Here's the FRST,
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-04-2015 01
Ran by Debra (administrator) on MYBABY on 19-04-2015 15:09:13
Running from C:\Users\Debra\Desktop
Loaded Profiles: Debra (Available profiles: Debra & Administrator)
Platform: Windows 8.1 (Update 1) (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(magicJack L.P.) C:\Users\Debra\AppData\Roaming\mjusbsp\magicJack.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-09-05] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-1298665756-2822785880-394653188-1001\...\Run: [cdloader] => C:\Users\Debra\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1298665756-2822785880-394653188-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...47&ocid=U147DHP
HKU\S-1-5-21-1298665756-2822785880-394653188-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-1298665756-2822785880-394653188-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-05] (Windows ® Win 7 DDK provider) [File not signed]
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [202744 2014-04-10] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] ()
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-05] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-19 15:09 - 2015-04-19 15:09 - 00010268 _____ () C:\Users\Debra\Desktop\FRST.txt
2015-04-19 05:19 - 2015-04-19 05:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-19 05:19 - 2015-04-01 11:16 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-19 00:57 - 2015-04-19 06:07 - 00000000 ____D () C:\Windows.old
2015-04-19 00:57 - 2015-04-19 00:57 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2015-04-18 22:49 - 2015-04-18 22:49 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2015-04-18 22:49 - 2015-04-18 22:49 - 00000000 ____D () C:\Users\Debra\AppData\Roaming\Canon
2015-04-18 22:48 - 2015-04-18 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3500 series User Registration
2015-04-18 22:48 - 2013-02-04 15:10 - 00321536 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_BVL.dll
2015-04-18 22:48 - 2012-11-26 12:32 - 00088576 _____ () C:\WINDOWS\SysWOW64\CNC176ED.TBL
2015-04-18 22:48 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll
2015-04-18 22:47 - 2015-04-18 22:47 - 00002039 _____ () C:\Users\Public\Desktop\Canon Quick Menu.lnk
2015-04-18 22:47 - 2015-04-18 22:47 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2015-04-18 22:42 - 2015-04-18 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-04-18 22:42 - 2015-04-18 22:48 - 00000000 ____D () C:\Program Files\Canon
2015-04-18 22:42 - 2015-04-18 22:42 - 00002380 _____ () C:\Users\Public\Desktop\Canon MG3500 series On-screen Manual.lnk
2015-04-18 22:42 - 2015-04-18 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3500 series Manual
2015-04-18 22:41 - 2015-04-18 22:41 - 00000000 ___HD () C:\Program Files\CanonBJ
2015-04-18 22:40 - 2015-04-18 22:49 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-04-18 22:39 - 2015-04-18 22:48 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-04-18 22:39 - 2015-04-18 22:39 - 00000000 ___HD () C:\ProgramData\CanonIJETV
2015-04-18 22:07 - 2015-04-18 22:07 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-04-18 21:57 - 2015-04-18 21:57 - 00001068 _____ () C:\Users\Debra\Desktop\magicJack.lnk
2015-04-18 21:57 - 2015-04-18 21:57 - 00001054 _____ () C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2015-04-18 21:57 - 2015-04-18 21:57 - 00000000 ____D () C:\Users\Debra\AppData\Local\magicJack
2015-04-18 21:57 - 2015-04-18 21:57 - 00000000 ____D () C:\ProgramData\magicJack
2015-04-18 21:56 - 2015-04-18 21:57 - 00000000 ____D () C:\Users\Debra\AppData\Roaming\mjusbsp
2015-04-18 21:48 - 2015-04-18 21:48 - 00001128 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2015-04-18 21:48 - 2015-04-18 21:48 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-04-18 21:47 - 2015-04-18 21:47 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2015-04-18 21:43 - 2015-04-18 21:43 - 00000000 ____D () C:\Users\Debra\Desktop\OpenOffice 4.1.1 (en-US) Installation Files
2015-04-18 21:31 - 2015-04-18 21:31 - 00000000 ____D () C:\Users\Debra\AppData\Roaming\Macromedia
2015-04-18 21:27 - 2015-04-18 22:24 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1298665756-2822785880-394653188-1001
2015-04-18 21:24 - 2015-04-18 21:24 - 00000000 __SHD () C:\Users\Debra\AppData\Local\EmieUserList
2015-04-18 21:24 - 2015-04-18 21:24 - 00000000 __SHD () C:\Users\Debra\AppData\Local\EmieSiteList
2015-04-18 21:24 - 2015-04-18 21:24 - 00000000 ____D () C:\Users\Debra\AppData\Roaming\Intel Corporation
2015-04-18 21:23 - 2015-04-18 21:23 - 00000000 ___RD () C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-04-18 21:23 - 2015-04-18 21:23 - 00000000 ____D () C:\Users\Debra\AppData\Roaming\Atheros
2015-04-18 21:23 - 2015-04-18 21:23 - 00000000 ____D () C:\Users\Debra\AppData\Local\Power2Go8
2015-04-18 21:23 - 2015-04-18 21:23 - 00000000 ____D () C:\Users\Debra\AppData\Local\BMExplorer
2015-04-18 21:23 - 2015-04-18 21:23 - 00000000 ____D () C:\ProgramData\Atheros
2015-04-18 21:22 - 2015-04-18 21:23 - 00000000 ____D () C:\Users\Debra\AppData\Local\PackageStaging
2015-04-18 21:22 - 2015-04-18 21:22 - 00009038 _____ () C:\Users\Debra\Desktop\Removed Apps.html
2015-04-18 21:22 - 2015-04-18 21:22 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-04-18 21:21 - 2015-04-18 21:21 - 00001444 _____ () C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-18 21:21 - 2015-04-18 21:21 - 00000000 ____D () C:\Users\Debra\AppData\Roaming\Adobe
2015-04-18 21:21 - 2015-04-18 21:21 - 00000000 ____D () C:\Users\Debra\AppData\Local\VirtualStore
2015-04-18 21:20 - 2015-04-18 21:20 - 00000020 ___SH () C:\Users\Debra\ntuser.ini
2015-04-18 21:06 - 2013-02-04 15:12 - 00367104 _____ (CANON INC.) C:\WINDOWS\system32\CNC_BVL.dll
2015-04-18 21:06 - 2012-11-26 12:32 - 00088576 _____ () C:\WINDOWS\system32\CNC176ED.TBL
2015-04-18 21:06 - 2012-11-08 13:04 - 00282624 _____ (CANON INC.) C:\WINDOWS\system32\CNC_BVC.dll
2015-04-18 21:06 - 2012-11-08 13:03 - 00106496 _____ (CANON INC.) C:\WINDOWS\system32\CNC_BVI.dll
2015-04-18 21:06 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA6.dll
2015-04-18 21:05 - 2015-04-18 21:05 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-04-18 21:05 - 2013-04-04 05:00 - 00391168 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMBV.DLL
2015-04-18 21:01 - 2015-04-18 21:01 - 00001432 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2015-04-18 21:00 - 2015-04-18 21:21 - 00000000 ____D () C:\Users\Debra
2015-04-18 21:00 - 2014-09-11 21:13 - 00000000 ___RD () C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-18 21:00 - 2014-03-18 06:06 - 00000000 ___RD () C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-18 21:00 - 2014-03-18 05:54 - 00000369 _____ () C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-04-18 21:00 - 2014-03-18 05:54 - 00000369 _____ () C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-04-18 21:00 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-18 21:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-18 20:59 - 2015-04-18 21:00 - 00024768 _____ () C:\WINDOWS\diagwrn.xml
2015-04-18 20:59 - 2015-04-18 21:00 - 00024768 _____ () C:\WINDOWS\diagerr.xml
2015-04-18 20:59 - 2015-04-18 20:59 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-04-18 20:43 - 2015-04-18 22:24 - 00000000 ___HD () C:\$SysReset
2015-04-18 15:52 - 2015-04-18 19:11 - 00000000 ____D () C:\Users\Debra\Desktop\FRST-OlderVersion
2015-04-17 22:36 - 2015-04-18 00:43 - 00013824 ___SH () C:\Users\Debra\Desktop\Thumbs.db
2015-04-17 21:20 - 2015-04-19 15:09 - 00000000 ____D () C:\FRST
2015-04-17 21:19 - 2015-04-18 15:52 - 02098176 _____ (Farbar) C:\Users\Debra\Desktop\FRST64.exe
2015-04-10 19:52 - 2015-04-10 19:52 - 00016384 _____ () C:\Users\Debra\Downloads\Rough Draft 2
2015-04-10 17:02 - 2015-04-10 17:02 - 00020217 _____ () C:\Users\Debra\Documents\Rough Draft.odt
2015-04-10 13:36 - 2015-04-18 20:40 - 00033792 ___SH () C:\Users\Debra\Documents\Thumbs.db
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-19 15:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-19 14:33 - 2014-09-11 21:12 - 01323695 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-19 05:30 - 2013-08-22 11:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-19 00:57 - 2013-08-22 11:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-04-18 22:48 - 2013-08-22 11:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-04-18 22:07 - 2013-08-22 10:46 - 00028741 _____ () C:\WINDOWS\setupact.log
2015-04-18 21:28 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-18 21:24 - 2014-09-11 19:17 - 00000000 __RDO () C:\Users\Debra\OneDrive
2015-04-18 21:21 - 2014-09-11 19:15 - 00000000 ____D () C:\Users\Debra\AppData\Local\Packages
2015-04-18 21:21 - 2014-09-03 02:04 - 00000000 ___DC () C:\WINDOWS\Panther
2015-04-18 21:10 - 2014-03-18 05:53 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-18 21:03 - 2014-09-11 21:31 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-04-18 21:02 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-18 21:00 - 2013-08-22 11:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-18 20:59 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-18 20:59 - 2013-08-22 09:36 - 00000000 __RHD () C:\Users\Default
2015-04-18 20:58 - 2013-08-22 10:44 - 00344624 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-18 20:57 - 2014-09-03 02:04 - 00000000 ____D () C:\DELL
2015-04-18 20:57 - 2014-03-18 05:44 - 00002446 _____ () C:\WINDOWS\PFRO.log
2015-04-18 20:45 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-18 16:36 - 2014-09-11 19:16 - 00000000 ____D () C:\Users\Debra\Documents\Bluetooth Folder
==================== Files in the root of some directories =======
2014-09-11 21:21 - 2014-09-11 21:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-09-11 21:30 - 2014-09-11 21:30 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-09-11 21:27 - 2014-09-11 21:28 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-09-11 21:28 - 2014-09-11 21:29 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-09-11 21:29 - 2014-09-11 21:30 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-09-11 21:27 - 2014-09-11 21:27 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Some content of TEMP:
====================
C:\Users\Debra\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Debra\AppData\Local\Temp\uninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-11 21:07
==================== End Of Log ============================
And the additions.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-04-2015 01
Ran by Debra at 2015-04-19 15:09:48
Running from C:\Users\Debra\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: - Canon Inc.)
Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG3500 series User Registration (HKLM-x32\...\Canon MG3500 series User Registration) (Version: - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Update (HKLM-x32\...\{9E4750A7-90F6-4181-8A8A-B1ADF4216E93}) (Version: 1.0.1059.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
magicJack (HKU\S-1-5-21-1298665756-2822785880-394653188-1001\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros Communications)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
18-04-2015 21:43:46 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2880ED1A-15A0-4555-844C-E9F35174FDDA} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {3EC946D5-4F9F-4DCD-8732-380CCF087C18} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-01] (Microsoft Corporation)
Task: {4F87FBFF-80E6-4BB9-98B7-33DA97702C24} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {5377634F-D342-445C-A3E4-0693DADF806C} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {57D95491-86BF-408E-A86C-ACAE7E621CB4} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {5F3F644D-998C-45C5-BA6F-FFE9EC500D16} - System32\Tasks\PCDBackgroundMonSetup => C:\Program Files\My Dell\pcdrcui.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {79C905F8-00E8-42E2-9EC5-EB54A01E34CA} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
==================== Loaded Modules (whitelisted) ==============
2013-08-22 14:40 - 2013-08-22 14:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-08-22 14:40 - 2013-08-22 14:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-08-22 14:40 - 2013-08-22 14:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2014-09-11 21:32 - 2014-03-12 15:22 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-09-11 21:32 - 2014-03-12 15:22 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-09-11 21:32 - 2014-03-12 15:22 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2013-09-05 02:20 - 2013-09-05 02:20 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-05 02:17 - 2013-09-05 02:17 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-05 02:24 - 2013-09-05 02:24 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2015-04-18 22:49 - 2012-03-27 23:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-09-11 21:20 - 2013-12-09 18:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-09-11 21:28 - 2013-03-04 23:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 14:41 - 2013-03-05 14:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Debra\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1298665756-2822785880-394653188-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-1298665756-2822785880-394653188-500 - Administrator - Disabled) => C:\Users\Administrator
Debra (S-1-5-21-1298665756-2822785880-394653188-1001 - Administrator - Enabled) => C:\Users\Debra
Guest (S-1-5-21-1298665756-2822785880-394653188-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1298665756-2822785880-394653188-1003 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (04/18/2015 10:53:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel® Pentium® CPU G3220 @ 3.00GHz
Percentage of memory in use: 43%
Total physical RAM: 4012.95 MB
Available physical RAM: 2272.54 MB
Total Pagefile: 5420.95 MB
Available Pagefile: 2285.79 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:458 GB) (Free:428.13 GB) NTFS
Drive d: () (Fixed) (Total:3.73 GB) (Free:3.5 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B87D9F38)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: A9573C8B)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)
==================== End Of Log ============================