882589-1002\...\Juniper_Setup_Client) (Version: 8.1.4.60057 - Pulse Secure, LLC)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.7.1025.2012 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6864 - Realtek Semiconductor Corp.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)Self-service Plug-in (x32 Version: 4.4.0.11833 - Citrix Systems, Inc.) HiddenShared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)Start Menu (HKU\S-1-5-21-4136084066-1488815536-574882589-1002\...\SweetLabs_Start_Menu) (Version: 0.269.7.927 - Pokki)SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)Symantec Endpoint Protection (HKLM\...\{A5DCF955-5D4A-471D-8CB3-DCFDF5C5DEE7}) (Version: 12.1.5337.5000 - Symantec Corporation)==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {258C1C75-C8E8-484B-AA43-7071E4F6D0FC} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-03] (Lenovo)Task: {29D8A275-4965-4B1B-A085-69C5CF15DD20} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-03] ()Task: {2F44FE90-EB0B-447E-AF75-5DA1086750E7} - System32\Tasks\SweetLabs App Platform => C:\Users\Sandra\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-04-14] (Pokki)Task: {30550B12-A1F0-46B0-AABC-DE297B2C2136} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()Task: {4E755C26-1489-4169-972B-02721223FE45} - System32\Tasks\Lenovo\Lenovo-29283 => C:\ProgramData\Lenovo-29283.vbs [2013-09-11] ()Task: {54E7345A-62AA-4E28-BA88-66EA3AB07F69} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-31] (Microsoft Corporation)Task: {62E299CF-DE32-45F1-98B8-256DC404FF2D} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-09-03] (Lenovo)Task: {65CA9170-178E-406B-8E6B-6364766DC0F9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)Task: {95F0A614-C128-4DFE-A393-AF0AD49D6C0D} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()Task: {9B0B0C34-9715-420A-A202-64729C9727F4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)Task: {A3196D2D-E999-4151-AD0B-57504A623DEA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)Task: {AB7A5C4F-EAB4-4B80-86CF-45BFD9F97FC3} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-03] ()Task: {CB32C681-771C-4295-8CAE-4FB83CD57A2E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-31] (Microsoft Corporation)Task: {D6229634-164F-4D22-AFD4-663302F7ABAB} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-09-03] (Lenovo)Task: {EA930DAA-3BB4-4DB0-A080-3AA0D988AD35} - System32\Tasks\MsgUpdateCheck (de5e9f60-5adf-404f-9048-3ab8bfd91685) => C:\SmartDraw CI\MarkedUp\tray\TrayNotifierNET35.exe [2014-08-20] (MarkedUp Inc)Task: {EC2A0109-69A5-4ADE-A7C6-AF94E64B2415} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)Task: {FA3ECF91-2F01-4B66-BADF-04874D5B5214} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-14] (Microsoft Corporation)(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe==================== Shortcuts =============================(The entries could be listed to be restored or removed.)ShortcutWithArgument: C:\Users\Sandra\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\13849309640.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -pinnedSite -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0xae86fc1c -pinnedTimeHigh 0x01cf097f -securityFlags 0x00000000 -url 0x00000021 hxxps://[URL="http://www.facebook.com/home.php"]www.facebook.com/home.php[/URL]==================== Loaded Modules (Whitelisted) ==============2014-07-22 15:55 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2013-09-11 21:51 - 2011-08-16 23:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe2013-09-11 22:15 - 2013-05-14 14:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe2015-10-31 09:48 - 2015-09-01 12:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2015-07-03 12:40 - 2015-07-03 12:40 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll2013-09-11 21:51 - 2011-08-16 23:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe2014-07-04 22:33 - 2014-07-04 22:33 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll2013-09-11 21:51 - 2011-05-17 16:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll2009-12-04 19:59 - 2009-12-04 19:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll2009-12-04 20:04 - 2009-12-04 20:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll2016-02-28 09:16 - 2016-02-28 09:16 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll2015-05-03 19:51 - 2015-05-03 19:52 - 01754296 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\tmpod.dll2016-02-28 09:16 - 2016-02-28 09:16 - 01032360 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll2016-04-13 19:00 - 2016-04-13 19:00 - 00569856 _____ () C:\Users\Sandra\AppData\Local\SweetLabs App Platform\Engine\ppGoogleNaClPluginChrome.dll2016-04-13 19:00 - 2016-04-13 19:00 - 01400846 _____ () C:\Users\Sandra\AppData\Local\SweetLabs App Platform\Engine\avcodec-54.dll2016-04-13 19:00 - 2016-04-13 19:00 - 00151054 _____ () C:\Users\Sandra\AppData\Local\SweetLabs App Platform\Engine\avutil-51.dll2016-04-13 19:00 - 2016-04-13 19:00 - 00222734 _____ () C:\Users\Sandra\AppData\Local\SweetLabs App Platform\Engine\avformat-54.dll2014-07-22 15:27 - 2015-07-22 20:40 - 00122024 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll2016-02-28 09:16 - 2016-02-28 09:16 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)==================== Safe Mode (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"==================== EXE Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)IE trusted site: HKU\S-1-5-21-4136084066-1488815536-574882589-1002\...\wellington.com -> hxxps://mypc-wdc.wellington.com==================== Hosts content: ===============================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2013-08-22 09:25 - 2015-12-21 04:22 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-4136084066-1488815536-574882589-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaperDNS Servers: 75.75.75.75 - 75.75.76.76HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{E65916E1-182B-4F0A-827A-AA615892CAB9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exeFirewallRules: [{87C94900-338D-43C3-9452-1D652247C122}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exeFirewallRules: [{2F1A8C4F-AE37-4B11-BA5A-F33277B7A9FC}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exeFirewallRules: [{CA731E3A-C41C-4DCF-B539-21A5C777D287}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exeFirewallRules: [{C93CBD10-7E13-446E-9372-6333F01939F4}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exeFirewallRules: [{4E5E57A1-13D1-4877-84CD-CD027390B7F0}] => (Block) C:\program files (x86)\citrix\ica client\wfica32.exeFirewallRules: [{11EA10D8-3D54-414A-BCD9-550A580276BC}] => (Block) C:\program files (x86)\citrix\ica client\wfica32.exeFirewallRules: [UDP Query User{D4A695E9-666E-486A-A76C-825EF2CC4E1A}C:\program files (x86)\citrix\ica client\wfica32.exe] => (Allow) C:\program files (x86)\citrix\ica client\wfica32.exeFirewallRules: [TCP Query User{9CC28B22-6BD0-442F-AD71-48EE20794781}C:\program files (x86)\citrix\ica client\wfica32.exe] => (Allow) C:\program files (x86)\citrix\ica client\wfica32.exeFirewallRules: [{671582AD-CA99-46FC-92FA-A71819516C0D}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exeFirewallRules: [{443F1380-6E8C-4037-8BE6-426BFC029B72}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exeFirewallRules: [{898D6789-A6CA-4BE4-895E-5B464EA43521}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXEFirewallRules: [{8468A450-BDFE-4BBD-94BF-663C9E451CD3}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXEFirewallRules: [{6E83C269-E89B-48AE-90CF-017C4B6D6061}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exeFirewallRules: [{EC15E5CA-6B2A-4E97-966A-A671D639B2F6}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exeFirewallRules: [{349A7CC9-E40C-4293-B7A8-E5EF43D7CD50}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exeFirewallRules: [{AA40132A-51D9-4ED6-A4FA-F1468743E5A0}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exeFirewallRules: [{7B20FBFB-B116-4D4A-BE8A-A9C15577EAAD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exeFirewallRules: [{AC9318ED-27A6-4A13-AC7B-E572E348ED78}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\Smc.exeFirewallRules: [{D467FA14-B2E3-4D5F-BDA7-D77619B0EB4B}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\Smc.exeFirewallRules: [{FFABB08F-C0BA-4167-BC64-8FD6574898C9}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exeFirewallRules: [{DE437B27-C8FD-4A05-9044-FD86234A5153}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exeFirewallRules: [{36E8D81D-40D5-49E7-BE58-22DED0DF9F58}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exeFirewallRules: [{B79390B7-2E7B-407E-815F-23FAFED1C266}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe==================== Restore Points =========================16-03-2016 20:06:09 Installed DirectX29-03-2016 14:35:18 Windows Update11-04-2016 10:56:52 Scheduled Checkpoint==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (04/13/2016 11:49:00 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: firefox.exe, version: 0.0.0.0, time stamp: 0x57070ec1Faulting module name: xul.dll, version: 0.0.0.0, time stamp: 0x57071d18Exception code: 0x80000003Fault offset: 0x008d9d45Faulting process id: 0x15f0Faulting application start time: 0xfirefox.exe0Faulting application path: firefox.exe1Faulting module path: firefox.exe2Report Id: firefox.exe3Faulting package full name: firefox.exe4Faulting package-relative application ID: firefox.exe5Error: (04/11/2016 10:05:42 AM) (Source: SideBySide) (EventID: 9) (User: )Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.The manifest file root element must be assembly.Error: (04/11/2016 10:05:36 AM) (Source: SideBySide) (EventID: 35) (User: )Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.Component identity found in manifest does not match the identity of the component requested.Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".Please use sxstrace.exe for detailed diagnosis.Error: (04/11/2016 09:59:04 AM) (Source: SideBySide) (EventID: 9) (User: )Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.The manifest file root element must be assembly.Error: (04/11/2016 09:58:48 AM) (Source: SideBySide) (EventID: 35) (User: )Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.Component identity found in manifest does not match the identity of the component requested.Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".Please use sxstrace.exe for detailed diagnosis.Error: (04/11/2016 09:46:15 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program firefox.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 16a8Start Time: 01d193f720a5ad9cTermination Time: 4294967295Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exeReport Id: c1a77cbc-ffeb-11e5-beab-7427eac7c62fFaulting package full name:Faulting package-relative application ID:Error: (04/11/2016 09:38:24 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program setup-stub.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 1ed8Start Time: 01d193f7518398d9Termination Time: 0Application Path: C:\Users\Sandra\AppData\Local\Temp\7zS134A.tmp\setup-stub.exeReport Id: a66cb298-ffea-11e5-beab-7427eac7c62fFaulting package full name:Faulting package-relative application ID:Error: (04/08/2016 05:30:49 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program firefox.exe version 45.0.1.5918 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 1c5cStart Time: 01d191da783815d0Termination Time: 4294967295Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exeReport Id: 254ce693-fdd1-11e5-beab-7427eac7c62fFaulting package full name:Faulting package-relative application ID:Error: (03/30/2016 02:33:59 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 170Start Time: 01d18ab11fc58d17Termination Time: 4294967295Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exeReport Id: e9199022-f6a5-11e5-beab-7427eac7c62fFaulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweFaulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1Error: (03/19/2016 10:11:53 AM) (Source: Microsoft Office 15) (EventID: 2000) (User: )Description: Microsoft Outlook: Accepted Safe Mode action : Outlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.Do you want to start in safe mode?.Accepted Safe Mode action : Microsoft Outlook.System errors:=============Error: (04/16/2016 07:20:03 PM) (Source: DCOM) (EventID: 10010) (User: BABYCAKES)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}Error: (04/16/2016 07:20:03 PM) (Source: DCOM) (EventID: 10010) (User: BABYCAKES)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}Error: (04/16/2016 07:20:03 PM) (Source: DCOM) (EventID: 10010) (User: BABYCAKES)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}Error: (04/16/2016 07:20:03 PM) (Source: DCOM) (EventID: 10010) (User: BABYCAKES)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}Error: (04/16/2016 07:20:02 PM) (Source: DCOM) (EventID: 10010) (User: BABYCAKES)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}Error: (04/16/2016 07:20:02 PM) (Source: DCOM) (EventID: 10010) (User: BABYCAKES)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}Error: (04/16/2016 06:56:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Coupon Printer Service service failed to start due to the following error: %%2Error: (04/16/2016 06:56:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: %%31Error: (04/16/2016 06:56:24 PM) (Source: APXACC) (EventID: 1003) (User: )Description: The NDIS6 LWF initialization has failed. (0xC0000001)Error: (04/13/2016 01:28:43 PM) (Source: DCOM) (EventID: 10010) (User: BABYCAKES)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}CodeIntegrity:===================================  Date: 2015-07-03 12:35:56.823  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-07-03 12:35:56.338  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-07-03 12:35:55.854  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-07-03 12:35:54.729  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-07-03 12:35:54.166  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-07-03 12:35:38.729  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-07-03 12:35:38.135  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-07-03 12:35:37.635  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-07-03 12:35:37.088  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-07-03 12:35:36.479  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.==================== Memory info ===========================Processor: AMD A6-5200 APU with Radeon(TM) HD Graphics Percentage of memory in use: 38%Total physical RAM: 5551.02 MBAvailable physical RAM: 3389.63 MBTotal Virtual: 6447.02 MBAvailable Virtual: 3985.05 MB==================== Drives ================================Drive c: (Windows8_OS) (Fixed) (Total:904.81 GB) (Free:855.96 GB) NTFS ==>[system with boot components (obtained from drive)]Drive e: (Seagate Expansion Drive) (Fixed) (Total:1863.02 GB) (Free:1853.45 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 931.5 GB) (Disk ID: 74BBD78D)Partition: GPT.========================================================Disk: 1 (Size: 1863 GB) (Disk ID: 90A0DBAA)Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)==================== End of Addition.txt ============================[/code]</blockquote>

Verification

Top