please help me erase some adware or malware off my system. It runs so slow and restarts and I cant do a thing.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by darcie (administrator) on DARCIE (15-03-2016 12:34:17)
Running from C:\Users\darcie\Desktop
Loaded Profiles: darcie (Available Profiles: darcie & Administrator)
Platform: Windows 8.1 Connected (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe
(Mozilla Corporation) C:\Users\darcie\Desktop\Tor Browser\Browser\firefox.exe
() C:\Users\darcie\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
(Apowersoft) C:\Users\darcie\OneDrive\Email attachments\Documents\Apowersoft\Video Download Capture\Video Download Capture.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-09-14] (Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\System32\DptfPolicyLpmServiceHelper.exe [111488 2014-09-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2855664 2014-09-05] (Synaptics Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [507192 2014-07-21] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [643064 2015-02-09] (McAfee, Inc.)
HKU\S-1-5-21-3037653533-231550682-2848119788-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILAE.EXE [297024 2014-11-20] (SEIKO EPSON CORPORATION)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-3037653533-231550682-2848119788-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-3037653533-231550682-2848119788-1001] => http=127.0.0.1:8888;https=127.0.0.1:8888
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{512591C3-D1E8-403E-AC52-15BB6B1CC090}: [DhcpNameServer] 209.18.47.62 209.18.47.61
ManualProxies: 1http=127.0.0.1:8888;https=127.0.0.1:8888
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3037653533-231550682-2848119788-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.com/
HKU\S-1-5-21-3037653533-231550682-2848119788-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {E3EB04AC-AA12-4D79-956F-E294556933DF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3037653533-231550682-2848119788-1001 -> {E3EB04AC-AA12-4D79-956F-E294556933DF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-02-27] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-02-27] (McAfee, Inc.)
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-03-14] [not signed]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 0017421457983105mcinstcleanup; C:\WINDOWS\TEMP\001742~1.EXE [851136 2014-08-08] (McAfee, Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [94936 2014-07-04] ()
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115656 2014-09-05] (Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-21] (Hewlett-Packard Company) [File not signed]
S2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [476984 2014-07-21] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-09-14] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-02-27] (McAfee, Inc.)
R3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe [422632 2015-01-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-02-27] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-09-14] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [220912 2014-09-05] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2014-09-05] (Intel Corporation)
S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2014-09-05] (Intel Corporation)
S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2014-09-05] (Intel Corporation)
S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2014-09-05] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2014-09-05] (Intel Corporation)
S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2014-09-05] (Intel Corporation)
S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2014-09-05] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2014-09-05] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-08-11] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-08-11] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2014-08-04] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
U3 mfehidk01; no ImagePath
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
U3 mfencbdc01; no ImagePath
U3 mfencbdc02; no ImagePath
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [578776 2014-08-05] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3560664 2014-09-05] (Realtek Semiconductor Corporation )
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2014-09-05] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-09-26] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [257880 2014-09-26] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-09-26] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-15 12:34 - 2016-03-15 12:36 - 00014503 _____ C:\Users\darcie\Desktop\FRST.txt
2016-03-15 12:32 - 2016-03-15 12:34 - 00000000 ___DC C:\FRST
2016-03-15 12:31 - 2016-03-15 12:32 - 02374144 _____ (Farbar) C:\Users\darcie\Desktop\FRST64.exe
2016-03-15 12:31 - 2016-03-15 12:31 - 02374144 _____ (Farbar) C:\Users\darcie\Desktop\FRST64.exe.h78e71q.partial
2016-03-15 11:15 - 2016-03-15 11:15 - 01387800 _____ C:\Users\Public\VOIP.dat
2016-03-15 11:12 - 2016-03-15 11:12 - 00001343 _____ C:\Users\Public\Desktop\Video Download Capture.lnk
2016-03-15 11:12 - 2016-03-15 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2016-03-15 11:12 - 2016-03-15 11:12 - 00000000 ____D C:\Program Files (x86)\Apowersoft
2016-03-15 11:12 - 2014-04-09 21:05 - 00031920 _____ (Wondershare) C:\WINDOWS\system32\Drivers\Apowersoft_AudioDevice.sys
2016-03-15 11:12 - 2014-04-09 20:50 - 00443568 ____H (Bytescout) C:\WINDOWS\SysWOW64\ApowersoftScreenCapturing.dll
2016-03-15 11:12 - 2014-04-09 20:50 - 00271536 ____H (Bytescout) C:\WINDOWS\SysWOW64\ApowersoftScreenCapturingFilter.dll
2016-03-15 11:12 - 2014-04-09 20:50 - 00181424 ____H (Bytescout) C:\WINDOWS\SysWOW64\ApowersoftVideoMixerFilter.dll
