Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hi, need help with a slow running laptop.

Malware fix help please

  • Please log in to reply

#1
Darcie Randal West

Darcie Randal West

    New Member

  • Member
  • Pip
  • 2 posts

please help me erase some adware or malware off my system. It runs so slow and restarts and I cant do a thing.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by darcie (administrator) on DARCIE (15-03-2016 12:34:17)
Running from C:\Users\darcie\Desktop
Loaded Profiles: darcie (Available Profiles: darcie & Administrator)
Platform: Windows 8.1 Connected (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe
(Mozilla Corporation) C:\Users\darcie\Desktop\Tor Browser\Browser\firefox.exe
() C:\Users\darcie\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
(Apowersoft) C:\Users\darcie\OneDrive\Email attachments\Documents\Apowersoft\Video Download Capture\Video Download Capture.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-09-14] (Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\System32\DptfPolicyLpmServiceHelper.exe [111488 2014-09-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2855664 2014-09-05] (Synaptics Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [507192 2014-07-21] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [643064 2015-02-09] (McAfee, Inc.)
HKU\S-1-5-21-3037653533-231550682-2848119788-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILAE.EXE [297024 2014-11-20] (SEIKO EPSON CORPORATION)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3037653533-231550682-2848119788-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-3037653533-231550682-2848119788-1001] => http=127.0.0.1:8888;https=127.0.0.1:8888
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{512591C3-D1E8-403E-AC52-15BB6B1CC090}: [DhcpNameServer] 209.18.47.62 209.18.47.61
ManualProxies: 1http=127.0.0.1:8888;https=127.0.0.1:8888

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3037653533-231550682-2848119788-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.com/
HKU\S-1-5-21-3037653533-231550682-2848119788-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {E3EB04AC-AA12-4D79-956F-E294556933DF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3037653533-231550682-2848119788-1001 -> {E3EB04AC-AA12-4D79-956F-E294556933DF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-02-27] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-02-27] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-03-14] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0017421457983105mcinstcleanup; C:\WINDOWS\TEMP\001742~1.EXE [851136 2014-08-08] (McAfee, Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [94936 2014-07-04] ()
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115656 2014-09-05] (Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-21] (Hewlett-Packard Company) [File not signed]
S2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [476984 2014-07-21] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-09-14] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-02-27] (McAfee, Inc.)
R3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe [422632 2015-01-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-02-27] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-09-14] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [220912 2014-09-05] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2014-09-05] (Intel Corporation)
S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2014-09-05] (Intel Corporation)
S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2014-09-05] (Intel Corporation)
S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2014-09-05] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2014-09-05] (Intel Corporation)
S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2014-09-05] (Intel Corporation)
S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2014-09-05] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2014-09-05] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-08-11] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-08-11] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2014-08-04] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
U3 mfehidk01; no ImagePath
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
U3 mfencbdc01; no ImagePath
U3 mfencbdc02; no ImagePath
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [578776 2014-08-05] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3560664 2014-09-05] (Realtek Semiconductor Corporation                           )
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2014-09-05] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-09-26] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [257880 2014-09-26] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-09-26] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-15 12:34 - 2016-03-15 12:36 - 00014503 _____ C:\Users\darcie\Desktop\FRST.txt
2016-03-15 12:32 - 2016-03-15 12:34 - 00000000 ___DC C:\FRST
2016-03-15 12:31 - 2016-03-15 12:32 - 02374144 _____ (Farbar) C:\Users\darcie\Desktop\FRST64.exe
2016-03-15 12:31 - 2016-03-15 12:31 - 02374144 _____ (Farbar) C:\Users\darcie\Desktop\FRST64.exe.h78e71q.partial
2016-03-15 11:15 - 2016-03-15 11:15 - 01387800 _____ C:\Users\Public\VOIP.dat
2016-03-15 11:12 - 2016-03-15 11:12 - 00001343 _____ C:\Users\Public\Desktop\Video Download Capture.lnk
2016-03-15 11:12 - 2016-03-15 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2016-03-15 11:12 - 2016-03-15 11:12 - 00000000 ____D C:\Program Files (x86)\Apowersoft
2016-03-15 11:12 - 2014-04-09 21:05 - 00031920 _____ (Wondershare) C:\WINDOWS\system32\Drivers\Apowersoft_AudioDevice.sys
2016-03-15 11:12 - 2014-04-09 20:50 - 00443568 ____H (Bytescout) C:\WINDOWS\SysWOW64\ApowersoftScreenCapturing.dll
2016-03-15 11:12 - 2014-04-09 20:50 - 00271536 ____H (Bytescout) C:\WINDOWS\SysWOW64\ApowersoftScreenCapturingFilter.dll
2016-03-15 11:12 - 2014-04-09 20:50 - 00181424 ____H (Bytescout) C:\WINDOWS\SysWOW64\ApowersoftVideoMixerFilter.dll
2016-03-14 23:39 - 2016-03-14 23:39 - 00003712 _____ C:\Users\darcie\Desktop\vlc-cache-gen.exe - Shortcut.lnk
2016-03-14 23:31 - 2016-03-14 23:34 - 00002013 _____ C:\Users\darcie\Desktop\vlc.exe - Shortcut.lnk
2016-03-14 09:24 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2016-03-14 09:20 - 2016-03-14 09:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2016-03-14 09:18 - 2016-03-14 17:10 - 00003348 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2016-03-14 09:18 - 2016-03-14 09:18 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-14 09:16 - 2016-03-15 12:36 - 00000000 ____D C:\Users\darcie\AppData\Roaming\hpqlog
2016-03-14 09:16 - 2016-03-14 09:16 - 00000000 ____D C:\Users\darcie\AppData\Local\Hewlett-Packard
2016-03-14 09:11 - 2016-03-14 09:11 - 00282184 _____ C:\WINDOWS\Minidump\031416-20468-01.dmp
2016-03-14 09:11 - 2016-03-14 09:11 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-14 05:44 - 2016-03-09 03:56 - 02094080 _____ (BitTorrent Inc.) C:\Program Files\uTorrent.exe
2016-03-14 05:29 - 2016-03-14 05:29 - 00090694 _____ C:\Users\darcie\Downloads\BKD-73612663835.pdf
2016-03-14 04:47 - 2016-03-14 04:47 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-03-14 04:25 - 2016-03-14 04:25 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2016-03-14 03:48 - 2016-03-14 23:45 - 00000000 ___DC C:\tmp
2016-03-14 03:39 - 2016-03-14 03:39 - 00000000 ___DC C:\FLAC To MP3
2016-03-14 03:39 - 2016-03-14 03:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLAC To MP3
2016-03-14 03:06 - 2016-03-14 23:42 - 00000000 ____D C:\Users\darcie\AppData\Roaming\vlc
2016-03-14 01:57 - 2016-03-14 01:57 - 00010319 _____ C:\Users\darcie\Downloads\hhth.jpeg
2016-03-14 01:56 - 2016-03-14 01:56 - 00007137 _____ C:\Users\darcie\Downloads\th.jhh..jpeg
2016-03-14 01:39 - 2016-03-14 01:39 - 00007949 _____ C:\Users\darcie\Downloads\tbbh.jpeg
2016-03-14 01:38 - 2016-03-14 01:38 - 00010181 _____ C:\Users\darcie\Downloads\th.jpeg
2016-03-14 01:28 - 2016-03-14 05:30 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\uTorrent
2016-03-14 01:27 - 2016-03-14 09:51 - 00002653 _____ C:\Users\darcie\Desktop\µTorrent.lnk
2016-03-14 01:27 - 2016-03-09 03:56 - 02094080 _____ (BitTorrent Inc.) C:\Users\darcie\Documents\uTorrent.exe
2016-03-14 01:25 - 2016-03-14 09:51 - 00000000 ____D C:\Users\darcie\AppData\Roaming\uTorrent
2016-03-14 00:50 - 2016-03-14 09:52 - 00001645 _____ C:\Users\darcie\Desktop\Start Tor Browser.lnk
2016-03-14 00:50 - 2016-03-14 00:50 - 00000813 _____ C:\Users\darcie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-03-14 00:26 - 2016-03-14 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2016-03-14 00:26 - 2016-03-14 00:26 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2016-03-13 23:34 - 2016-03-15 11:15 - 00000000 ____D C:\Users\darcie\AppData\Roaming\Apowersoft
2016-03-13 23:33 - 2016-03-15 10:54 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EB0A9D40-678D-4850-9FB4-B2EBEF518503}
2016-03-13 23:32 - 2016-03-15 11:17 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3037653533-231550682-2848119788-1001
2016-03-13 23:32 - 2016-03-13 23:32 - 00000000 __SHD C:\Users\darcie\AppData\Local\EmieUserList
2016-03-13 23:32 - 2016-03-13 23:32 - 00000000 __SHD C:\Users\darcie\AppData\Local\EmieSiteList
2016-03-13 23:29 - 2016-03-13 23:31 - 00000000 ____D C:\Users\darcie\AppData\Roaming\Hewlett-Packard
2016-03-13 23:29 - 2016-03-13 23:29 - 00004022 _____ C:\WINDOWS\System32\Tasks\HPGenoobeReminder
2016-03-13 23:29 - 2016-03-13 23:29 - 00000000 ____D C:\Users\darcie\AppData\Roaming\Macromedia
2016-03-13 23:27 - 2016-03-13 23:29 - 00000000 ____D C:\Users\darcie\AppData\Local\PackageStaging
2016-03-13 23:27 - 2016-03-13 23:27 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-03-13 23:26 - 2016-03-14 03:48 - 00000000 ____D C:\Users\darcie\AppData\Local\VirtualStore
2016-03-13 23:26 - 2016-03-13 23:26 - 00003562 _____ C:\WINDOWS\System32\Tasks\HPCheckDropBoxStatus
2016-03-13 23:26 - 2016-03-13 23:26 - 00001449 _____ C:\Users\darcie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-13 23:26 - 2016-03-13 23:26 - 00000184 _____ C:\WINDOWS\insFileSpec
2016-03-13 23:26 - 2016-03-13 23:26 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-03-13 23:26 - 2016-03-13 23:26 - 00000020 ___SH C:\Users\darcie\ntuser.ini
2016-03-13 23:26 - 2016-03-13 23:26 - 00000000 ____D C:\Users\darcie\AppData\Roaming\Synaptics
2016-03-13 23:26 - 2016-03-13 23:26 - 00000000 ____D C:\Users\darcie\AppData\Roaming\Adobe
2016-03-13 22:02 - 2016-03-15 12:02 - 00000933 _____ C:\WINDOWS\Tasks\EPSON XP-410 Series Update {99A0A2E9-8BA4-459F-856D-168F10C0C5C9}.job
2016-03-13 22:02 - 2016-03-15 12:02 - 00000747 _____ C:\WINDOWS\Tasks\EPSON XP-410 Series Invitation {99A0A2E9-8BA4-459F-856D-168F10C0C5C9}.job
2016-03-13 22:02 - 2016-03-13 22:02 - 00003964 _____ C:\WINDOWS\System32\Tasks\EPSON XP-410 Series Update {99A0A2E9-8BA4-459F-856D-168F10C0C5C9}
2016-03-13 22:02 - 2016-03-13 22:02 - 00003778 _____ C:\WINDOWS\System32\Tasks\EPSON XP-410 Series Invitation {99A0A2E9-8BA4-459F-856D-168F10C0C5C9}
2016-03-13 22:02 - 2016-03-13 22:02 - 00000000 ____D C:\Program Files\Common Files\EPSON
2016-03-13 22:01 - 2016-03-14 00:03 - 00000000 ____D C:\ProgramData\EPSON
2016-03-13 22:01 - 2014-11-20 16:05 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ILMBLAE.DLL
2016-03-13 22:01 - 2014-11-20 16:05 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ID4BLAE.DLL
2016-03-13 22:01 - 2014-11-20 16:05 - 00010752 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_GCINST.DLL
2016-03-13 21:49 - 2016-03-13 21:49 - 00001719 _____ C:\Users\Administrator\AppData\Local\Application.xml
2016-03-13 21:44 - 2016-03-14 09:12 - 00000000 ____D C:\Users\darcie
2016-03-13 21:44 - 2016-03-13 21:44 - 00000000 _SHDL C:\Users\darcie\My Documents
2016-03-13 21:44 - 2016-03-13 21:44 - 00000000 _SHDL C:\Users\darcie\Documents\My Videos
2016-03-13 21:44 - 2016-03-13 21:44 - 00000000 _SHDL C:\Users\darcie\Documents\My Pictures
2016-03-13 21:44 - 2016-03-13 21:44 - 00000000 _SHDL C:\Users\darcie\Documents\My Music
2016-03-13 21:44 - 2014-09-26 00:32 - 00000000 ___HD C:\Users\darcie\Documents\hp.system.package.metadata
2016-03-13 21:44 - 2014-03-17 23:54 - 00000369 _____ C:\Users\darcie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-03-13 21:44 - 2014-03-17 23:54 - 00000369 _____ C:\Users\darcie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-03-13 21:40 - 2016-03-13 21:49 - 00028578 _____ C:\WINDOWS\diagwrn.xml
2016-03-13 21:40 - 2016-03-13 21:49 - 00028578 _____ C:\WINDOWS\diagerr.xml
2016-03-13 21:39 - 2016-03-13 21:39 - 00002306 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3037653533-231550682-2848119788-500
2016-03-13 19:35 - 2016-03-14 04:38 - 00000000 ___DC C:\Windows.old
2016-03-13 19:34 - 2016-03-13 19:34 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2016-03-13 16:07 - 2016-03-14 00:56 - 00000000 ____D C:\Users\darcie\Desktop\Tor Browser
2016-03-13 04:17 - 2016-03-14 23:36 - 00000000 ____D C:\Users\darcie\Desktop\Piano
2016-03-10 14:55 - 2015-10-29 22:08 - 00270452 ____C C:\wow64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.10586.0_none_682f78cb7d9e12d9_msvcrt.dll_ee71f3d5
2016-03-10 14:55 - 2015-10-29 22:08 - 00246050 ____C C:\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.10586.0_none_5ddace79493d50de_msvcrt.dll_ee71f3d5
2016-03-10 14:55 - 2015-10-29 21:19 - 00993632 ____C (Microsoft Corporation) C:\msvcr120_clr0400.dll
2016-03-10 14:55 - 2015-10-29 21:19 - 00018600 ____C (Microsoft Corporation) C:\msvcr100_clr0400.dll
2016-03-10 14:55 - 2015-10-29 21:18 - 00633760 ____C (Microsoft Corporation) C:\msvcrt.dll
2016-03-10 14:55 - 2015-10-29 21:18 - 00253952 ____C (Microsoft Corporation) C:\msvcrt20.dll
2016-03-10 14:55 - 2015-10-29 21:18 - 00061440 ____C (Microsoft Corporation) C:\msvcrt40.dll
2016-03-10 14:55 - 2015-10-29 21:17 - 00796672 ____C (Microsoft Corporation) C:\msvcr80.dll
2016-03-10 14:55 - 2015-10-29 21:15 - 00000316 ____C C:\x86_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.0_none_8eeac119b03cc442.manifest
2016-03-10 14:55 - 2015-10-29 21:15 - 00000280 ____C C:\x86_netfx4-msvcr100_clr_dll_31bf3856ad364e35_4.0.10586.0_none_8a7decf5338e5d60.manifest
2016-03-10 14:55 - 2015-10-29 21:14 - 00000321 ____C C:\amd64_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.0_none_eb095c9d689a3578.manifest
2016-03-10 14:55 - 2015-10-29 21:14 - 00000285 ____C C:\amd64_netfx4-msvcr100_clr_dll_31bf3856ad364e35_4.0.10586.0_none_e69c8878ebebce96.manifest
2016-03-10 14:55 - 2015-10-29 21:13 - 00000251 ____C C:\wow64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.10586.0_none_682f78cb7d9e12d9.manifest
2016-03-10 14:55 - 2015-10-29 21:13 - 00000247 ____C C:\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.10586.0_none_5ddace79493d50de.manifest
2016-03-10 14:55 - 2015-10-29 21:13 - 00000213 ____C C:\x86_microsoft-windows-msvcrt20_31bf3856ad364e35_10.0.10586.0_none_1e8ad94462cbbbb6.manifest
2016-03-10 14:55 - 2015-10-29 21:13 - 00000188 ____C C:\x86_microsoft-windows-msvcrt40_31bf3856ad364e35_10.0.10586.0_none_1f6de7a06239c4c4.manifest
2016-03-10 14:55 - 2015-10-29 21:13 - 00000063 ____C C:\amd64_microsoft-windows-msvcrt40_31bf3856ad364e35_10.0.10586.0_none_7b8c83241a9735fa.manifest
2016-03-10 14:55 - 2008-07-28 21:05 - 00655872 ____C (Microsoft Corporation) C:\msvcr90.dll
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\x86_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.35_none_a28d102712c933ac
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\x86_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.0_none_8eeac119b03cc442
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\x86_netfx4-msvcr100_clr_dll_31bf3856ad364e35_4.0.10586.0_none_8a7decf5338e5d60
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\x86_microsoft-windows-msvcrt40_31bf3856ad364e35_10.0.10586.0_none_1f6de7a06239c4c4
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\x86_microsoft-windows-msvcrt20_31bf3856ad364e35_10.0.10586.0_none_1e8ad94462cbbbb6
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\wow64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.10586.0_none_682f78cb7d9e12d9
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\amd64_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.35_none_feababaacb26a4e2
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\amd64_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.0_none_eb095c9d689a3578
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\amd64_netfx4-msvcr100_clr_dll_31bf3856ad364e35_4.0.10586.0_none_e69c8878ebebce96
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.10586.0_none_5ddace79493d50de
2016-03-10 14:54 - 2015-12-17 16:13 - 00000323 ____C C:\amd64_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.35_none_feababaacb26a4e2.manifest
2016-03-10 14:54 - 2015-12-17 16:13 - 00000319 ____C C:\x86_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.35_none_a28d102712c933ac.manifest
2016-03-09 03:55 - 2016-03-09 03:56 - 02094080 _____ (BitTorrent Inc.) C:\Users\darcie\Downloads\uTorrent(btkey,https^3A^2F^2Futp.st^2FfAAjozWm) (1).exe
2016-03-06 09:36 - 2016-03-06 09:36 - 00029358 _____ C:\Users\darcie\Downloads\stargazingintheparks (1).pdf
2016-03-04 22:37 - 2016-03-04 22:42 - 00002004 _____ C:\Users\darcie\Desktop\Narrator (2).lnk
2016-03-04 22:04 - 2016-03-14 04:36 - 00000000 __HDC C:\$SysReset
2016-03-04 21:38 - 2016-03-04 21:38 - 00000030 ____H C:\Users\darcie\Desktop\.ceid
2016-03-04 21:31 - 2016-03-04 21:31 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\Company
2016-03-04 21:31 - 2016-03-04 21:31 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-03-04 21:31 - 2016-03-04 21:31 - 00000000 ____D C:\uninst
2016-03-04 05:10 - 2016-03-04 21:22 - 00000000 ___HD C:\Users\darcie\Downloads\.cedata
2016-03-04 05:10 - 2016-03-04 05:10 - 00000030 ____H C:\Users\darcie\Downloads\.ceid
2016-03-04 05:09 - 2016-03-11 14:39 - 00000000 ___HD C:\Users\darcie\Documents\.cedata
2016-03-04 05:09 - 2016-03-11 14:39 - 00000000 ___HD C:\Users\darcie\Desktop\.cedata
2016-03-04 05:09 - 2016-03-04 05:09 - 00000030 ____H C:\Users\darcie\Documents\.ceid
2016-03-04 04:48 - 2016-03-04 04:48 - 01358434 _____ C:\Users\darcie\Downloads\toshiba_pogoplug_pc_guide.pdf
2016-03-04 03:55 - 2016-03-08 00:05 - 00000000 ____D C:\Users\darcie\Downloads\Icons
2016-03-01 10:38 - 2015-07-19 20:50 - 00000343 ____R C:\Users\darcie\Desktop\Install Notes.txt
2016-03-01 10:26 - 2016-03-13 23:37 - 00000000 ____D C:\Users\darcie\Documents\Video Download Capture
2016-02-29 16:36 - 2016-02-29 16:36 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\Google
2016-02-25 02:37 - 2016-03-03 12:02 - 00000000 ____D C:\Users\darcie\VLC
2016-02-24 13:27 - 2016-02-24 13:35 - 00000224 _____ C:\Users\darcie\Desktop\Dropbox Website.URL
2016-02-23 18:35 - 2016-02-23 18:35 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\Sun
2016-02-23 18:35 - 2016-02-23 18:35 - 00000000 ____D C:\Users\darcie\.oracle_jre_usage
2016-02-23 17:58 - 2016-02-26 02:03 - 00034816 ___SH C:\Users\darcie\Documents\Thumbs.db
2016-02-23 17:29 - 2016-02-23 17:29 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\Oracle
2016-02-22 23:14 - 2016-03-04 18:54 - 00424448 ___SH C:\Users\darcie\Downloads\Thumbs.db
2016-02-22 18:17 - 2016-03-13 04:30 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\Adblock Plus for IE
2016-02-22 18:11 - 2016-03-13 23:32 - 00000000 __SHD C:\Users\darcie\AppData\LocalLow\EmieUserList
2016-02-22 18:11 - 2016-03-13 23:32 - 00000000 __SHD C:\Users\darcie\AppData\LocalLow\EmieSiteList
2016-02-22 18:03 - 2016-03-14 09:13 - 00000000 ___DO C:\Users\darcie\OneDrive
2016-02-22 17:58 - 2016-03-14 00:44 - 00000000 ____D C:\Users\darcie\AppData\Local\Packages
2016-02-22 17:58 - 2016-02-22 20:54 - 00000000 __SHD C:\Users\darcie\IntelGraphicsProfiles
2016-02-22 17:57 - 2014-09-26 00:32 - 00000000 ___HD C:\Users\darcie\Documents\hp.applications.package.appdata
2016-02-22 17:54 - 2016-02-22 17:59 - 00000000 __RHD C:\Users\Public\AccountPictures

