CreateRestorePoint: () C:\Program Files (x86)\indexes\tenths.exe () C:\Program Files (x86)\freaky\glenlivet.exe HKLM\...\Run: [alimony] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] () HKLM-x32\...\Run: [tannic] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] () HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [lstrmn] => rundll32.exe "C:\Users\brushmore\AppData\Local\lstrmn.dll",lstrmn <===== ATTENTION HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [environment] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] () HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [gaddi] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] () HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [tenths] => C:\Program Files (x86)\indexes\tenths.exe [36732 2016-04-27] () HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [iden] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] () HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [Buzzing Dhol.exe] => C:\WINDOWS\system32\Buzzing Dhol.exe Startup: C:\Users\brushmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\boughs.lnk [2016-04-27] ShortcutTarget: boughs.lnk -> C:\Program Files (x86)\freaky\glenlivet.exe () CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={7EED87F7-DE91-11E2-A42C-7071BC899902} SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={7EED87F7-DE91-11E2-A42C-7071BC899902} SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {BBFF1E0C-DD2A-4934-9DC9-031DD3573DE2} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=78199393-8436-4250-9016-05051E037B7C&apn_sauid=9EE7FF5E-0237-42A0-9EDD-A07958B16F9E SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {e4a1ece8-ed94-4f93-80ea-75f978ceaf24} URL = Toolbar: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox => not found FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\coFFPlgn => not found FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox => not found U3 idsvc; no ImagePath U3 wpcsvc; no ImagePath C:\Users\brushmore\Downloads\62632UNETA.492836F161CC8_rmspfwnbz040j!App C:\WINDOWS\System32\Tasks\51602155 C:\WINDOWS\System32\Tasks\Pa5160215551602155 2016-04-27 14:23 - 2016-04-27 14:23 - 0000003 _____ () C:\Users\brushmore\AppData\Local\aatxtname.txt 2016-04-12 18:38 - 2016-04-12 18:38 - 0006144 _____ () C:\Users\brushmore\AppData\Local\cap.exe 2016-04-12 18:37 - 2016-04-12 18:37 - 0006144 _____ () C:\Users\brushmore\AppData\Local\cap4.exe 2016-04-18 09:02 - 2016-04-18 09:02 - 0005632 _____ () C:\Users\brushmore\AppData\Local\ddnow.exe 2016-04-18 10:49 - 2016-04-18 10:49 - 0005632 _____ () C:\Users\brushmore\AppData\Local\ddnow4.exe 2016-04-27 14:21 - 2016-04-27 14:21 - 0035840 _____ () C:\Users\brushmore\AppData\Local\lstrmn.dll 2016-03-18 00:00 - 2016-03-18 00:00 - 0000000 _____ () C:\Users\brushmore\AppData\Local\ok223.txt 2016-04-27 14:23 - 2016-04-27 14:23 - 0546687 _____ () C:\Users\brushmore\AppData\Local\setupone.exe 2016-04-05 07:26 - 2016-04-05 07:26 - 0007680 _____ () C:\Users\brushmore\AppData\Local\tinstall.exe 2016-04-05 07:25 - 2016-04-05 07:25 - 0007680 _____ () C:\Users\brushmore\AppData\Local\tinstall4.exe 2016-04-27 14:23 - 2016-04-27 14:23 - 0000000 _____ () C:\Users\brushmore\AppData\Local\tr5b.txt 2016-04-27 14:21 - 2016-04-27 14:21 - 0002560 _____ () C:\Users\brushmore\AppData\Local\uninstallssl.exe 2016-04-11 10:43 - 2016-04-11 10:43 - 0000000 _____ () C:\Users\brushmore\AppData\Local\{B77F6B91-10D7-4012-9C62-1FFEFF433044} C:\ProgramData\uninstaller.exe Task: {1402BFE4-9979-488A-A325-C97978CE0D9D} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION Task: {1BBD3D17-2BC2-48DE-B4CB-AC2D92933E25} - \RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION Task: {26F2D476-6820-448C-8A42-22E4756D5D83} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {27A9FEE3-79DB-43B0-956D-3904E869F385} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {2E9C0122-657E-42BD-A7DE-AD32C362C017} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {30EA2984-223F-4FED-BEEE-526451528BD4} - System32\Tasks\IHUninstallTrackingTASK => /C DEL C:\Users\BRUSHM~1\AppData\Local\Temp\IHU3989.tmp.exe Task: {3A084DD6-42F0-4D4E-953E-137161098BD3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {46A90551-1549-4FC0-A381-534F27A3C5B2} - \EPSON WF-2630 Series Update {E683BAEF-6334-4E5B-9AE6-D83069EB7356} -> No File <==== ATTENTION Task: {4FAD8A7F-ED7A-4521-A259-C1D9C9F07BF5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {5C00F876-FA68-4444-AD7D-0B29D4B26E6A} - System32\Tasks\Pa5160215551602155 => C:\Program Files (x86)\freaky\glenlivet.exe [2016-04-27] () Task: {6202B778-C475-42DB-A385-9573AA89BCE7} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION Task: {7441741C-BF46-4BC6-A5E4-AF4D29C17A66} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {82F3522A-25EC-4879-BED4-DDF8EBA59DF4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {845FAD93-5797-4D02-B3E5-376C0D5C828D} - \CapSchedInst -> No File <==== ATTENTION Task: {92888A73-DB66-4D3F-B505-9925B0295D56} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {979AD95D-DE14-47CF-9E40-C7ED861E462E} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION Task: {B27BE36A-CD54-4594-8583-C64EE66B29E7} - System32\Tasks\51602155 => C:\Program Files (x86)\freaky\glenlivet.exe [2016-04-27] () <==== ATTENTION Task: {B7821461-1211-40B5-A4A8-4A597686C2DF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {BEBF0A65-E669-4669-B267-AC4E55114387} - \FreeFileViewerUpdateChecker -> No File <==== ATTENTION Task: {C74BD26D-6DAB-4882-A334-3613ADBFE4D0} - \Norton WSC Integration -> No File <==== ATTENTION Task: {CE7D2DED-4416-4126-B1BC-41E59AC191D5} - \CapSvcInst -> No File <==== ATTENTION Task: {D2B881D1-2B2A-4B6E-B055-762C08CE059A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {D49D884C-0ACC-40F0-B548-9A0F18802FF7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {D71FA8DB-5EFF-4692-9F18-FC282EBC1891} - \RecoveryCDWin7 -> No File <==== ATTENTION Task: {D86CCDED-181F-4C62-B8F5-309FC9AEF0B6} - \MirageAgent -> No File <==== ATTENTION Task: {DFD2645C-AEDE-44A1-B76E-D0C2DF751F4E} - \EPSON WF-2630 Series Update {30680B54-C78D-4B9C-B451-91E537BD9C1A} -> No File <==== ATTENTION Task: {E23D38B1-836A-4E07-9A00-351F4FD1BB54} - \Adobe Flash Player Updater -> No File <==== ATTENTION Task: {EA4C1747-E334-423A-A66C-7E5574F6E37B} - \CapUninst -> No File <==== ATTENTION Task: {ECFFABC4-9447-4464-9E4D-44B979FEB852} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {F84AB4AB-D859-44EC-AFD6-7BC01D92E892} - \TVAgent -> No File <==== ATTENTION Task: {F8E90029-AA5B-4AFD-9ACC-EE303E75AA4F} - \RealDownloaderRealUpgradeLogonTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION Task: {FAF531E4-4FD2-436B-97DD-0B2129CB708F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION C:\Program Files (x86)\indexes C:\Program Files (x86)\freaky C:\Users\brushmore\AppData\Local\lstrmn.dll C:\WINDOWS\system32\Buzzing Dhol.exe C:\Program Files\Updater By SweetPacks C:\Program Files (x86)\FreeFileViewer CMD: bitsadmin /reset /allusers CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state on Hosts: EmptyTemp: