Computer randomly talks stating has a virus and need to call number listed to remove. Also have something at bottom of screen that says partially allows scripts unsure what that is and if I need it! Also when downloading the FBS Tool I told it to save to desktop but it didn't actually save to desktop but did place it in desktop folder.
Thanks
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Sharon (administrator) on SHARON (07-11-2015 19:35:30)
Running from C:\Users\Sharon\Desktop
Loaded Profiles: Sharon (Available Profiles: Sharon & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AECLSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.)
HKLM\...\Run: [Dell Audio] => c:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe [20591616 2012-08-06] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-11-15]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [2015-05-06]
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0x23202020202020203132372E302E302E31202020202020206C6F63616C686F73740D0A00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0A00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0A0D0A2320756E636865636B795F626567696E0D0A232054686573652072756C657320776572652061646465642062792074686520556E636865636B792070726F6772616D20696E206F7264657220746F20626C6F636B206164766572746973696E6720736F667477617265206D6F64756C65730D0A302E302E302E3020302E302E302E3020232066697820666F72207472616365726F75746520616E64206E65747374617420646973706C617920616E6F6D616C790D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D2E73332E616D617A6F6E6177732E636F6D0D0A302E302E302E30206D656469612E6F70656E63616E64792E636F6D0D0A302E302E302E302063646E2E6F70656E63616E64792E636F6D0D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E7265636F6D6D656E64656473772E636F6D0D0A302E302E302E3020696E7374616C6C65722E626574746572696E7374616C6C65722E636F6D0D0A302E302E302E3020696E7374616C6C65722E66696C6562756C6C646F672E636F6D0D0A302E302E302E302064336F78746E31783362386437692E636C6F756466726F6E742E6E65740D0A302E302E302E3020696E6E6F2E62697372762E636F6D0D0A302E302E302E30206E7369732E62697372762E636F6D0D0A302E302E302E302063646E2E66696C65326465736B746F702E636F6D0D0A302E302E302E302063646E2E676F617465617374636163682E75730D0A302E302E302E302063646E2E677574746173746174646B2E75730D0A302E302E302E302063646E2E696E736B696E6D656469612E636F6D0D0A302E302E302E302063646E2E696E7374612E6F6962756E646C6573322E636F6D0D0A302E302E302E302063646E2E696E7374612E706C617962727974652E636F6D0D0A302E302E302E302063646E2E6C6C6F67657466617374636163682E75730D0A302E302E302E302063646E2E6D6F6E74696572612E636F6D0D0A302E302E302E302063646E2E6D7364776E6C642E636F6D0D0A302E302E302E302063646E2E6D7970636261636B75702E636F6D0D0A302E302E302E302063646E2E7070646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E72696365617465617374636163682E75730D0A302E302E302E302063646E2E73687961706F7461746F2E75730D0A302E302E302E302063646E2E736F6C696D62612E636F6D0D0A302E302E302E302063646E2E7475746F3470632E636F6D0D0A302E302E302E302063646E2E617070726F756E642E62697A0D0A302E302E302E302063646E2E626967737065656470726F2E636F6D0D0A302E302E302E302063646E2E62697370642E636F6D0D0A302E302E302E302063646E2E62697372762E636F6D0D0A302E302E302E302063646E2E63646E64702E636F6D0D0A302E302E302E302063646E2E646F776E6C6F61642E73776565747061636B732E636F6D0D0A302E302E302E302063646E2E6470646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E76697375616C6265652E6E65740D0A2320756E636865636B795F656E640D0A
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{7204FB88-CEF4-4C7B-ABCE-DD1932B6CAEA}: [DhcpNameServer] 172.4.1.171
Tcpip\..\Interfaces\{B106E622-B80E-4A9F-8574-46285B460BEC}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Internet Explorer:
==================
HKU\S-1-5-21-4172938740-681052224-3228742750-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-4172938740-681052224-3228742750-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4172938740-681052224-3228742750-1001 -> {1F0EB737-2072-4440-8A18-74BD5E83ED10} URL =
BHO: wiebsavEr -> {feab0c41-e45e-4498-b6d2-a5d07639765a} -> C:\Program Files (x86)\wiebsavEr\HbyUw2qSEjzqiA.x64.dll => No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-04] (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-04] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1l6xnxdx.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: www.msn.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-4172938740-681052224-3228742750-1001: @nsroblox.roblox.com/launcher -> C:\Users\Sharon\AppData\Local\Roblox\Versions\version-8ee76ff82f0348de\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4172938740-681052224-3228742750-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Sharon\AppData\Local\Roblox\Versions\version-8ee76ff82f0348de\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation)