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-15 12:37 - 2015-04-15 05:32 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-03-15 12:02 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-03-15 11:13 - 2013-08-22 03:36 - 00000000 ____D C:\WINDOWS\Inf
2016-03-15 10:58 - 2015-04-15 06:02 - 00000000 ____D C:\ProgramData\McAfee
2016-03-15 02:29 - 2013-08-22 05:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-15 01:47 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-15 01:41 - 2014-03-17 23:53 - 00956412 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-14 09:24 - 2015-04-15 06:02 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-03-14 09:23 - 2013-08-22 05:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-03-14 09:18 - 2015-04-15 06:02 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-03-14 09:17 - 2013-08-22 05:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-14 09:16 - 2015-04-15 05:44 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-14 09:11 - 2013-08-22 04:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-14 09:11 - 2013-08-22 04:44 - 00346712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-14 02:16 - 2014-04-02 13:51 - 00000000 ___DC C:\WINDOWS\Panther
2016-03-13 23:30 - 2013-08-22 03:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-13 23:26 - 2015-04-15 05:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-03-13 23:26 - 2014-09-02 05:41 - 00000000 ___HD C:\SYSTEM.SAV
2016-03-13 21:51 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\rescache
2016-03-13 21:45 - 2013-08-22 05:36 - 00000000 __RHD C:\Users\Public\Libraries
2016-03-13 21:44 - 2014-04-02 13:02 - 00000000 ____D C:\Users\Administrator
2016-03-13 21:25 - 2013-08-22 03:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-13 19:35 - 2013-08-22 05:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2016-03-04 19:49 - 2016-02-07 22:00 - 00000000 ____C C:\Recovery.txt

==================== Files in the root of some directories =======

2016-03-14 05:44 - 2016-03-09 03:56 - 2094080 _____ (BitTorrent Inc.) C:\Program Files\uTorrent.exe

Files to move or delete:
====================
C:\Users\Public\VOIP.dat

Some files in TEMP:
====================
C:\Users\darcie\AppData\Local\Temp\tmp2F3B.tmp.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-13 21:37

==================== End of FRST.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by darcie (administrator) on DARCIE (15-03-2016 12:34:17)
Running from C:\Users\darcie\Desktop
Loaded Profiles: darcie (Available Profiles: darcie & Administrator)
Platform: Windows 8.1 Connected (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe
(Mozilla Corporation) C:\Users\darcie\Desktop\Tor Browser\Browser\firefox.exe
() C:\Users\darcie\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
(Apowersoft) C:\Users\darcie\OneDrive\Email attachments\Documents\Apowersoft\Video Download Capture\Video Download Capture.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-09-14] (Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\System32\DptfPolicyLpmServiceHelper.exe [111488 2014-09-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2855664 2014-09-05] (Synaptics Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [507192 2014-07-21] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [643064 2015-02-09] (McAfee, Inc.)
HKU\S-1-5-21-3037653533-231550682-2848119788-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILAE.EXE [297024 2014-11-20] (SEIKO EPSON CORPORATION)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3037653533-231550682-2848119788-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-3037653533-231550682-2848119788-1001] => http=127.0.0.1:8888;https=127.0.0.1:8888
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{512591C3-D1E8-403E-AC52-15BB6B1CC090}: [DhcpNameServer] 209.18.47.62 209.18.47.61
ManualProxies: 1http=127.0.0.1:8888;https=127.0.0.1:8888

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3037653533-231550682-2848119788-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.com/
HKU\S-1-5-21-3037653533-231550682-2848119788-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {E3EB04AC-AA12-4D79-956F-E294556933DF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3037653533-231550682-2848119788-1001 -> {E3EB04AC-AA12-4D79-956F-E294556933DF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-02-27] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-02-27] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-03-14] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0017421457983105mcinstcleanup; C:\WINDOWS\TEMP\001742~1.EXE [851136 2014-08-08] (McAfee, Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [94936 2014-07-04] ()
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115656 2014-09-05] (Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-21] (Hewlett-Packard Company) [File not signed]
S2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [476984 2014-07-21] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-09-14] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-02-27] (McAfee, Inc.)
R3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe [422632 2015-01-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-02-27] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-09-14] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [220912 2014-09-05] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2014-09-05] (Intel Corporation)
S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2014-09-05] (Intel Corporation)
S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2014-09-05] (Intel Corporation)
S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2014-09-05] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2014-09-05] (Intel Corporation)
S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2014-09-05] (Intel Corporation)
S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2014-09-05] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2014-09-05] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-08-11] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-08-11] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2014-08-04] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
U3 mfehidk01; no ImagePath
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
U3 mfencbdc01; no ImagePath
U3 mfencbdc02; no ImagePath
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [578776 2014-08-05] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3560664 2014-09-05] (Realtek Semiconductor Corporation                           )
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2014-09-05] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-09-26] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [257880 2014-09-26] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-09-26] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-15 12:34 - 2016-03-15 12:36 - 00014503 _____ C:\Users\darcie\Desktop\FRST.txt
2016-03-15 12:32 - 2016-03-15 12:34 - 00000000 ___DC C:\FRST
2016-03-15 12:31 - 2016-03-15 12:32 - 02374144 _____ (Farbar) C:\Users\darcie\Desktop\FRST64.exe
2016-03-15 12:31 - 2016-03-15 12:31 - 02374144 _____ (Farbar) C:\Users\darcie\Desktop\FRST64.exe.h78e71q.partial
2016-03-15 11:15 - 2016-03-15 11:15 - 01387800 _____ C:\Users\Public\VOIP.dat
2016-03-15 11:12 - 2016-03-15 11:12 - 00001343 _____ C:\Users\Public\Desktop\Video Download Capture.lnk
2016-03-15 11:12 - 2016-03-15 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2016-03-15 11:12 - 2016-03-15 11:12 - 00000000 ____D C:\Program Files (x86)\Apowersoft
2016-03-15 11:12 - 2014-04-09 21:05 - 00031920 _____ (Wondershare) C:\WINDOWS\system32\Drivers\Apowersoft_AudioDevice.sys
2016-03-15 11:12 - 2014-04-09 20:50 - 00443568 ____H (Bytescout) C:\WINDOWS\SysWOW64\ApowersoftScreenCapturing.dll
2016-03-15 11:12 - 2014-04-09 20:50 - 00271536 ____H (Bytescout) C:\WINDOWS\SysWOW64\ApowersoftScreenCapturingFilter.dll
2016-03-15 11:12 - 2014-04-09 20:50 - 00181424 ____H (Bytescout) C:\WINDOWS\SysWOW64\ApowersoftVideoMixerFilter.dll
2016-03-14 23:39 - 2016-03-14 23:39 - 00003712 _____ C:\Users\darcie\Desktop\vlc-cache-gen.exe - Shortcut.lnk
2016-03-14 23:31 - 2016-03-14 23:34 - 00002013 _____ C:\Users\darcie\Desktop\vlc.exe - Shortcut.lnk
2016-03-14 09:24 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2016-03-14 09:20 - 2016-03-14 09:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2016-03-14 09:18 - 2016-03-14 17:10 - 00003348 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2016-03-14 09:18 - 2016-03-14 09:18 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-14 09:16 - 2016-03-15 12:36 - 00000000 ____D C:\Users\darcie\AppData\Roaming\hpqlog
2016-03-14 09:16 - 2016-03-14 09:16 - 00000000 ____D C:\Users\darcie\AppData\Local\Hewlett-Packard
2016-03-14 09:11 - 2016-03-14 09:11 - 00282184 _____ C:\WINDOWS\Minidump\031416-20468-01.dmp
2016-03-14 09:11 - 2016-03-14 09:11 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-14 05:44 - 2016-03-09 03:56 - 02094080 _____ (BitTorrent Inc.) C:\Program Files\uTorrent.exe
2016-03-14 05:29 - 2016-03-14 05:29 - 00090694 _____ C:\Users\darcie\Downloads\BKD-73612663835.pdf
2016-03-14 04:47 - 2016-03-14 04:47 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-03-14 04:25 - 2016-03-14 04:25 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2016-03-14 03:48 - 2016-03-14 23:45 - 00000000 ___DC C:\tmp
2016-03-14 03:39 - 2016-03-14 03:39 - 00000000 ___DC C:\FLAC To MP3
2016-03-14 03:39 - 2016-03-14 03:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLAC To MP3
2016-03-14 03:06 - 2016-03-14 23:42 - 00000000 ____D C:\Users\darcie\AppData\Roaming\vlc
2016-03-14 01:57 - 2016-03-14 01:57 - 00010319 _____ C:\Users\darcie\Downloads\hhth.jpeg
2016-03-14 01:56 - 2016-03-14 01:56 - 00007137 _____ C:\Users\darcie\Downloads\th.jhh..jpeg
2016-03-14 01:39 - 2016-03-14 01:39 - 00007949 _____ C:\Users\darcie\Downloads\tbbh.jpeg
2016-03-14 01:38 - 2016-03-14 01:38 - 00010181 _____ C:\Users\darcie\Downloads\th.jpeg
2016-03-14 01:28 - 2016-03-14 05:30 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\uTorrent
2016-03-14 01:27 - 2016-03-14 09:51 - 00002653 _____ C:\Users\darcie\Desktop\µTorrent.lnk
2016-03-14 01:27 - 2016-03-09 03:56 - 02094080 _____ (BitTorrent Inc.) C:\Users\darcie\Documents\uTorrent.exe
2016-03-14 01:25 - 2016-03-14 09:51 - 00000000 ____D C:\Users\darcie\AppData\Roaming\uTorrent
2016-03-14 00:50 - 2016-03-14 09:52 - 00001645 _____ C:\Users\darcie\Desktop\Start Tor Browser.lnk
2016-03-14 00:50 - 2016-03-14 00:50 - 00000813 _____ C:\Users\darcie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-03-14 00:26 - 2016-03-14 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2016-03-14 00:26 - 2016-03-14 00:26 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2016-03-13 23:34 - 2016-03-15 11:15 - 00000000 ____D C:\Users\darcie\AppData\Roaming\Apowersoft
2016-03-13 23:33 - 2016-03-15 10:54 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EB0A9D40-678D-4850-9FB4-B2EBEF518503}
2016-03-13 23:32 - 2016-03-15 11:17 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3037653533-231550682-2848119788-1001
2016-03-13 23:32 - 2016-03-13 23:32 - 00000000 __SHD C:\Users\darcie\AppData\Local\EmieUserList
2016-03-13 23:32 - 2016-03-13 23:32 - 00000000 __SHD C:\Users\darcie\AppData\Local\EmieSiteList
2016-03-13 23:29 - 2016-03-13 23:31 - 00000000 ____D C:\Users\darcie\AppData\Roaming\Hewlett-Packard
2016-03-13 23:29 - 2016-03-13 23:29 - 00004022 _____ C:\WINDOWS\System32\Tasks\HPGenoobeReminder
2016-03-13 23:29 - 2016-03-13 23:29 - 00000000 ____D C:\Users\darcie\AppData\Roaming\Macromedia
2016-03-13 23:27 - 2016-03-13 23:29 - 00000000 ____D C:\Users\darcie\AppData\Local\PackageStaging
2016-03-13 23:27 - 2016-03-13 23:27 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-03-13 23:26 - 2016-03-14 03:48 - 00000000 ____D C:\Users\darcie\AppData\Local\VirtualStore
2016-03-13 23:26 - 2016-03-13 23:26 - 00003562 _____ C:\WINDOWS\System32\Tasks\HPCheckDropBoxStatus
2016-03-13 23:26 - 2016-03-13 23:26 - 00001449 _____ C:\Users\darcie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-13 23:26 - 2016-03-13 23:26 - 00000184 _____ C:\WINDOWS\insFileSpec
2016-03-13 23:26 - 2016-03-13 23:26 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-03-13 23:26 - 2016-03-13 23:26 - 00000020 ___SH C:\Users\darcie\ntuser.ini
2016-03-13 23:26 - 2016-03-13 23:26 - 00000000 ____D C:\Users\darcie\AppData\Roaming\Synaptics
2016-03-13 23:26 - 2016-03-13 23:26 - 00000000 ____D C:\Users\darcie\AppData\Roaming\Adobe
2016-03-13 22:02 - 2016-03-15 12:02 - 00000933 _____ C:\WINDOWS\Tasks\EPSON XP-410 Series Update {99A0A2E9-8BA4-459F-856D-168F10C0C5C9}.job
2016-03-13 22:02 - 2016-03-15 12:02 - 00000747 _____ C:\WINDOWS\Tasks\EPSON XP-410 Series Invitation {99A0A2E9-8BA4-459F-856D-168F10C0C5C9}.job
2016-03-13 22:02 - 2016-03-13 22:02 - 00003964 _____ C:\WINDOWS\System32\Tasks\EPSON XP-410 Series Update {99A0A2E9-8BA4-459F-856D-168F10C0C5C9}
2016-03-13 22:02 - 2016-03-13 22:02 - 00003778 _____ C:\WINDOWS\System32\Tasks\EPSON XP-410 Series Invitation {99A0A2E9-8BA4-459F-856D-168F10C0C5C9}
2016-03-13 22:02 - 2016-03-13 22:02 - 00000000 ____D C:\Program Files\Common Files\EPSON
2016-03-13 22:01 - 2016-03-14 00:03 - 00000000 ____D C:\ProgramData\EPSON
2016-03-13 22:01 - 2014-11-20 16:05 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ILMBLAE.DLL
2016-03-13 22:01 - 2014-11-20 16:05 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ID4BLAE.DLL
2016-03-13 22:01 - 2014-11-20 16:05 - 00010752 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_GCINST.DLL
2016-03-13 21:49 - 2016-03-13 21:49 - 00001719 _____ C:\Users\Administrator\AppData\Local\Application.xml
2016-03-13 21:44 - 2016-03-14 09:12 - 00000000 ____D C:\Users\darcie
2016-03-13 21:44 - 2016-03-13 21:44 - 00000000 _SHDL C:\Users\darcie\My Documents
2016-03-13 21:44 - 2016-03-13 21:44 - 00000000 _SHDL C:\Users\darcie\Documents\My Videos
2016-03-13 21:44 - 2016-03-13 21:44 - 00000000 _SHDL C:\Users\darcie\Documents\My Pictures
2016-03-13 21:44 - 2016-03-13 21:44 - 00000000 _SHDL C:\Users\darcie\Documents\My Music
2016-03-13 21:44 - 2014-09-26 00:32 - 00000000 ___HD C:\Users\darcie\Documents\hp.system.package.metadata
2016-03-13 21:44 - 2014-03-17 23:54 - 00000369 _____ C:\Users\darcie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-03-13 21:44 - 2014-03-17 23:54 - 00000369 _____ C:\Users\darcie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-03-13 21:40 - 2016-03-13 21:49 - 00028578 _____ C:\WINDOWS\diagwrn.xml
2016-03-13 21:40 - 2016-03-13 21:49 - 00028578 _____ C:\WINDOWS\diagerr.xml
2016-03-13 21:39 - 2016-03-13 21:39 - 00002306 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3037653533-231550682-2848119788-500
2016-03-13 19:35 - 2016-03-14 04:38 - 00000000 ___DC C:\Windows.old
2016-03-13 19:34 - 2016-03-13 19:34 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2016-03-13 16:07 - 2016-03-14 00:56 - 00000000 ____D C:\Users\darcie\Desktop\Tor Browser
2016-03-13 04:17 - 2016-03-14 23:36 - 00000000 ____D C:\Users\darcie\Desktop\Piano
2016-03-10 14:55 - 2015-10-29 22:08 - 00270452 ____C C:\wow64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.10586.0_none_682f78cb7d9e12d9_msvcrt.dll_ee71f3d5
2016-03-10 14:55 - 2015-10-29 22:08 - 00246050 ____C C:\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.10586.0_none_5ddace79493d50de_msvcrt.dll_ee71f3d5
2016-03-10 14:55 - 2015-10-29 21:19 - 00993632 ____C (Microsoft Corporation) C:\msvcr120_clr0400.dll
2016-03-10 14:55 - 2015-10-29 21:19 - 00018600 ____C (Microsoft Corporation) C:\msvcr100_clr0400.dll
2016-03-10 14:55 - 2015-10-29 21:18 - 00633760 ____C (Microsoft Corporation) C:\msvcrt.dll
2016-03-10 14:55 - 2015-10-29 21:18 - 00253952 ____C (Microsoft Corporation) C:\msvcrt20.dll
2016-03-10 14:55 - 2015-10-29 21:18 - 00061440 ____C (Microsoft Corporation) C:\msvcrt40.dll
2016-03-10 14:55 - 2015-10-29 21:17 - 00796672 ____C (Microsoft Corporation) C:\msvcr80.dll
2016-03-10 14:55 - 2015-10-29 21:15 - 00000316 ____C C:\x86_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.0_none_8eeac119b03cc442.manifest
2016-03-10 14:55 - 2015-10-29 21:15 - 00000280 ____C C:\x86_netfx4-msvcr100_clr_dll_31bf3856ad364e35_4.0.10586.0_none_8a7decf5338e5d60.manifest
2016-03-10 14:55 - 2015-10-29 21:14 - 00000321 ____C C:\amd64_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.0_none_eb095c9d689a3578.manifest
2016-03-10 14:55 - 2015-10-29 21:14 - 00000285 ____C C:\amd64_netfx4-msvcr100_clr_dll_31bf3856ad364e35_4.0.10586.0_none_e69c8878ebebce96.manifest
2016-03-10 14:55 - 2015-10-29 21:13 - 00000251 ____C C:\wow64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.10586.0_none_682f78cb7d9e12d9.manifest
2016-03-10 14:55 - 2015-10-29 21:13 - 00000247 ____C C:\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.10586.0_none_5ddace79493d50de.manifest
2016-03-10 14:55 - 2015-10-29 21:13 - 00000213 ____C C:\x86_microsoft-windows-msvcrt20_31bf3856ad364e35_10.0.10586.0_none_1e8ad94462cbbbb6.manifest
2016-03-10 14:55 - 2015-10-29 21:13 - 00000188 ____C C:\x86_microsoft-windows-msvcrt40_31bf3856ad364e35_10.0.10586.0_none_1f6de7a06239c4c4.manifest
2016-03-10 14:55 - 2015-10-29 21:13 - 00000063 ____C C:\amd64_microsoft-windows-msvcrt40_31bf3856ad364e35_10.0.10586.0_none_7b8c83241a9735fa.manifest
2016-03-10 14:55 - 2008-07-28 21:05 - 00655872 ____C (Microsoft Corporation) C:\msvcr90.dll
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\x86_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.35_none_a28d102712c933ac
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\x86_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.0_none_8eeac119b03cc442
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\x86_netfx4-msvcr100_clr_dll_31bf3856ad364e35_4.0.10586.0_none_8a7decf5338e5d60
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\x86_microsoft-windows-msvcrt40_31bf3856ad364e35_10.0.10586.0_none_1f6de7a06239c4c4
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\x86_microsoft-windows-msvcrt20_31bf3856ad364e35_10.0.10586.0_none_1e8ad94462cbbbb6
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\wow64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.10586.0_none_682f78cb7d9e12d9
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\amd64_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.35_none_feababaacb26a4e2
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\amd64_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.0_none_eb095c9d689a3578
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\amd64_netfx4-msvcr100_clr_dll_31bf3856ad364e35_4.0.10586.0_none_e69c8878ebebce96
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.10586.0_none_5ddace79493d50de
2016-03-10 14:54 - 2015-12-17 16:13 - 00000323 ____C C:\amd64_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.35_none_feababaacb26a4e2.manifest
2016-03-10 14:54 - 2015-12-17 16:13 - 00000319 ____C C:\x86_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.35_none_a28d102712c933ac.manifest
2016-03-09 03:55 - 2016-03-09 03:56 - 02094080 _____ (BitTorrent Inc.) C:\Users\darcie\Downloads\uTorrent(btkey,https^3A^2F^2Futp.st^2FfAAjozWm) (1).exe
2016-03-06 09:36 - 2016-03-06 09:36 - 00029358 _____ C:\Users\darcie\Downloads\stargazingintheparks (1).pdf
2016-03-04 22:37 - 2016-03-04 22:42 - 00002004 _____ C:\Users\darcie\Desktop\Narrator (2).lnk
2016-03-04 22:04 - 2016-03-14 04:36 - 00000000 __HDC C:\$SysReset
2016-03-04 21:38 - 2016-03-04 21:38 - 00000030 ____H C:\Users\darcie\Desktop\.ceid
2016-03-04 21:31 - 2016-03-04 21:31 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\Company
2016-03-04 21:31 - 2016-03-04 21:31 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-03-04 21:31 - 2016-03-04 21:31 - 00000000 ____D C:\uninst
2016-03-04 05:10 - 2016-03-04 21:22 - 00000000 ___HD C:\Users\darcie\Downloads\.cedata
2016-03-04 05:10 - 2016-03-04 05:10 - 00000030 ____H C:\Users\darcie\Downloads\.ceid
2016-03-04 05:09 - 2016-03-11 14:39 - 00000000 ___HD C:\Users\darcie\Documents\.cedata
2016-03-04 05:09 - 2016-03-11 14:39 - 00000000 ___HD C:\Users\darcie\Desktop\.cedata
2016-03-04 05:09 - 2016-03-04 05:09 - 00000030 ____H C:\Users\darcie\Documents\.ceid
2016-03-04 04:48 - 2016-03-04 04:48 - 01358434 _____ C:\Users\darcie\Downloads\toshiba_pogoplug_pc_guide.pdf
2016-03-04 03:55 - 2016-03-08 00:05 - 00000000 ____D C:\Users\darcie\Downloads\Icons
2016-03-01 10:38 - 2015-07-19 20:50 - 00000343 ____R C:\Users\darcie\Desktop\Install Notes.txt
2016-03-01 10:26 - 2016-03-13 23:37 - 00000000 ____D C:\Users\darcie\Documents\Video Download Capture
2016-02-29 16:36 - 2016-02-29 16:36 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\Google
2016-02-25 02:37 - 2016-03-03 12:02 - 00000000 ____D C:\Users\darcie\VLC
2016-02-24 13:27 - 2016-02-24 13:35 - 00000224 _____ C:\Users\darcie\Desktop\Dropbox Website.URL
2016-02-23 18:35 - 2016-02-23 18:35 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\Sun
2016-02-23 18:35 - 2016-02-23 18:35 - 00000000 ____D C:\Users\darcie\.oracle_jre_usage
2016-02-23 17:58 - 2016-02-26 02:03 - 00034816 ___SH C:\Users\darcie\Documents\Thumbs.db
2016-02-23 17:29 - 2016-02-23 17:29 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\Oracle
2016-02-22 23:14 - 2016-03-04 18:54 - 00424448 ___SH C:\Users\darcie\Downloads\Thumbs.db
2016-02-22 18:17 - 2016-03-13 04:30 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\Adblock Plus for IE
2016-02-22 18:11 - 2016-03-13 23:32 - 00000000 __SHD C:\Users\darcie\AppData\LocalLow\EmieUserList
2016-02-22 18:11 - 2016-03-13 23:32 - 00000000 __SHD C:\Users\darcie\AppData\LocalLow\EmieSiteList
2016-02-22 18:03 - 2016-03-14 09:13 - 00000000 ___DO C:\Users\darcie\OneDrive
2016-02-22 17:58 - 2016-03-14 00:44 - 00000000 ____D C:\Users\darcie\AppData\Local\Packages
2016-02-22 17:58 - 2016-02-22 20:54 - 00000000 __SHD C:\Users\darcie\IntelGraphicsProfiles
2016-02-22 17:57 - 2014-09-26 00:32 - 00000000 ___HD C:\Users\darcie\Documents\hp.applications.package.appdata
2016-02-22 17:54 - 2016-02-22 17:59 - 00000000 __RHD C:\Users\Public\AccountPictures

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-15 12:37 - 2015-04-15 05:32 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-03-15 12:02 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-03-15 11:13 - 2013-08-22 03:36 - 00000000 ____D C:\WINDOWS\Inf
2016-03-15 10:58 - 2015-04-15 06:02 - 00000000 ____D C:\ProgramData\McAfee
2016-03-15 02:29 - 2013-08-22 05:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-15 01:47 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-15 01:41 - 2014-03-17 23:53 - 00956412 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-14 09:24 - 2015-04-15 06:02 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-03-14 09:23 - 2013-08-22 05:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-03-14 09:18 - 2015-04-15 06:02 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-03-14 09:17 - 2013-08-22 05:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-14 09:16 - 2015-04-15 05:44 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-14 09:11 - 2013-08-22 04:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-14 09:11 - 2013-08-22 04:44 - 00346712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-14 02:16 - 2014-04-02 13:51 - 00000000 ___DC C:\WINDOWS\Panther
2016-03-13 23:30 - 2013-08-22 03:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-13 23:26 - 2015-04-15 05:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-03-13 23:26 - 2014-09-02 05:41 - 00000000 ___HD C:\SYSTEM.SAV
2016-03-13 21:51 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\rescache
2016-03-13 21:45 - 2013-08-22 05:36 - 00000000 __RHD C:\Users\Public\Libraries
2016-03-13 21:44 - 2014-04-02 13:02 - 00000000 ____D C:\Users\Administrator
2016-03-13 21:25 - 2013-08-22 03:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-13 19:35 - 2013-08-22 05:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2016-03-04 19:49 - 2016-02-07 22:00 - 00000000 ____C C:\Recovery.txt

==================== Files in the root of some directories =======

2016-03-14 05:44 - 2016-03-09 03:56 - 2094080 _____ (BitTorrent Inc.) C:\Program Files\uTorrent.exe

Files to move or delete:
====================
C:\Users\Public\VOIP.dat

Some files in TEMP:
====================
C:\Users\darcie\AppData\Local\Temp\tmp2F3B.tmp.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-13 21:37

==================== End of FRST.txt ===========================


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

You posted the FRST log twice.  Do you have the addition.txt log?

 

 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post. (More Reply Options, Choose File, Open, Attach This File.)
 
 
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As,(to your desktop) Save.  (Note the file name) Open the file on your desktop and copy and paste the text to a reply.

  • 0






Similar Topics


Also tagged with one or more of these keywords: Malware fix, help please

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP