Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-04-2015 01 Ran by Debra (administrator) on MYBABY on 19-04-2015 15:09:13 Running from C:\Users\Debra\Desktop Loaded Profiles: Debra (Available profiles: Debra & Administrator) Platform: Windows 8.1 (Update 1) (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe (DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Windows\WinStore\WSHost.exe (magicJack L.P.) C:\Users\Debra\AppData\Roaming\mjusbsp\magicJack.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-09-05] ( (Qualcomm®Atheros®)) HKU\S-1-5-21-1298665756-2822785880-394653188-1001\...\Run: [cdloader] => C:\Users\Debra\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1298665756-2822785880-394653188-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U147&ocid=U147DHP HKU\S-1-5-21-1298665756-2822785880-394653188-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) Toolbar: HKU\S-1-5-21-1298665756-2822785880-394653188-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation) ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-05] (Windows (R) Win 7 DDK provider) [File not signed] S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [202744 2014-04-10] (Dell Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] () R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation) R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] () R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-05] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-19 15:09 - 2015-04-19 15:09 - 00010268 _____ () C:\Users\Debra\Desktop\FRST.txt 2015-04-19 05:19 - 2015-04-19 05:20 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-04-19 05:19 - 2015-04-01 11:16 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-04-19 00:57 - 2015-04-19 06:07 - 00000000 ____D () C:\Windows.old 2015-04-19 00:57 - 2015-04-19 00:57 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff 2015-04-18 22:49 - 2015-04-18 22:49 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu 2015-04-18 22:49 - 2015-04-18 22:49 - 00000000 ____D () C:\Users\Debra\AppData\Roaming\Canon 2015-04-18 22:48 - 2015-04-18 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3500 series User Registration 2015-04-18 22:48 - 2013-02-04 15:10 - 00321536 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_BVL.dll 2015-04-18 22:48 - 2012-11-26 12:32 - 00088576 _____ () C:\WINDOWS\SysWOW64\CNC176ED.TBL 2015-04-18 22:48 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll 2015-04-18 22:47 - 2015-04-18 22:47 - 00002039 _____ () C:\Users\Public\Desktop\Canon Quick Menu.lnk 2015-04-18 22:47 - 2015-04-18 22:47 - 00000000 ____D () C:\ProgramData\CanonIJWSpt 2015-04-18 22:42 - 2015-04-18 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2015-04-18 22:42 - 2015-04-18 22:48 - 00000000 ____D () C:\Program Files\Canon 2015-04-18 22:42 - 2015-04-18 22:42 - 00002380 _____ () C:\Users\Public\Desktop\Canon MG3500 series On-screen Manual.lnk 2015-04-18 22:42 - 2015-04-18 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3500 series Manual 2015-04-18 22:41 - 2015-04-18 22:41 - 00000000 ___HD () C:\Program Files\CanonBJ 2015-04-18 22:40 - 2015-04-18 22:49 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2015-04-18 22:39 - 2015-04-18 22:48 - 00000000 ____D () C:\Program Files (x86)\Canon 2015-04-18 22:39 - 2015-04-18 22:39 - 00000000 ___HD () C:\ProgramData\CanonIJETV 2015-04-18 22:07 - 2015-04-18 22:07 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf 2015-04-18 21:57 - 2015-04-18 21:57 - 00001068 _____ () C:\Users\Debra\Desktop\magicJack.lnk 2015-04-18 21:57 - 2015-04-18 21:57 - 00001054 _____ () C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk 2015-04-18 21:57 - 2015-04-18 21:57 - 00000000 ____D () C:\Users\Debra\AppData\Local\magicJack 2015-04-18 21:57 - 2015-04-18 21:57 - 00000000 ____D () C:\ProgramData\magicJack 2015-04-18 21:56 - 2015-04-18 21:57 - 00000000 ____D () C:\Users\Debra\AppData\Roaming\mjusbsp 2015-04-18 21:48 - 2015-04-18 21:48 - 00001128 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk 2015-04-18 21:48 - 2015-04-18 21:48 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2015-04-18 21:47 - 2015-04-18 21:47 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2015-04-18 21:43 - 2015-04-18 21:43 - 00000000 ____D () C:\Users\Debra\Desktop\OpenOffice 4.1.1 (en-US) Installation Files 2015-04-18 21:31 - 2015-04-18 21:31 - 00000000 ____D () C:\Users\Debra\AppData\Roaming\Macromedia 2015-04-18 21:27 - 2015-04-18 22:24 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1298665756-2822785880-394653188-1001 2015-04-18 21:24 - 2015-04-18 21:24 - 00000000 __SHD () C:\Users\Debra\AppData\Local\EmieUserList 2015-04-18 21:24 - 2015-04-18 21:24 - 00000000 __SHD () C:\Users\Debra\AppData\Local\EmieSiteList 2015-04-18 21:24 - 2015-04-18 21:24 - 00000000 ____D () C:\Users\Debra\AppData\Roaming\Intel Corporation 2015-04-18 21:23 - 2015-04-18 21:23 - 00000000 ___RD () C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-04-18 21:23 - 2015-04-18 21:23 - 00000000 ____D () C:\Users\Debra\AppData\Roaming\Atheros 2015-04-18 21:23 - 2015-04-18 21:23 - 00000000 ____D () C:\Users\Debra\AppData\Local\Power2Go8 2015-04-18 21:23 - 2015-04-18 21:23 - 00000000 ____D () C:\Users\Debra\AppData\Local\BMExplorer 2015-04-18 21:23 - 2015-04-18 21:23 - 00000000 ____D () C:\ProgramData\Atheros 2015-04-18 21:22 - 2015-04-18 21:23 - 00000000 ____D () C:\Users\Debra\AppData\Local\PackageStaging 2015-04-18 21:22 - 2015-04-18 21:22 - 00009038 _____ () C:\Users\Debra\Desktop\Removed Apps.html 2015-04-18 21:22 - 2015-04-18 21:22 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD 2015-04-18 21:21 - 2015-04-18 21:21 - 00001444 _____ () C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-04-18 21:21 - 2015-04-18 21:21 - 00000000 ____D () C:\Users\Debra\AppData\Roaming\Adobe 2015-04-18 21:21 - 2015-04-18 21:21 - 00000000 ____D () C:\Users\Debra\AppData\Local\VirtualStore 2015-04-18 21:20 - 2015-04-18 21:20 - 00000020 ___SH () C:\Users\Debra\ntuser.ini 2015-04-18 21:06 - 2013-02-04 15:12 - 00367104 _____ (CANON INC.) C:\WINDOWS\system32\CNC_BVL.dll 2015-04-18 21:06 - 2012-11-26 12:32 - 00088576 _____ () C:\WINDOWS\system32\CNC176ED.TBL 2015-04-18 21:06 - 2012-11-08 13:04 - 00282624 _____ (CANON INC.) C:\WINDOWS\system32\CNC_BVC.dll 2015-04-18 21:06 - 2012-11-08 13:03 - 00106496 _____ (CANON INC.) C:\WINDOWS\system32\CNC_BVI.dll 2015-04-18 21:06 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA6.dll 2015-04-18 21:05 - 2015-04-18 21:05 - 00000000 ___HD () C:\ProgramData\CanonBJ 2015-04-18 21:05 - 2013-04-04 05:00 - 00391168 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMBV.DLL 2015-04-18 21:01 - 2015-04-18 21:01 - 00001432 _____ () C:\Users\Administrator\AppData\Local\Application.xml 2015-04-18 21:00 - 2015-04-18 21:21 - 00000000 ____D () C:\Users\Debra 2015-04-18 21:00 - 2014-09-11 21:13 - 00000000 ___RD () C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-04-18 21:00 - 2014-03-18 06:06 - 00000000 ___RD () C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-04-18 21:00 - 2014-03-18 05:54 - 00000369 _____ () C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-04-18 21:00 - 2014-03-18 05:54 - 00000369 _____ () C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-04-18 