2016-03-14 23:39 - 2016-03-14 23:39 - 00003712 _____ C:\Users\darcie\Desktop\vlc-cache-gen.exe - Shortcut.lnk
2016-03-14 23:31 - 2016-03-14 23:34 - 00002013 _____ C:\Users\darcie\Desktop\vlc.exe - Shortcut.lnk
2016-03-14 09:24 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2016-03-14 09:20 - 2016-03-14 09:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2016-03-14 09:18 - 2016-03-14 17:10 - 00003348 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2016-03-14 09:18 - 2016-03-14 09:18 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-14 09:16 - 2016-03-15 12:36 - 00000000 ____D C:\Users\darcie\AppData\Roaming\hpqlog
2016-03-14 09:16 - 2016-03-14 09:16 - 00000000 ____D C:\Users\darcie\AppData\Local\Hewlett-Packard
2016-03-14 09:11 - 2016-03-14 09:11 - 00282184 _____ C:\WINDOWS\Minidump\031416-20468-01.dmp
2016-03-14 09:11 - 2016-03-14 09:11 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-14 05:44 - 2016-03-09 03:56 - 02094080 _____ (BitTorrent Inc.) C:\Program Files\uTorrent.exe
2016-03-14 05:29 - 2016-03-14 05:29 - 00090694 _____ C:\Users\darcie\Downloads\BKD-73612663835.pdf
2016-03-14 04:47 - 2016-03-14 04:47 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-03-14 04:25 - 2016-03-14 04:25 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2016-03-14 03:48 - 2016-03-14 23:45 - 00000000 ___DC C:\tmp
2016-03-14 03:39 - 2016-03-14 03:39 - 00000000 ___DC C:\FLAC To MP3
2016-03-14 03:39 - 2016-03-14 03:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLAC To MP3
2016-03-14 03:06 - 2016-03-14 23:42 - 00000000 ____D C:\Users\darcie\AppData\Roaming\vlc
2016-03-14 01:57 - 2016-03-14 01:57 - 00010319 _____ C:\Users\darcie\Downloads\hhth.jpeg
2016-03-14 01:56 - 2016-03-14 01:56 - 00007137 _____ C:\Users\darcie\Downloads\th.jhh..jpeg
2016-03-14 01:39 - 2016-03-14 01:39 - 00007949 _____ C:\Users\darcie\Downloads\tbbh.jpeg
2016-03-14 01:38 - 2016-03-14 01:38 - 00010181 _____ C:\Users\darcie\Downloads\th.jpeg
2016-03-14 01:28 - 2016-03-14 05:30 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\uTorrent
2016-03-14 01:27 - 2016-03-14 09:51 - 00002653 _____ C:\Users\darcie\Desktop\µTorrent.lnk
2016-03-14 01:27 - 2016-03-09 03:56 - 02094080 _____ (BitTorrent Inc.) C:\Users\darcie\Documents\uTorrent.exe
2016-03-14 01:25 - 2016-03-14 09:51 - 00000000 ____D C:\Users\darcie\AppData\Roaming\uTorrent
2016-03-14 00:50 - 2016-03-14 09:52 - 00001645 _____ C:\Users\darcie\Desktop\Start Tor Browser.lnk
2016-03-14 00:50 - 2016-03-14 00:50 - 00000813 _____ C:\Users\darcie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-03-14 00:26 - 2016-03-14 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2016-03-14 00:26 - 2016-03-14 00:26 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2016-03-13 23:34 - 2016-03-15 11:15 - 00000000 ____D C:\Users\darcie\AppData\Roaming\Apowersoft
2016-03-13 23:33 - 2016-03-15 10:54 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EB0A9D40-678D-4850-9FB4-B2EBEF518503}
2016-03-13 23:32 - 2016-03-15 11:17 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3037653533-231550682-2848119788-1001
2016-03-13 23:32 - 2016-03-13 23:32 - 00000000 __SHD C:\Users\darcie\AppData\Local\EmieUserList
2016-03-13 23:32 - 2016-03-13 23:32 - 00000000 __SHD C:\Users\darcie\AppData\Local\EmieSiteList
2016-03-13 23:29 - 2016-03-13 23:31 - 00000000 ____D C:\Users\darcie\AppData\Roaming\Hewlett-Packard
2016-03-13 23:29 - 2016-03-13 23:29 - 00004022 _____ C:\WINDOWS\System32\Tasks\HPGenoobeReminder
2016-03-13 23:29 - 2016-03-13 23:29 - 00000000 ____D C:\Users\darcie\AppData\Roaming\Macromedia
2016-03-13 23:27 - 2016-03-13 23:29 - 00000000 ____D C:\Users\darcie\AppData\Local\PackageStaging
2016-03-13 23:27 - 2016-03-13 23:27 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-03-13 23:26 - 2016-03-14 03:48 - 00000000 ____D C:\Users\darcie\AppData\Local\VirtualStore
2016-03-13 23:26 - 2016-03-13 23:26 - 00003562 _____ C:\WINDOWS\System32\Tasks\HPCheckDropBoxStatus
2016-03-13 23:26 - 2016-03-13 23:26 - 00001449 _____ C:\Users\darcie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-13 23:26 - 2016-03-13 23:26 - 00000184 _____ C:\WINDOWS\insFileSpec
2016-03-13 23:26 - 2016-03-13 23:26 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-03-13 23:26 - 2016-03-13 23:26 - 00000020 ___SH C:\Users\darcie\ntuser.ini
2016-03-13 23:26 - 2016-03-13 23:26 - 00000000 ____D C:\Users\darcie\AppData\Roaming\Synaptics
2016-03-13 23:26 - 2016-03-13 23:26 - 00000000 ____D C:\Users\darcie\AppData\Roaming\Adobe
2016-03-13 22:02 - 2016-03-15 12:02 - 00000933 _____ C:\WINDOWS\Tasks\EPSON XP-410 Series Update {99A0A2E9-8BA4-459F-856D-168F10C0C5C9}.job
2016-03-13 22:02 - 2016-03-15 12:02 - 00000747 _____ C:\WINDOWS\Tasks\EPSON XP-410 Series Invitation {99A0A2E9-8BA4-459F-856D-168F10C0C5C9}.job
2016-03-13 22:02 - 2016-03-13 22:02 - 00003964 _____ C:\WINDOWS\System32\Tasks\EPSON XP-410 Series Update {99A0A2E9-8BA4-459F-856D-168F10C0C5C9}
2016-03-13 22:02 - 2016-03-13 22:02 - 00003778 _____ C:\WINDOWS\System32\Tasks\EPSON XP-410 Series Invitation {99A0A2E9-8BA4-459F-856D-168F10C0C5C9}
2016-03-13 22:02 - 2016-03-13 22:02 - 00000000 ____D C:\Program Files\Common Files\EPSON
2016-03-13 22:01 - 2016-03-14 00:03 - 00000000 ____D C:\ProgramData\EPSON
2016-03-13 22:01 - 2014-11-20 16:05 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ILMBLAE.DLL
2016-03-13 22:01 - 2014-11-20 16:05 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ID4BLAE.DLL
2016-03-13 22:01 - 2014-11-20 16:05 - 00010752 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_GCINST.DLL
2016-03-13 21:49 - 2016-03-13 21:49 - 00001719 _____ C:\Users\Administrator\AppData\Local\Application.xml
2016-03-13 21:44 - 2016-03-14 09:12 - 00000000 ____D C:\Users\darcie
2016-03-13 21:44 - 2016-03-13 21:44 - 00000000 _SHDL C:\Users\darcie\My Documents
2016-03-13 21:44 - 2016-03-13 21:44 - 00000000 _SHDL C:\Users\darcie\Documents\My Videos
2016-03-13 21:44 - 2016-03-13 21:44 - 00000000 _SHDL C:\Users\darcie\Documents\My Pictures
2016-03-13 21:44 - 2016-03-13 21:44 - 00000000 _SHDL C:\Users\darcie\Documents\My Music
2016-03-13 21:44 - 2014-09-26 00:32 - 00000000 ___HD C:\Users\darcie\Documents\hp.system.package.metadata
2016-03-13 21:44 - 2014-03-17 23:54 - 00000369 _____ C:\Users\darcie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-03-13 21:44 - 2014-03-17 23:54 - 00000369 _____ C:\Users\darcie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-03-13 21:40 - 2016-03-13 21:49 - 00028578 _____ C:\WINDOWS\diagwrn.xml
2016-03-13 21:40 - 2016-03-13 21:49 - 00028578 _____ C:\WINDOWS\diagerr.xml
2016-03-13 21:39 - 2016-03-13 21:39 - 00002306 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3037653533-231550682-2848119788-500
2016-03-13 19:35 - 2016-03-14 04:38 - 00000000 ___DC C:\Windows.old
2016-03-13 19:34 - 2016-03-13 19:34 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2016-03-13 16:07 - 2016-03-14 00:56 - 00000000 ____D C:\Users\darcie\Desktop\Tor Browser
2016-03-13 04:17 - 2016-03-14 23:36 - 00000000 ____D C:\Users\darcie\Desktop\Piano
2016-03-10 14:55 - 2015-10-29 22:08 - 00270452 ____C C:\wow64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.10586.0_none_682f78cb7d9e12d9_msvcrt.dll_ee71f3d5
2016-03-10 14:55 - 2015-10-29 22:08 - 00246050 ____C C:\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.10586.0_none_5ddace79493d50de_msvcrt.dll_ee71f3d5
2016-03-10 14:55 - 2015-10-29 21:19 - 00993632 ____C (Microsoft Corporation) C:\msvcr120_clr0400.dll
2016-03-10 14:55 - 2015-10-29 21:19 - 00018600 ____C (Microsoft Corporation) C:\msvcr100_clr0400.dll
2016-03-10 14:55 - 2015-10-29 21:18 - 00633760 ____C (Microsoft Corporation) C:\msvcrt.dll
2016-03-10 14:55 - 2015-10-29 21:18 - 00253952 ____C (Microsoft Corporation) C:\msvcrt20.dll
2016-03-10 14:55 - 2015-10-29 21:18 - 00061440 ____C (Microsoft Corporation) C:\msvcrt40.dll
2016-03-10 14:55 - 2015-10-29 21:17 - 00796672 ____C (Microsoft Corporation) C:\msvcr80.dll
2016-03-10 14:55 - 2015-10-29 21:15 - 00000316 ____C C:\x86_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.0_none_8eeac119b03cc442.manifest
2016-03-10 14:55 - 2015-10-29 21:15 - 00000280 ____C C:\x86_netfx4-msvcr100_clr_dll_31bf3856ad364e35_4.0.10586.0_none_8a7decf5338e5d60.manifest
2016-03-10 14:55 - 2015-10-29 21:14 - 00000321 ____C C:\amd64_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.0_none_eb095c9d689a3578.manifest
2016-03-10 14:55 - 2015-10-29 21:14 - 00000285 ____C C:\amd64_netfx4-msvcr100_clr_dll_31bf3856ad364e35_4.0.10586.0_none_e69c8878ebebce96.manifest
2016-03-10 14:55 - 2015-10-29 21:13 - 00000251 ____C C:\wow64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.10586.0_none_682f78cb7d9e12d9.manifest
2016-03-10 14:55 - 2015-10-29 21:13 - 00000247 ____C C:\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.10586.0_none_5ddace79493d50de.manifest
2016-03-10 14:55 - 2015-10-29 21:13 - 00000213 ____C C:\x86_microsoft-windows-msvcrt20_31bf3856ad364e35_10.0.10586.0_none_1e8ad94462cbbbb6.manifest
2016-03-10 14:55 - 2015-10-29 21:13 - 00000188 ____C C:\x86_microsoft-windows-msvcrt40_31bf3856ad364e35_10.0.10586.0_none_1f6de7a06239c4c4.manifest
2016-03-10 14:55 - 2015-10-29 21:13 - 00000063 ____C C:\amd64_microsoft-windows-msvcrt40_31bf3856ad364e35_10.0.10586.0_none_7b8c83241a9735fa.manifest
2016-03-10 14:55 - 2008-07-28 21:05 - 00655872 ____C (Microsoft Corporation) C:\msvcr90.dll
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\x86_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.35_none_a28d102712c933ac
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\x86_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.0_none_8eeac119b03cc442
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\x86_netfx4-msvcr100_clr_dll_31bf3856ad364e35_4.0.10586.0_none_8a7decf5338e5d60
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\x86_microsoft-windows-msvcrt40_31bf3856ad364e35_10.0.10586.0_none_1f6de7a06239c4c4
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\x86_microsoft-windows-msvcrt20_31bf3856ad364e35_10.0.10586.0_none_1e8ad94462cbbbb6
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\wow64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.10586.0_none_682f78cb7d9e12d9
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\amd64_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.35_none_feababaacb26a4e2
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\amd64_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.0_none_eb095c9d689a3578
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\amd64_netfx4-msvcr100_clr_dll_31bf3856ad364e35_4.0.10586.0_none_e69c8878ebebce96
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.10586.0_none_5ddace79493d50de
2016-03-10 14:54 - 2015-12-17 16:13 - 00000323 ____C C:\amd64_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.35_none_feababaacb26a4e2.manifest
2016-03-10 14:54 - 2015-12-17 16:13 - 00000319 ____C C:\x86_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.35_none_a28d102712c933ac.manifest
2016-03-09 03:55 - 2016-03-09 03:56 - 02094080 _____ (BitTorrent Inc.) C:\Users\darcie\Downloads\uTorrent(btkey,https^3A^2F^2Futp.st^2FfAAjozWm) (1).exe
2016-03-06 09:36 - 2016-03-06 09:36 - 00029358 _____ C:\Users\darcie\Downloads\stargazingintheparks (1).pdf
2016-03-04 22:37 - 2016-03-04 22:42 - 00002004 _____ C:\Users\darcie\Desktop\Narrator (2).lnk
2016-03-04 22:04 - 2016-03-14 04:36 - 00000000 __HDC C:\$SysReset
2016-03-04 21:38 - 2016-03-04 21:38 - 00000030 ____H C:\Users\darcie\Desktop\.ceid
2016-03-04 21:31 - 2016-03-04 21:31 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\Company
2016-03-04 21:31 - 2016-03-04 21:31 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-03-04 21:31 - 2016-03-04 21:31 - 00000000 ____D C:\uninst
2016-03-04 05:10 - 2016-03-04 21:22 - 00000000 ___HD C:\Users\darcie\Downloads\.cedata
2016-03-04 05:10 - 2016-03-04 05:10 - 00000030 ____H C:\Users\darcie\Downloads\.ceid
2016-03-04 05:09 - 2016-03-11 14:39 - 00000000 ___HD C:\Users\darcie\Documents\.cedata
2016-03-04 05:09 - 2016-03-11 14:39 - 00000000 ___HD C:\Users\darcie\Desktop\.cedata
2016-03-04 05:09 - 2016-03-04 05:09 - 00000030 ____H C:\Users\darcie\Documents\.ceid
2016-03-04 04:48 - 2016-03-04 04:48 - 01358434 _____ C:\Users\darcie\Downloads\toshiba_pogoplug_pc_guide.pdf
2016-03-04 03:55 - 2016-03-08 00:05 - 00000000 ____D C:\Users\darcie\Downloads\Icons
2016-03-01 10:38 - 2015-07-19 20:50 - 00000343 ____R C:\Users\darcie\Desktop\Install Notes.txt
2016-03-01 10:26 - 2016-03-13 23:37 - 00000000 ____D C:\Users\darcie\Documents\Video Download Capture
2016-02-29 16:36 - 2016-02-29 16:36 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\Google
2016-02-25 02:37 - 2016-03-03 12:02 - 00000000 ____D C:\Users\darcie\VLC
2016-02-24 13:27 - 2016-02-24 13:35 - 00000224 _____ C:\Users\darcie\Desktop\Dropbox Website.URL
2016-02-23 18:35 - 2016-02-23 18:35 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\Sun
2016-02-23 18:35 - 2016-02-23 18:35 - 00000000 ____D C:\Users\darcie\.oracle_jre_usage
2016-02-23 17:58 - 2016-02-26 02:03 - 00034816 ___SH C:\Users\darcie\Documents\Thumbs.db
2016-02-23 17:29 - 2016-02-23 17:29 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\Oracle
2016-02-22 23:14 - 2016-03-04 18:54 - 00424448 ___SH C:\Users\darcie\Downloads\Thumbs.db
2016-02-22 18:17 - 2016-03-13 04:30 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\Adblock Plus for IE
2016-02-22 18:11 - 2016-03-13 23:32 - 00000000 __SHD C:\Users\darcie\AppData\LocalLow\EmieUserList
2016-02-22 18:11 - 2016-03-13 23:32 - 00000000 __SHD C:\Users\darcie\AppData\LocalLow\EmieSiteList
2016-02-22 18:03 - 2016-03-14 09:13 - 00000000 ___DO C:\Users\darcie\OneDrive
2016-02-22 17:58 - 2016-03-14 00:44 - 00000000 ____D C:\Users\darcie\AppData\Local\Packages
2016-02-22 17:58 - 2016-02-22 20:54 - 00000000 __SHD C:\Users\darcie\IntelGraphicsProfiles
2016-02-22 17:57 - 2014-09-26 00:32 - 00000000 ___HD C:\Users\darcie\Documents\hp.applications.package.appdata
2016-02-22 17:54 - 2016-02-22 17:59 - 00000000 __RHD C:\Users\Public\AccountPictures
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-15 12:37 - 2015-04-15 05:32 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-03-15 12:02 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-03-15 11:13 - 2013-08-22 03:36 - 00000000 ____D C:\WINDOWS\Inf
2016-03-15 10:58 - 2015-04-15 06:02 - 00000000 ____D C:\ProgramData\McAfee
2016-03-15 02:29 - 2013-08-22 05:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-15 01:47 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-15 01:41 - 2014-03-17 23:53 - 00956412 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-14 09:24 - 2015-04-15 06:02 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-03-14 09:23 - 2013-08-22 05:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-03-14 09:18 - 2015-04-15 06:02 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-03-14 09:17 - 2013-08-22 05:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-14 09:16 - 2015-04-15 05:44 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-14 09:11 - 2013-08-22 04:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-14 09:11 - 2013-08-22 04:44 - 00346712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-14 02:16 - 2014-04-02 13:51 - 00000000 ___DC C:\WINDOWS\Panther
2016-03-13 23:30 - 2013-08-22 03:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-13 23:26 - 2015-04-15 05:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-03-13 23:26 - 2014-09-02 05:41 - 00000000 ___HD C:\SYSTEM.SAV
2016-03-13 21:51 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\rescache
2016-03-13 21:45 - 2013-08-22 05:36 - 00000000 __RHD C:\Users\Public\Libraries
2016-03-13 21:44 - 2014-04-02 13:02 - 00000000 ____D C:\Users\Administrator
2016-03-13 21:25 - 2013-08-22 03:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-13 19:35 - 2013-08-22 05:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2016-03-04 19:49 - 2016-02-07 22:00 - 00000000 ____C C:\Recovery.txt
==================== Files in the root of some directories =======
2016-03-14 05:44 - 2016-03-09 03:56 - 2094080 _____ (BitTorrent Inc.) C:\Program Files\uTorrent.exe
Files to move or delete:
====================
C:\Users\Public\VOIP.dat
Some files in TEMP:
====================
C:\Users\darcie\AppData\Local\Temp\tmp2F3B.tmp.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-03-13 21:37
==================== End of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by darcie (administrator) on DARCIE (15-03-2016 12:34:17)
Running from C:\Users\darcie\Desktop
Loaded Profiles: darcie (Available Profiles: darcie & Administrator)
Platform: Windows 8.1 Connected (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe
(Mozilla Corporation) C:\Users\darcie\Desktop\Tor Browser\Browser\firefox.exe
() C:\Users\darcie\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
(Apowersoft) C:\Users\darcie\OneDrive\Email attachments\Documents\Apowersoft\Video Download Capture\Video Download Capture.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-09-14] (Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\System32\DptfPolicyLpmServiceHelper.exe [111488 2014-09-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2855664 2014-09-05] (Synaptics Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [507192 2014-07-21] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [643064 2015-02-09] (McAfee, Inc.)
HKU\S-1-5-21-3037653533-231550682-2848119788-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILAE.EXE [297024 2014-11-20] (SEIKO EPSON CORPORATION)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-3037653533-231550682-2848119788-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-3037653533-231550682-2848119788-1001] => http=127.0.0.1:8888;https=127.0.0.1:8888
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{512591C3-D1E8-403E-AC52-15BB6B1CC090}: [DhcpNameServer] 209.18.47.62 209.18.47.61
ManualProxies: 1http=127.0.0.1:8888;https=127.0.0.1:8888
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3037653533-231550682-2848119788-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.com/
HKU\S-1-5-21-3037653533-231550682-2848119788-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {E3EB04AC-AA12-4D79-956F-E294556933DF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3037653533-231550682-2848119788-1001 -> {E3EB04AC-AA12-4D79-956F-E294556933DF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-02-27] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-02-27] (McAfee, Inc.)
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-03-14] [not signed]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 0017421457983105mcinstcleanup; C:\WINDOWS\TEMP\001742~1.EXE [851136 2014-08-08] (McAfee, Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [94936 2014-07-04] ()
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115656 2014-09-05] (Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-21] (Hewlett-Packard Company) [File not signed]
S2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [476984 2014-07-21] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-09-14] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-02-27] (McAfee, Inc.)
R3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe [422632 2015-01-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-02-27] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-09-14] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [220912 2014-09-05] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2014-09-05] (Intel Corporation)
S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2014-09-05] (Intel Corporation)
S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2014-09-05] (Intel Corporation)
S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2014-09-05] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2014-09-05] (Intel Corporation)
S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2014-09-05] (Intel Corporation)
S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2014-09-05] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2014-09-05] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-08-11] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-08-11] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2014-08-04] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
U3 mfehidk01; no ImagePath
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
U3 mfencbdc01; no ImagePath
U3 mfencbdc02; no ImagePath
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [578776 2014-08-05] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3560664 2014-09-05] (Realtek Semiconductor Corporation )
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2014-09-05] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-09-26] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [257880 2014-09-26] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-09-26] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-15 12:34 - 2016-03-15 12:36 - 00014503 _____ C:\Users\darcie\Desktop\FRST.txt
2016-03-15 12:32 - 2016-03-15 12:34 - 00000000 ___DC C:\FRST
2016-03-15 12:31 - 2016-03-15 12:32 - 02374144 _____ (Farbar) C:\Users\darcie\Desktop\FRST64.exe
2016-03-15 12:31 - 2016-03-15 12:31 - 02374144 _____ (Farbar) C:\Users\darcie\Desktop\FRST64.exe.h78e71q.partial
2016-03-15 11:15 - 2016-03-15 11:15 - 01387800 _____ C:\Users\Public\VOIP.dat
2016-03-15 11:12 - 2016-03-15 11:12 - 00001343 _____ C:\Users\Public\Desktop\Video Download Capture.lnk
2016-03-15 11:12 - 2016-03-15 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2016-03-15 11:12 - 2016-03-15 11:12 - 00000000 ____D C:\Program Files (x86)\Apowersoft
2016-03-15 11:12 - 2014-04-09 21:05 - 00031920 _____ (Wondershare) C:\WINDOWS\system32\Drivers\Apowersoft_AudioDevice.sys
2016-03-15 11:12 - 2014-04-09 20:50 - 00443568 ____H (Bytescout) C:\WINDOWS\SysWOW64\ApowersoftScreenCapturing.dll
2016-03-15 11:12 - 2014-04-09 20:50 - 00271536 ____H (Bytescout) C:\WINDOWS\SysWOW64\ApowersoftScreenCapturingFilter.dll
2016-03-15 11:12 - 2014-04-09 20:50 - 00181424 ____H (Bytescout) C:\WINDOWS\SysWOW64\ApowersoftVideoMixerFilter.dll
2016-03-14 23:39 - 2016-03-14 23:39 - 00003712 _____ C:\Users\darcie\Desktop\vlc-cache-gen.exe - Shortcut.lnk
2016-03-14 23:31 - 2016-03-14 23:34 - 00002013 _____ C:\Users\darcie\Desktop\vlc.exe - Shortcut.lnk
2016-03-14 09:24 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2016-03-14 09:20 - 2016-03-14 09:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2016-03-14 09:18 - 2016-03-14 17:10 - 00003348 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2016-03-14 09:18 - 2016-03-14 09:18 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-14 09:16 - 2016-03-15 12:36 - 00000000 ____D C:\Users\darcie\AppData\Roaming\hpqlog
2016-03-14 09:16 - 2016-03-14 09:16 - 00000000 ____D C:\Users\darcie\AppData\Local\Hewlett-Packard
2016-03-14 09:11 - 2016-03-14 09:11 - 00282184 _____ C:\WINDOWS\Minidump\031416-20468-01.dmp
2016-03-14 09:11 - 2016-03-14 09:11 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-14 05:44 - 2016-03-09 03:56 - 02094080 _____ (BitTorrent Inc.) C:\Program Files\uTorrent.exe
2016-03-14 05:29 - 2016-03-14 05:29 - 00090694 _____ C:\Users\darcie\Downloads\BKD-73612663835.pdf
2016-03-14 04:47 - 2016-03-14 04:47 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-03-14 04:25 - 2016-03-14 04:25 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2016-03-14 03:48 - 2016-03-14 23:45 - 00000000 ___DC C:\tmp
2016-03-14 03:39 - 2016-03-14 03:39 - 00000000 ___DC C:\FLAC To MP3
2016-03-14 03:39 - 2016-03-14 03:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLAC To MP3
2016-03-14 03:06 - 2016-03-14 23:42 - 00000000 ____D C:\Users\darcie\AppData\Roaming\vlc
2016-03-14 01:57 - 2016-03-14 01:57 - 00010319 _____ C:\Users\darcie\Downloads\hhth.jpeg
2016-03-14 01:56 - 2016-03-14 01:56 - 00007137 _____ C:\Users\darcie\Downloads\th.jhh..jpeg
2016-03-14 01:39 - 2016-03-14 01:39 - 00007949 _____ C:\Users\darcie\Downloads\tbbh.jpeg
2016-03-14 01:38 - 2016-03-14 01:38 - 00010181 _____ C:\Users\darcie\Downloads\th.jpeg
2016-03-14 01:28 - 2016-03-14 05:30 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\uTorrent
2016-03-14 01:27 - 2016-03-14 09:51 - 00002653 _____ C:\Users\darcie\Desktop\µTorrent.lnk
2016-03-14 01:27 - 2016-03-09 03:56 - 02094080 _____ (BitTorrent Inc.) C:\Users\darcie\Documents\uTorrent.exe
2016-03-14 01:25 - 2016-03-14 09:51 - 00000000 ____D C:\Users\darcie\AppData\Roaming\uTorrent
2016-03-14 00:50 - 2016-03-14 09:52 - 00001645 _____ C:\Users\darcie\Desktop\Start Tor Browser.lnk
2016-03-14 00:50 - 2016-03-14 00:50 - 00000813 _____ C:\Users\darcie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-03-14 00:26 - 2016-03-14 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2016-03-14 00:26 - 2016-03-14 00:26 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2016-03-13 23:34 - 2016-03-15 11:15 - 00000000 ____D C:\Users\darcie\AppData\Roaming\Apowersoft
2016-03-13 23:33 - 2016-03-15 10:54 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EB0A9D40-678D-4850-9FB4-B2EBEF518503}
2016-03-13 23:32 - 2016-03-15 11:17 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3037653533-231550682-2848119788-1001
2016-03-13 23:32 - 2016-03-13 23:32 - 00000000 __SHD C:\Users\darcie\AppData\Local\EmieUserList
2016-03-13 23:32 - 2016-03-13 23:32 - 00000000 __SHD C:\Users\darcie\AppData\Local\EmieSiteList
2016-03-13 23:29 - 2016-03-13 23:31 - 00000000 ____D C:\Users\darcie\AppData\Roaming\Hewlett-Packard
2016-03-13 23:29 - 2016-03-13 23:29 - 00004022 _____ C:\WINDOWS\System32\Tasks\HPGenoobeReminder
2016-03-13 23:29 - 2016-03-13 23:29 - 00000000 ____D C:\Users\darcie\AppData\Roaming\Macromedia
2016-03-13 23:27 - 2016-03-13 23:29 - 00000000 ____D C:\Users\darcie\AppData\Local\PackageStaging
2016-03-13 23:27 - 2016-03-13 23:27 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-03-13 23:26 - 2016-03-14 03:48 - 00000000 ____D C:\Users\darcie\AppData\Local\VirtualStore
2016-03-13 23:26 - 2016-03-13 23:26 - 00003562 _____ C:\WINDOWS\System32\Tasks\HPCheckDropBoxStatus
2016-03-13 23:26 - 2016-03-13 23:26 - 00001449 _____ C:\Users\darcie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-13 23:26 - 2016-03-13 23:26 - 00000184 _____ C:\WINDOWS\insFileSpec
2016-03-13 23:26 - 2016-03-13 23:26 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-03-13 23:26 - 2016-03-13 23:26 - 00000020 ___SH C:\Users\darcie\ntuser.ini
2016-03-13 23:26 - 2016-03-13 23:26 - 00000000 ____D C:\Users\darcie\AppData\Roaming\Synaptics
2016-03-13 23:26 - 2016-03-13 23:26 - 00000000 ____D C:\Users\darcie\AppData\Roaming\Adobe
2016-03-13 22:02 - 2016-03-15 12:02 - 00000933 _____ C:\WINDOWS\Tasks\EPSON XP-410 Series Update {99A0A2E9-8BA4-459F-856D-168F10C0C5C9}.job
2016-03-13 22:02 - 2016-03-15 12:02 - 00000747 _____ C:\WINDOWS\Tasks\EPSON XP-410 Series Invitation {99A0A2E9-8BA4-459F-856D-168F10C0C5C9}.job
2016-03-13 22:02 - 2016-03-13 22:02 - 00003964 _____ C:\WINDOWS\System32\Tasks\EPSON XP-410 Series Update {99A0A2E9-8BA4-459F-856D-168F10C0C5C9}
2016-03-13 22:02 - 2016-03-13 22:02 - 00003778 _____ C:\WINDOWS\System32\Tasks\EPSON XP-410 Series Invitation {99A0A2E9-8BA4-459F-856D-168F10C0C5C9}
2016-03-13 22:02 - 2016-03-13 22:02 - 00000000 ____D C:\Program Files\Common Files\EPSON
2016-03-13 22:01 - 2016-03-14 00:03 - 00000000 ____D C:\ProgramData\EPSON
2016-03-13 22:01 - 2014-11-20 16:05 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ILMBLAE.DLL
2016-03-13 22:01 - 2014-11-20 16:05 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ID4BLAE.DLL
2016-03-13 22:01 - 2014-11-20 16:05 - 00010752 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_GCINST.DLL
2016-03-13 21:49 - 2016-03-13 21:49 - 00001719 _____ C:\Users\Administrator\AppData\Local\Application.xml
2016-03-13 21:44 - 2016-03-14 09:12 - 00000000 ____D C:\Users\darcie
2016-03-13 21:44 - 2016-03-13 21:44 - 00000000 _SHDL C:\Users\darcie\My Documents
2016-03-13 21:44 - 2016-03-13 21:44 - 00000000 _SHDL C:\Users\darcie\Documents\My Videos
2016-03-13 21:44 - 2016-03-13 21:44 - 00000000 _SHDL C:\Users\darcie\Documents\My Pictures
2016-03-13 21:44 - 2016-03-13 21:44 - 00000000 _SHDL C:\Users\darcie\Documents\My Music
2016-03-13 21:44 - 2014-09-26 00:32 - 00000000 ___HD C:\Users\darcie\Documents\hp.system.package.metadata
2016-03-13 21:44 - 2014-03-17 23:54 - 00000369 _____ C:\Users\darcie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-03-13 21:44 - 2014-03-17 23:54 - 00000369 _____ C:\Users\darcie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-03-13 21:40 - 2016-03-13 21:49 - 00028578 _____ C:\WINDOWS\diagwrn.xml
2016-03-13 21:40 - 2016-03-13 21:49 - 00028578 _____ C:\WINDOWS\diagerr.xml
2016-03-13 21:39 - 2016-03-13 21:39 - 00002306 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3037653533-231550682-2848119788-500
2016-03-13 19:35 - 2016-03-14 04:38 - 00000000 ___DC C:\Windows.old
2016-03-13 19:34 - 2016-03-13 19:34 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2016-03-13 16:07 - 2016-03-14 00:56 - 00000000 ____D C:\Users\darcie\Desktop\Tor Browser
2016-03-13 04:17 - 2016-03-14 23:36 - 00000000 ____D C:\Users\darcie\Desktop\Piano
2016-03-10 14:55 - 2015-10-29 22:08 - 00270452 ____C C:\wow64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.10586.0_none_682f78cb7d9e12d9_msvcrt.dll_ee71f3d5
2016-03-10 14:55 - 2015-10-29 22:08 - 00246050 ____C C:\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.10586.0_none_5ddace79493d50de_msvcrt.dll_ee71f3d5
2016-03-10 14:55 - 2015-10-29 21:19 - 00993632 ____C (Microsoft Corporation) C:\msvcr120_clr0400.dll
2016-03-10 14:55 - 2015-10-29 21:19 - 00018600 ____C (Microsoft Corporation) C:\msvcr100_clr0400.dll
2016-03-10 14:55 - 2015-10-29 21:18 - 00633760 ____C (Microsoft Corporation) C:\msvcrt.dll
2016-03-10 14:55 - 2015-10-29 21:18 - 00253952 ____C (Microsoft Corporation) C:\msvcrt20.dll
2016-03-10 14:55 - 2015-10-29 21:18 - 00061440 ____C (Microsoft Corporation) C:\msvcrt40.dll
2016-03-10 14:55 - 2015-10-29 21:17 - 00796672 ____C (Microsoft Corporation) C:\msvcr80.dll
2016-03-10 14:55 - 2015-10-29 21:15 - 00000316 ____C C:\x86_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.0_none_8eeac119b03cc442.manifest
2016-03-10 14:55 - 2015-10-29 21:15 - 00000280 ____C C:\x86_netfx4-msvcr100_clr_dll_31bf3856ad364e35_4.0.10586.0_none_8a7decf5338e5d60.manifest
2016-03-10 14:55 - 2015-10-29 21:14 - 00000321 ____C C:\amd64_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.0_none_eb095c9d689a3578.manifest
2016-03-10 14:55 - 2015-10-29 21:14 - 00000285 ____C C:\amd64_netfx4-msvcr100_clr_dll_31bf3856ad364e35_4.0.10586.0_none_e69c8878ebebce96.manifest
2016-03-10 14:55 - 2015-10-29 21:13 - 00000251 ____C C:\wow64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.10586.0_none_682f78cb7d9e12d9.manifest
2016-03-10 14:55 - 2015-10-29 21:13 - 00000247 ____C C:\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.10586.0_none_5ddace79493d50de.manifest
2016-03-10 14:55 - 2015-10-29 21:13 - 00000213 ____C C:\x86_microsoft-windows-msvcrt20_31bf3856ad364e35_10.0.10586.0_none_1e8ad94462cbbbb6.manifest
2016-03-10 14:55 - 2015-10-29 21:13 - 00000188 ____C C:\x86_microsoft-windows-msvcrt40_31bf3856ad364e35_10.0.10586.0_none_1f6de7a06239c4c4.manifest
2016-03-10 14:55 - 2015-10-29 21:13 - 00000063 ____C C:\amd64_microsoft-windows-msvcrt40_31bf3856ad364e35_10.0.10586.0_none_7b8c83241a9735fa.manifest
2016-03-10 14:55 - 2008-07-28 21:05 - 00655872 ____C (Microsoft Corporation) C:\msvcr90.dll
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\x86_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.35_none_a28d102712c933ac
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\x86_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.0_none_8eeac119b03cc442
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\x86_netfx4-msvcr100_clr_dll_31bf3856ad364e35_4.0.10586.0_none_8a7decf5338e5d60
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\x86_microsoft-windows-msvcrt40_31bf3856ad364e35_10.0.10586.0_none_1f6de7a06239c4c4
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\x86_microsoft-windows-msvcrt20_31bf3856ad364e35_10.0.10586.0_none_1e8ad94462cbbbb6
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\wow64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.10586.0_none_682f78cb7d9e12d9
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\amd64_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.35_none_feababaacb26a4e2
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\amd64_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.0_none_eb095c9d689a3578
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\amd64_netfx4-msvcr100_clr_dll_31bf3856ad364e35_4.0.10586.0_none_e69c8878ebebce96
2016-03-10 14:54 - 2016-03-10 14:54 - 00000000 ___DC C:\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.10586.0_none_5ddace79493d50de
2016-03-10 14:54 - 2015-12-17 16:13 - 00000323 ____C C:\amd64_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.35_none_feababaacb26a4e2.manifest
2016-03-10 14:54 - 2015-12-17 16:13 - 00000319 ____C C:\x86_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.10586.35_none_a28d102712c933ac.manifest
2016-03-09 03:55 - 2016-03-09 03:56 - 02094080 _____ (BitTorrent Inc.) C:\Users\darcie\Downloads\uTorrent(btkey,https^3A^2F^2Futp.st^2FfAAjozWm) (1).exe
2016-03-06 09:36 - 2016-03-06 09:36 - 00029358 _____ C:\Users\darcie\Downloads\stargazingintheparks (1).pdf
2016-03-04 22:37 - 2016-03-04 22:42 - 00002004 _____ C:\Users\darcie\Desktop\Narrator (2).lnk
2016-03-04 22:04 - 2016-03-14 04:36 - 00000000 __HDC C:\$SysReset
2016-03-04 21:38 - 2016-03-04 21:38 - 00000030 ____H C:\Users\darcie\Desktop\.ceid
2016-03-04 21:31 - 2016-03-04 21:31 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\Company
2016-03-04 21:31 - 2016-03-04 21:31 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-03-04 21:31 - 2016-03-04 21:31 - 00000000 ____D C:\uninst
2016-03-04 05:10 - 2016-03-04 21:22 - 00000000 ___HD C:\Users\darcie\Downloads\.cedata
2016-03-04 05:10 - 2016-03-04 05:10 - 00000030 ____H C:\Users\darcie\Downloads\.ceid
2016-03-04 05:09 - 2016-03-11 14:39 - 00000000 ___HD C:\Users\darcie\Documents\.cedata
2016-03-04 05:09 - 2016-03-11 14:39 - 00000000 ___HD C:\Users\darcie\Desktop\.cedata
2016-03-04 05:09 - 2016-03-04 05:09 - 00000030 ____H C:\Users\darcie\Documents\.ceid
2016-03-04 04:48 - 2016-03-04 04:48 - 01358434 _____ C:\Users\darcie\Downloads\toshiba_pogoplug_pc_guide.pdf
2016-03-04 03:55 - 2016-03-08 00:05 - 00000000 ____D C:\Users\darcie\Downloads\Icons
2016-03-01 10:38 - 2015-07-19 20:50 - 00000343 ____R C:\Users\darcie\Desktop\Install Notes.txt
2016-03-01 10:26 - 2016-03-13 23:37 - 00000000 ____D C:\Users\darcie\Documents\Video Download Capture
2016-02-29 16:36 - 2016-02-29 16:36 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\Google
2016-02-25 02:37 - 2016-03-03 12:02 - 00000000 ____D C:\Users\darcie\VLC
2016-02-24 13:27 - 2016-02-24 13:35 - 00000224 _____ C:\Users\darcie\Desktop\Dropbox Website.URL
2016-02-23 18:35 - 2016-02-23 18:35 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\Sun
2016-02-23 18:35 - 2016-02-23 18:35 - 00000000 ____D C:\Users\darcie\.oracle_jre_usage
2016-02-23 17:58 - 2016-02-26 02:03 - 00034816 ___SH C:\Users\darcie\Documents\Thumbs.db
2016-02-23 17:29 - 2016-02-23 17:29 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\Oracle
2016-02-22 23:14 - 2016-03-04 18:54 - 00424448 ___SH C:\Users\darcie\Downloads\Thumbs.db
2016-02-22 18:17 - 2016-03-13 04:30 - 00000000 ____D C:\Users\darcie\AppData\LocalLow\Adblock Plus for IE
2016-02-22 18:11 - 2016-03-13 23:32 - 00000000 __SHD C:\Users\darcie\AppData\LocalLow\EmieUserList
2016-02-22 18:11 - 2016-03-13 23:32 - 00000000 __SHD C:\Users\darcie\AppData\LocalLow\EmieSiteList
2016-02-22 18:03 - 2016-03-14 09:13 - 00000000 ___DO C:\Users\darcie\OneDrive
2016-02-22 17:58 - 2016-03-14 00:44 - 00000000 ____D C:\Users\darcie\AppData\Local\Packages
2016-02-22 17:58 - 2016-02-22 20:54 - 00000000 __SHD C:\Users\darcie\IntelGraphicsProfiles
2016-02-22 17:57 - 2014-09-26 00:32 - 00000000 ___HD C:\Users\darcie\Documents\hp.applications.package.appdata
2016-02-22 17:54 - 2016-02-22 17:59 - 00000000 __RHD C:\Users\Public\AccountPictures
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-15 12:37 - 2015-04-15 05:32 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-03-15 12:02 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-03-15 11:13 - 2013-08-22 03:36 - 00000000 ____D C:\WINDOWS\Inf
2016-03-15 10:58 - 2015-04-15 06:02 - 00000000 ____D C:\ProgramData\McAfee
2016-03-15 02:29 - 2013-08-22 05:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-15 01:47 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-15 01:41 - 2014-03-17 23:53 - 00956412 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-14 09:24 - 2015-04-15 06:02 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-03-14 09:23 - 2013-08-22 05:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-03-14 09:18 - 2015-04-15 06:02 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-03-14 09:17 - 2013-08-22 05:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-14 09:16 - 2015-04-15 05:44 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-14 09:11 - 2013-08-22 04:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-14 09:11 - 2013-08-22 04:44 - 00346712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-14 02:16 - 2014-04-02 13:51 - 00000000 ___DC C:\WINDOWS\Panther
2016-03-13 23:30 - 2013-08-22 03:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-13 23:26 - 2015-04-15 05:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-03-13 23:26 - 2014-09-02 05:41 - 00000000 ___HD C:\SYSTEM.SAV
2016-03-13 21:51 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\rescache
2016-03-13 21:45 - 2013-08-22 05:36 - 00000000 __RHD C:\Users\Public\Libraries
2016-03-13 21:44 - 2014-04-02 13:02 - 00000000 ____D C:\Users\Administrator
2016-03-13 21:25 - 2013-08-22 03:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-13 19:35 - 2013-08-22 05:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2016-03-04 19:49 - 2016-02-07 22:00 - 00000000 ____C C:\Recovery.txt
==================== Files in the root of some directories =======
2016-03-14 05:44 - 2016-03-09 03:56 - 2094080 _____ (BitTorrent Inc.) C:\Program Files\uTorrent.exe
Files to move or delete:
====================
C:\Users\Public\VOIP.dat
Some files in TEMP:
====================
C:\Users\darcie\AppData\Local\Temp\tmp2F3B.tmp.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-03-13 21:37
==================== End of FRST.txt ===========================