FF Extension: Safe Preview - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1l6xnxdx.default\Extensions\[email protected] [2015-07-26]
FF Extension: NoScript - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1l6xnxdx.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-09-02]
Chrome:
=======
CHR Profile: C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-04]
CHR Extension: (Google Docs) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-04]
CHR Extension: (Google Drive) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-04]
CHR Extension: (Google Docs Offline) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (ArcadeYum) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmbmildjdmppofnohldicmnkojfhggmb [2015-06-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-22]
CHR Extension: (Gmail) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AECLFilters; C:\Windows\system32\AECLSr64.exe [99696 2013-08-29] (Andrea Electronics Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S2 CirrusAudioService; c:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe [7168 2012-08-06] (Cirrus Logic) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [242936 2015-11-05] (RaMMicHaeL)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6824520 2012-07-10] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 CirrusLFD; C:\Windows\system32\DRIVERS\CSLFDx64.sys [41328 2013-08-29] (Cirrus Logic)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-07 19:35 - 2015-11-07 19:36 - 00021897 _____ C:\Users\Sharon\Desktop\FRST.txt
2015-11-07 19:35 - 2015-11-07 19:35 - 00000000 ____D C:\FRST
2015-11-07 19:30 - 2015-11-07 19:30 - 02198528 _____ (Farbar) C:\Users\Sharon\Desktop\FRST64.exe
2015-10-24 10:59 - 2015-10-24 11:01 - 167839512 _____ (Apple Inc.) C:\Users\Sharon\Downloads\iTunes6464Setup (1).exe
2015-10-14 17:22 - 2015-09-18 22:18 - 00035384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-10-14 17:22 - 2015-09-18 08:42 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-10-14 17:22 - 2015-09-18 08:42 - 01163776 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-10-14 17:22 - 2015-09-18 08:42 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-10-14 17:22 - 2015-09-18 08:42 - 00699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-10-14 17:22 - 2015-09-18 08:42 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-10-14 17:22 - 2015-09-18 08:42 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-14 17:22 - 2015-08-22 08:42 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2015-10-14 17:22 - 2015-08-22 08:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:35 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2015-10-14 17:22 - 2015-08-22 08:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 17:22 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 17:22 - 2015-08-07 16:40 - 01134752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-10-14 17:22 - 2015-08-07 16:40 - 00686960 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2015-10-14 17:22 - 2015-08-07 16:40 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2015-10-14 17:22 - 2015-08-07 09:13 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-10-14 17:22 - 2015-08-06 12:05 - 00669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2015-10-14 17:22 - 2015-08-06 11:47 - 04710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2015-10-14 17:22 - 2015-08-06 11:37 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2015-10-14 17:22 - 2015-08-06 11:18 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2015-10-14 17:22 - 2015-07-16 13:58 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll
2015-10-13 19:50 - 2015-09-10 13:02 - 25851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-13 19:50 - 2015-09-10 12:09 - 20358144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-13 19:50 - 2015-08-26 21:43 - 22372152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-13 19:50 - 2015-08-26 21:42 - 19795904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-13 19:49 - 2015-09-10 12:19 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-13 19:49 - 2015-09-10 12:18 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-13 19:49 - 2015-09-10 12:18 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-10-13 19:49 - 2015-09-10 12:14 - 05990400 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-13 19:49 - 2015-09-10 12:06 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-10-13 19:49 - 2015-09-10 12:04 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-13 19:49 - 2015-09-10 11:51 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-10-13 19:49 - 2015-09-10 11:39 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-13 19:49 - 2015-09-10 11:37 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-10-13 19:49 - 2015-09-10 11:37 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-10-13 19:49 - 2015-09-10 11:35 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-10-13 19:49 - 2015-09-10 11:33 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-13 19:49 - 2015-09-10 11:28 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-10-13 19:49 - 2015-09-10 11:28 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-10-13 19:49 - 2015-09-10 11:27 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-13 19:49 - 2015-09-10 11:24 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-13 19:49 - 2015-09-10 11:21 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-10-13 19:49 - 2015-09-10 11:19 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-10-13 19:49 - 2015-09-10 11:19 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-10-13 19:49 - 2015-09-10 11:19 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-10-13 19:49 - 2015-09-10 11:17 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-10-13 19:49 - 2015-09-10 11:17 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-10-13 19:49 - 2015-09-10 11:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-10-13 19:49 - 2015-09-10 11:05 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-10-13 19:49 - 2015-09-10 11:02 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-13 19:49 - 2015-09-10 11:01 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-10-13 19:49 - 2015-09-10 11:00 - 12853760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-13 19:49 - 2015-09-10 10:57 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-13 19:49 - 2015-09-10 10:57 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-10-13 19:49 - 2015-09-10 10:55 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-10-13 19:49 - 2015-09-10 10:55 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-10-13 19:49 - 2015-09-10 10:55 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-10-13 19:49 - 2015-09-10 10:45 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-13 19:49 - 2015-09-10 10:34 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-10-13 19:49 - 2015-09-10 10:31 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-13 19:49 - 2015-09-10 10:27 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-13 19:49 - 2015-09-10 10:26 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-10-13 19:48 - 2015-09-29 07:31 - 07457624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-13 19:48 - 2015-09-29 07:31 - 01658536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-13 19:48 - 2015-09-29 07:31 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-13 19:48 - 2015-09-29 07:31 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-13 19:48 - 2015-09-29 07:31 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-13 19:48 - 2015-09-24 11:42 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2015-10-13 19:48 - 2015-09-24 11:40 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-13 19:48 - 2015-08-07 16:40 - 01736520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-10-13 19:48 - 2015-08-07 16:40 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-10-13 19:47 - 2015-09-29 07:29 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-10-13 19:47 - 2015-09-28 13:45 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-13 19:47 - 2015-09-28 13:26 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-10-13 19:47 - 2015-09-28 13:25 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-10-13 19:47 - 2015-09-28 13:25 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-10-13 19:47 - 2015-09-28 13:25 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-10-13 19:47 - 2015-09-28 13:22 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-10-13 19:47 - 2015-09-28 13:22 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-10-13 19:47 - 2015-09-28 13:22 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-10-13 19:47 - 2015-09-28 13:15 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-10-13 19:47 - 2015-09-28 13:13 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-10-13 19:47 - 2015-09-28 13:12 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-07 19:28 - 2014-12-19 16:52 - 01534700 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-07 19:24 - 2015-04-04 08:55 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-07 19:22 - 2014-11-08 13:11 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4172938740-681052224-3228742750-1001
2015-11-07 19:22 - 2012-11-15 23:17 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-11-07 19:17 - 2015-04-04 08:55 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-07 19:17 - 2014-12-19 18:44 - 00000000 ___RD C:\Users\Sharon\OneDrive
2015-11-07 15:24 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-07 13:54 - 2015-01-18 18:41 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-07 13:42 - 2014-12-19 18:44 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{225CDD63-2F5F-4EB8-AE71-2E7A267CBE60}
2015-11-06 20:01 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-05 20:45 - 2014-09-24 02:15 - 00338442 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-01 18:18 - 2013-08-22 09:46 - 00363480 _____ C:\WINDOWS\setupact.log
2015-10-31 12:17 - 2014-12-19 16:37 - 00000000 ____D C:\Users\Sharon
2015-10-31 11:34 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-28 20:15 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-10-24 12:46 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2015-10-23 14:25 - 2015-04-04 08:55 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-22 20:17 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-17 20:54 - 2015-01-18 18:41 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-10-15 23:51 - 2014-09-24 04:55 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-15 23:51 - 2014-09-24 04:55 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-15 22:15 - 2014-12-13 20:42 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-15 22:15 - 2014-09-24 04:50 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-10-15 22:15 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-10-15 22:00 - 2014-11-08 16:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-15 21:51 - 2014-11-08 16:12 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-13 19:18 - 2015-04-04 09:01 - 00000000 ____D C:\Program Files (x86)\Unchecky
2015-10-08 21:09 - 2015-04-04 17:47 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-10-08 21:06 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
==================== Files in the root of some directories =======
2015-01-14 11:01 - 2015-04-03 14:51 - 0000132 _____ () C:\Users\Sharon\AppData\Roaming\WB.CFG
2015-02-22 19:32 - 2015-02-22 19:32 - 0274045 _____ () C:\Users\Sharon\AppData\Local\dsi1.dat
2015-02-22 19:32 - 2015-02-22 19:32 - 0161916 _____ () C:\Users\Sharon\AppData\Local\dsi2.dat
2015-02-07 15:00 - 2015-02-07 15:00 - 0007605 _____ () C:\Users\Sharon\AppData\Local\Resmon.ResmonCfg
2012-11-15 23:13 - 2012-11-15 23:14 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-11-15 23:09 - 2012-11-15 23:10 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-11-15 23:10 - 2012-11-15 23:11 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-11-15 23:09 - 2012-11-15 23:09 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-11-15 23:12 - 2012-11-15 23:13 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
Some files in TEMP:
====================
C:\Users\Sharon\AppData\Local\Temp\InstallIMVU_518.0.exe
C:\Users\Sharon\AppData\Local\Temp\Quarantine.exe
C:\Users\Sharon\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-03 21:42
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Sharon (2015-11-07 19:36:42)
Running from C:\Users\Sharon\Desktop
Windows 8.1 (X64) (2014-12-19 23:40:18)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4172938740-681052224-3228742750-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-4172938740-681052224-3228742750-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4172938740-681052224-3228742750-1003 - Limited - Enabled)
Sharon (S-1-5-21-4172938740-681052224-3228742750-1001 - Administrator - Enabled) => C:\Users\Sharon
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cirrus Logic Audio Panel (Version: 1.2.10.0 - Cirrus Logic) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.2 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.39 - PC-Doctor, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.210 - ALPS ELECTRIC CO., LTD.)
DSC/AA Factory Installer (Version: 3.2.6032.39 - PC-Doctor, Inc.) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 6.30.59.26 - Dell Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
IMVU Avatar Chat Software (HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\IMVU Avatar chat client software BETA) (Version: - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.003 - Dell Inc.)
ROBLOX Player for Sharon (HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio for Sharon (HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Unchecky v0.4.1 (HKLM-x32\...\Unchecky) (Version: 0.4.1 - RaMMicHaeL)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 12.0.0.1600 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4172938740-681052224-3228742750-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Sharon\AppData\Local\Roblox\Versions\version-8ee76ff82f0348de\RobloxProxy64.dll (ROBLOX Corporation)
==================== Restore Points =========================
15-10-2015 21:44:41 Windows Update
22-10-2015 20:15:27 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2015-11-05 22:25 - 00003577 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0x23202020202020203132372E302E302E31202020202020206C6F63616C686F73740D0A00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0A00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0A0D0A2320756E636865636B795F626567696E0D0A232054686573652072756C657320776572652061646465642062792074686520556E636865636B792070726F6772616D20696E206F7264657220746F20626C6F636B206164766572746973696E6720736F667477617265206D6F64756C65730D0A302E302E302E3020302E302E302E3020232066697820666F72207472616365726F75746520616E64206E65747374617420646973706C617920616E6F6D616C790D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D2E73332E616D617A6F6E6177732E636F6D0D0A302E302E302E30206D656469612E6F70656E63616E64792E636F6D0D0A302E302E302E302063646E2E6F70656E63616E64792E636F6D0D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E7265636F6D6D656E64656473772E636F6D0D0A302E302E302E3020696E7374616C6C65722E626574746572696E7374616C6C65722E636F6D0D0A302E302E302E3020696E7374616C6C65722E66696C6562756C6C646F672E636F6D0D0A302E302E302E302064336F78746E31783362386437692E636C6F756466726F6E742E6E65740D0A302E302E302E3020696E6E6F2E62697372762E636F6D0D0A302E302E302E30206E7369732E62697372762E636F6D0D0A302E302E302E302063646E2E66696C65326465736B746F702E636F6D0D0A302E302E302E302063646E2E676F617465617374636163682E75730D0A302E302E302E302063646E2E677574746173746174646B2E75730D0A302E302E302E302063646E2E696E736B696E6D656469612E636F6D0D0A302E302E302E302063646E2E696E7374612E6F6962756E646C6573322E636F6D0D0A302E302E302E302063646E2E696E7374612E706C617962727974652E636F6D0D0A302E302E302E302063646E2E6C6C6F67657466617374636163682E75730D0A302E302E302E302063646E2E6D6F6E74696572612E636F6D0D0A302E302E302E302063646E2E6D7364776E6C642E636F6D0D0A302E302E302E302063646E2E6D7970636261636B75702E636F6D0D0A302E302E302E302063646E2E7070646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E72696365617465617374636163682E75730D0A302E302E302E302063646E2E73687961706F7461746F2E75730D0A302E302E302E302063646E2E736F6C696D62612E636F6D0D0A302E302E302E302063646E2E7475746F3470632E636F6D0D0A302E302E302E302063646E2E617070726F756E642E62697A0D0A302E302E302E302063646E2E626967737065656470726F2E636F6D0D0A302E302E302E302063646E2E62697370642E636F6D0D0A302E302E302E302063646E2E62697372762E636F6D0D0A302E302E302E302063646E2E63646E64702E636F6D0D0A302E302E302E302063646E2E646F776E6C6F61642E73776565747061636B732E636F6D0D0A302E302E302E302063646E2E6470646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E76697375616C6265652E6E65740D0A2320756E636865636B795F656E640D0A
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {077EEB46-E583-4A3D-9AA1-E5DE4FE04952} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {27F9BB94-A37C-4E07-BE04-21BA5AFB445F} - \DonutQuotes -> No File <==== ATTENTION
Task: {2A4E79DE-2EF5-42F6-96BB-75FCE5553FC0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-04] (Google Inc.)
Task: {4093BBDB-FAE8-4D04-BF92-197D1FA73493} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-15] (Microsoft Corporation)
Task: {8C92774B-76F1-4BD2-8CBC-25243C7AF2E3} - System32\Tasks\{D2EE8D0A-BDF2-4820-A71B-4DBC257E80F0} => pcalua.exe -a "C:\Program Files\McAfee\MSC\mcuihost.exe" -c /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall
Task: {ABFED921-AAA2-4CA9-A2F7-0670D84F782F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-04] (Google Inc.)
Task: {D9B520B6-83A4-43FE-A19E-72B4EE158A48} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-07-17] (PC-Doctor, Inc.)
Task: {DB099F06-1AD8-426F-9839-115FD371A254} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
Task: {F7471AE0-AD47-410F-8509-BC1DB231C111} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {F817E342-69BB-4111-BD34-83FE3920CF7A} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-07-17] (PC-Doctor, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-09-15 13:25 - 2015-09-15 13:25 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 13:25 - 2015-09-15 13:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-07-19 14:53 - 2012-07-19 14:53 - 00043384 _____ () c:\Program Files\WIDCOMM\Bluetooth Software\BtwLeAPI.dll
2012-11-15 23:11 - 2012-04-24 21:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-03-02 18:35 - 2014-10-28 22:59 - 01029952 _____ () C:\Windows\System32\speech\engines\tts\MSTTSEngine.dll
2012-08-06 20:16 - 2012-08-06 20:16 - 20591616 _____ () C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
2012-08-06 20:16 - 2012-08-06 20:16 - 03765248 _____ () C:\Program Files\Cirrus Logic Audio Panel\en-US\CirrusAudioPanel_Dell.resources.dll
2012-08-06 20:16 - 2012-08-06 20:16 - 00048128 _____ () C:\Program Files\Cirrus Logic Audio Panel\CoreAudioApi.dll
2012-08-06 20:16 - 2012-08-06 20:16 - 00013312 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizationControlsLib.dll
2012-08-06 20:16 - 2012-08-06 20:16 - 00270848 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizeLanguage.dll
2012-08-06 20:16 - 2012-08-06 20:16 - 00011776 _____ () C:\Program Files\Cirrus Logic Audio Panel\ExtendedWindowsControls.dll
2014-01-30 00:02 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-12-27 19:51 - 2014-12-27 19:51 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\80a14cd14e9579821dba2282b4349fef\PSIClient.ni.dll
2012-11-15 23:00 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-11-15 23:17 - 2012-09-12 22:18 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2012-11-15 23:17 - 2012-08-06 11:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2012-11-15 23:17 - 2012-08-06 11:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2012-11-15 23:10 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4172938740-681052224-3228742750-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{00F3CE9B-4F18-4743-9115-8047FF472335}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{4DDE5DDF-45A3-4863-99F0-D9393CAF0459}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{DD97F78A-676A-478D-90D2-E1853FE07174}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3F008B04-B9D7-4D06-BA95-07F949DA3149}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BB6EDA58-1DC4-4B5A-A22A-824B1C0B0269}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BA462135-D725-4CEA-9973-1A17CAAE8671}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5D5A0562-0E58-428F-B99F-8CC64FF62733}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{52A2CB9A-81E4-4F4B-A9F1-72AF1606BCE3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{91479EE5-DF83-4FB9-ABF2-7DEFDD02112B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{486432F1-6A19-48F8-9B80-63DE458B556C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/06/2015 10:54:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea1bbd
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x4b14
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5
Error: (11/05/2015 12:25:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14594
Error: (11/05/2015 12:25:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14594
Error: (11/05/2015 12:25:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/05/2015 12:24:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13297
Error: (11/05/2015 12:24:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13297
Error: (11/05/2015 12:24:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/05/2015 12:24:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12047
Error: (11/05/2015 12:24:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12047
Error: (11/05/2015 12:24:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (10/31/2015 11:34:51 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:37:58 PM on 10/30/2015 was unexpected.
Error: (10/31/2015 02:03:27 AM) (Source: DCOM) (EventID: 10010) (User: SHARON)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (10/31/2015 02:03:27 AM) (Source: DCOM) (EventID: 10010) (User: SHARON)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (10/31/2015 02:03:27 AM) (Source: DCOM) (EventID: 10010) (User: SHARON)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (10/31/2015 02:03:27 AM) (Source: DCOM) (EventID: 10010) (User: SHARON)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (10/31/2015 02:03:27 AM) (Source: DCOM) (EventID: 10010) (User: SHARON)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (10/31/2015 02:03:27 AM) (Source: DCOM) (EventID: 10010) (User: SHARON)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (10/31/2015 02:03:27 AM) (Source: DCOM) (EventID: 10010) (User: SHARON)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (10/31/2015 02:03:27 AM) (Source: DCOM) (EventID: 10010) (User: SHARON)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (10/25/2015 11:09:46 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
CodeIntegrity:
===================================
Date: 2015-11-05 22:30:01.006
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-11-05 22:30:00.625
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-11-05 22:30:00.318
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-11-05 22:29:59.982
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-11-05 22:29:59.617
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-10-13 20:41:56.186
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-10-13 20:41:55.772
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-10-13 20:41:54.983
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-10-13 20:41:54.579
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-10-13 20:41:54.105
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 40%
Total physical RAM: 3959.09 MB
Available physical RAM: 2357.81 MB
Total Virtual: 4663.09 MB
Available Virtual: 2865.91 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:456.54 GB) (Free:412.55 GB) NTFS
Drive d: (KIRBY) (CDROM) (Total:1.98 GB) (Free:0 GB) UDF
Drive x: (PBR Image) (Fixed) (Total:7.2 GB) (Free:0.3 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.22 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 565A9B2D)
Partition: GPT.
==================== End of Addition.txt ============================