21:00 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-04-18 21:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-04-18 20:59 - 2015-04-18 21:00 - 00024768 _____ () C:\WINDOWS\diagwrn.xml 2015-04-18 20:59 - 2015-04-18 21:00 - 00024768 _____ () C:\WINDOWS\diagerr.xml 2015-04-18 20:59 - 2015-04-18 20:59 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2015-04-18 20:43 - 2015-04-18 22:24 - 00000000 ___HD () C:\$SysReset 2015-04-18 15:52 - 2015-04-18 19:11 - 00000000 ____D () C:\Users\Debra\Desktop\FRST-OlderVersion 2015-04-17 22:36 - 2015-04-18 00:43 - 00013824 ___SH () C:\Users\Debra\Desktop\Thumbs.db 2015-04-17 21:20 - 2015-04-19 15:09 - 00000000 ____D () C:\FRST 2015-04-17 21:19 - 2015-04-18 15:52 - 02098176 _____ (Farbar) C:\Users\Debra\Desktop\FRST64.exe 2015-04-10 19:52 - 2015-04-10 19:52 - 00016384 _____ () C:\Users\Debra\Downloads\Rough Draft 2 2015-04-10 17:02 - 2015-04-10 17:02 - 00020217 _____ () C:\Users\Debra\Documents\Rough Draft.odt 2015-04-10 13:36 - 2015-04-18 20:40 - 00033792 ___SH () C:\Users\Debra\Documents\Thumbs.db ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-19 15:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-04-19 14:33 - 2014-09-11 21:12 - 01323695 _____ () C:\WINDOWS\WindowsUpdate.log 2015-04-19 05:30 - 2013-08-22 11:20 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-04-19 00:57 - 2013-08-22 11:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template 2015-04-18 22:48 - 2013-08-22 11:36 - 00000000 __RSD () C:\WINDOWS\Media 2015-04-18 22:07 - 2013-08-22 10:46 - 00028741 _____ () C:\WINDOWS\setupact.log 2015-04-18 21:28 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-04-18 21:24 - 2014-09-11 19:17 - 00000000 __RDO () C:\Users\Debra\OneDrive 2015-04-18 21:21 - 2014-09-11 19:15 - 00000000 ____D () C:\Users\Debra\AppData\Local\Packages 2015-04-18 21:21 - 2014-09-03 02:04 - 00000000 ___DC () C:\WINDOWS\Panther 2015-04-18 21:10 - 2014-03-18 05:53 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-04-18 21:03 - 2014-09-11 21:31 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery 2015-04-18 21:02 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-04-18 21:00 - 2013-08-22 11:36 - 00000000 __RHD () C:\Users\Public\Libraries 2015-04-18 20:59 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-04-18 20:59 - 2013-08-22 09:36 - 00000000 __RHD () C:\Users\Default 2015-04-18 20:58 - 2013-08-22 10:44 - 00344624 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-04-18 20:57 - 2014-09-03 02:04 - 00000000 ____D () C:\DELL 2015-04-18 20:57 - 2014-03-18 05:44 - 00002446 _____ () C:\WINDOWS\PFRO.log 2015-04-18 20:45 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-04-18 16:36 - 2014-09-11 19:16 - 00000000 ____D () C:\Users\Debra\Documents\Bluetooth Folder ==================== Files in the root of some directories ======= 2014-09-11 21:21 - 2014-09-11 21:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-09-11 21:30 - 2014-09-11 21:30 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2014-09-11 21:27 - 2014-09-11 21:28 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2014-09-11 21:28 - 2014-09-11 21:29 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2014-09-11 21:29 - 2014-09-11 21:30 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log 2014-09-11 21:27 - 2014-09-11 21:27 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some content of TEMP: ==================== C:\Users\Debra\AppData\Local\Temp\MSETUP4.EXE C:\Users\Debra\AppData\Local\Temp\uninstall.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-11 21:07 ==================== End Of Log ============================