Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

commercial playing over speakers when computer is on; commercial is fo


  • This topic is locked This topic is locked

#1
Liz Corley Dickinson

Liz Corley Dickinson

    New Member

  • Member
  • Pip
  • 3 posts
A commercial plays every time I turn on my computer.  I am unable to listen to the radio, watch a movie or use my speakers in any way.  the most common one is for "Nissan"  Please help
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-06-2016
Ran by brushmore (administrator) on BRUSHMORE (02-06-2016 12:49:00)
Running from C:\Users\brushmore\Downloads
Loaded Profiles: brushmore (Available Profiles: brushmore & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\N360.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Slideway Inc.) C:\Program Files (x86)\windriveuse\WinDriveSync.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Slideway Inc.) C:\Program Files (x86)\windriveuse\WinDriveSync_.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\N360.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
() C:\Program Files (x86)\indexes\tenths.exe
() C:\Program Files (x86)\freaky\glenlivet.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Slideway Inc.) C:\Program Files (x86)\windriveuse\WinDriveUse.exe
(Slideway Inc.) C:\Program Files (x86)\windriveuse\WinDriveUse.exe
(Slideway Inc.) C:\Program Files (x86)\windriveuse\WinDriveUse.exe
(Slideway Inc.) C:\Program Files (x86)\windriveuse\WinDriveUse.exe
(Slideway Inc.) C:\Program Files (x86)\windriveuse\WinDriveUse_.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-05] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [alimony] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] ()
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Buttons & OSDs control application gen3] => c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe [53248 2009-11-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-10-08] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [tannic] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [lstrmn] => rundll32.exe "C:\Users\brushmore\AppData\Local\lstrmn.dll",lstrmn <===== ATTENTION
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [environment] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] ()
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [gaddi] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] ()
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [tenths] => C:\Program Files (x86)\indexes\tenths.exe [36732 2016-04-27] ()
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [iden] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] ()
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [Buzzing Dhol.exe] => C:\WINDOWS\system32\Buzzing Dhol.exe
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\RunOnce: [Uninstall C:\Users\brushmore\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\brushmore\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\RunOnce: [Uninstall C:\Users\brushmore\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\brushmore\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMDE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2011-01-06]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2011-01-06]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2011-01-06]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk [2010-08-16]
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\brushmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\boughs.lnk [2016-04-27]
ShortcutTarget: boughs.lnk -> C:\Program Files (x86)\freaky\glenlivet.exe ()
Startup: C:\Users\brushmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FacebookGamesNotifier.exe.lnk [2016-05-12]
ShortcutTarget: FacebookGamesNotifier.exe.lnk -> C:\Users\brushmore\AppData\Local\Facebook\Games\FacebookGamesNotifier.exe (No File)
Startup: C:\Users\brushmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-06-01]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{59fc41d8-6d53-4d0a-887c-269cb3670b38}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{90f1d325-819d-43d1-be8c-3a555eb07ca7}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/webhp?sourceid=navclient&ie=UTF-8&gws_rd=ssl
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> DefaultScope {1A418B94-1411-4359-819B-7233A215D941} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {11A01865-BF8E-4CE0-9B1E-D858D3158720} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {1A418B94-1411-4359-819B-7233A215D941} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {A334AA6E-85E6-4159-9BDC-747AC59C00A5} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM -> {B4143579-943C-46D9-8636-18BC034FA098} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={7EED87F7-DE91-11E2-A42C-7071BC899902}
SearchScopes: HKLM-x32 -> {11A01865-BF8E-4CE0-9B1E-D858D3158720} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {1A418B94-1411-4359-819B-7233A215D941} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {A334AA6E-85E6-4159-9BDC-747AC59C00A5} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {B4143579-943C-46D9-8636-18BC034FA098} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={7EED87F7-DE91-11E2-A42C-7071BC899902}
SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {11A01865-BF8E-4CE0-9B1E-D858D3158720} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {1A418B94-1411-4359-819B-7233A215D941} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {A334AA6E-85E6-4159-9BDC-747AC59C00A5} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5
SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {B4143579-943C-46D9-8636-18BC034FA098} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {BBFF1E0C-DD2A-4934-9DC9-031DD3573DE2} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=78199393-8436-4250-9016-05051E037B7C&apn_sauid=9EE7FF5E-0237-42A0-9EDD-A07958B16F9E
SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {e4a1ece8-ed94-4f93-80ea-75f978ceaf24} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll [2013-05-17] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [] ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2016-03-09] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2503263900-158799546-2591639019-1000: @citrixonline.com/appdetectorplugin -> C:\Users\brushmore\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-06-28] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox => not found
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.6.0.142\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.6.0.142\coFFAddon [2016-04-25]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.6.0.142\coFFAddon
 
Chrome: 
=======
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/?gws_rd=ssl"
CHR Profile: C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-31]
CHR Extension: (Google Drive) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-20]
CHR Extension: (Google Search) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-01]
CHR Extension: (Norton Identity Safe) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-04-25]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (My Chrome Theme) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-04-25]
CHR Extension: (Maleficent Theme) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\paemmgjnkkafpbppkooglpgcbjfjclmm [2016-04-25]
CHR Extension: (Gmail) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-31]
CHR Profile: C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-03]
CHR Extension: (Google Docs) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-03]
CHR Extension: (Google Drive) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-03]
CHR Extension: (YouTube) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-03]
CHR Extension: (Norton Security Toolbar) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-05-03]
CHR Extension: (Google Sheets) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-03]
CHR Extension: (PDFConverterHQ) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbbkoefeoahoeacccmoggemldnjccbdf [2016-05-24]
CHR Extension: (Google Docs Offline) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-03]
CHR Extension: (Norton Identity Safe) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-05-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-03]
CHR Extension: (Gmail) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-03]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\Exts\Chrome.crx [2016-04-25]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2503263900-158799546-2591639019-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\Exts\Chrome.crx [2016-04-25]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-06-25] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-03-09] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\N360.exe [289080 2016-02-26] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-03-02] (Alcatel-Lucent) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-05-17] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-11-09] (Intuit Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WinDriveSvc; C:\Program Files (x86)\windriveuse\WinDriveSync.exe [140984 2016-03-31] (Slideway Inc.)
R2 WinDriveSvc2; C:\Program Files (x86)\windriveuse\WinDriveSync_.exe [140984 2016-03-31] (Slideway Inc.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ACPIService; C:\Windows\System32\drivers\OSDACPI.SYS [17992 2009-06-17] ()
R3 AVerAVF2; C:\Windows\system32\DRIVERS\AVerAVF2.sys [1212416 2010-11-11] (AVerMedia TECHNOLOGIES, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.6.0.142\Definitions\BASHDefs\20160125.001\BHDrvx64.sys [1665608 2016-02-23] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1606000.08E\ccSetx64.sys [173808 2016-02-23] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2016-02-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2016-02-04] (Symantec Corporation)
R3 FintekCIR; C:\Windows\system32\DRIVERS\FintekCIR.sys [33064 2013-07-25] (Fintek)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.6.0.142\Definitions\IPSDefs\20160223.011\IDSVia64.sys [767224 2016-02-23] (Symantec Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.6.0.142\Definitions\VirusDefs\20160424.025\ENG64.SYS [138488 2016-02-04] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.6.0.142\Definitions\VirusDefs\20160424.025\EX64.SYS [2148080 2016-02-04] (Symantec Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R3 NWVoltron; C:\Windows\System32\drivers\NWVoltron.sys [28920 2013-02-04] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S3 SMSIVZAM5X64; C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys [43032 2009-03-20] (Smith Micro Inc.)
S3 SRTSP; C:\Windows\system32\drivers\N360x64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1606000.08E\SRTSPX64.SYS [50936 2016-02-23] (Symantec Corporation)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [13920 2016-05-24] ()
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\N360x64\1606000.08E\SymELAM.sys [24192 2016-02-23] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-04-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-02 12:11 - 2016-06-02 12:15 - 00065156 _____ C:\Users\brushmore\Downloads\Addition.txt
2016-06-02 12:09 - 2016-06-02 12:49 - 00035154 _____ C:\Users\brushmore\Downloads\FRST.txt
2016-06-02 12:09 - 2016-06-02 12:49 - 00000000 ____D C:\FRST
2016-06-02 12:09 - 2016-06-02 12:09 - 02383872 _____ (Farbar) C:\Users\brushmore\Downloads\FRST64.exe
2016-06-02 11:24 - 2016-06-02 11:24 - 00000000 ___HD C:\OneDriveTemp
2016-06-01 12:33 - 2016-06-01 12:33 - 00063668 _____ C:\Users\brushmore\Downloads\FAX_20160601_1464802018_134 (2).pdf
2016-06-01 12:30 - 2016-06-01 12:30 - 00063668 _____ C:\Users\brushmore\Downloads\FAX_20160601_1464802018_134 (1).pdf
2016-06-01 12:29 - 2016-06-01 12:29 - 00063668 _____ C:\Users\brushmore\Downloads\FAX_20160601_1464802018_134.pdf
2016-06-01 10:04 - 2016-06-01 10:04 - 00017620 _____ C:\Users\brushmore\Downloads\restauraurant contract.wpd
2016-05-31 11:08 - 2016-05-31 11:08 - 05237558 _____ C:\Users\brushmore\Downloads\Madison Terminal Building Bid Set Specifications-signed.pdf
2016-05-28 10:14 - 2016-05-28 10:14 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-05-28 10:14 - 2016-05-28 10:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-05-26 11:01 - 2016-05-26 11:02 - 00001463 _____ C:\Users\brushmore\Desktop\Transmittal Letter.lnk
2016-05-24 20:45 - 2016-05-24 20:45 - 00000000 ___RD C:\Users\brushmore\Downloads\62632UNETA.492836F161CC8_rmspfwnbz040j!App
2016-05-24 20:40 - 2016-05-25 15:23 - 00000000 ____D C:\Users\brushmore\AppData\Local\SlimWare Utilities Inc
2016-05-24 20:40 - 2016-05-24 20:40 - 00013920 _____ C:\WINDOWS\system32\Drivers\SWDUMon.sys
2016-05-24 20:40 - 2016-05-24 20:40 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2016-05-24 20:39 - 2016-05-24 20:39 - 00961800 _____ (Slimware Utilities, Inc.) C:\Users\brushmore\Downloads\DriverUpdate-setup.exe
2016-05-24 17:40 - 2016-06-01 10:05 - 00000000 ____D C:\Users\brushmore\Desktop\Liz
2016-05-24 17:18 - 2016-05-24 17:18 - 00032770 _____ C:\Users\brushmore\Downloads\FAX_20160524_1464121754_77.pdf
2016-05-23 19:52 - 2016-05-23 19:52 - 00000000 ____D C:\Users\brushmore\AppData\Local\HuluDesktop
2016-05-23 13:46 - 2016-05-23 13:46 - 00070518 _____ C:\Users\brushmore\Downloads\FAX_20160523_1464027183_113.pdf
2016-05-18 17:11 - 2016-05-18 17:11 - 00036703 _____ C:\Users\brushmore\Downloads\Report_from_BRUSHMORE_PAINT_LLC.pdf
2016-05-16 10:55 - 2016-05-16 10:55 - 00001282 _____ C:\Users\brushmore\Desktop\Proposal.lnk
2016-05-12 18:34 - 2016-05-12 18:34 - 00000000 ____D C:\Users\brushmore\AppData\Local\FacebookGames
2016-05-12 18:32 - 2016-05-12 18:32 - 00001296 _____ C:\Users\brushmore\Desktop\Facebook Games.lnk
2016-05-12 18:32 - 2016-05-12 18:32 - 00000000 ____D C:\Users\brushmore\AppData\Local\Facebook
2016-05-12 18:29 - 2016-05-12 18:31 - 00100120 _____ () C:\Users\brushmore\Downloads\FacebookGamesArcadeSetup.exe
2016-05-12 13:45 - 2016-05-12 13:47 - 00000205 _____ C:\Users\brushmore\Desktop\EFax.url
2016-05-12 03:55 - 2016-05-12 03:55 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-05-10 22:53 - 2016-04-23 00:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-10 22:53 - 2016-04-23 00:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-10 22:53 - 2016-04-23 00:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-10 22:53 - 2016-04-23 00:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-10 22:53 - 2016-04-23 00:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-10 22:53 - 2016-04-23 00:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-10 22:53 - 2016-04-23 00:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-10 22:53 - 2016-04-23 00:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-10 22:53 - 2016-04-22 23:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-10 22:53 - 2016-04-22 23:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-10 22:53 - 2016-04-22 23:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-10 22:53 - 2016-04-22 23:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-10 22:53 - 2016-04-22 23:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-10 22:53 - 2016-04-22 23:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-10 22:53 - 2016-04-22 23:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-10 22:53 - 2016-04-22 23:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-10 22:53 - 2016-04-22 23:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-10 22:53 - 2016-04-22 23:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-10 22:53 - 2016-04-22 23:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-10 22:53 - 2016-04-22 23:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-10 22:53 - 2016-04-22 23:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-10 22:53 - 2016-04-22 23:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-10 22:53 - 2016-04-22 23:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-10 22:53 - 2016-04-22 23:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-10 22:53 - 2016-04-22 23:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-10 22:53 - 2016-04-22 23:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-10 22:53 - 2016-04-22 23:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-10 22:53 - 2016-04-22 23:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-10 22:53 - 2016-04-22 23:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-10 22:53 - 2016-04-22 23:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-10 22:53 - 2016-04-22 23:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-10 22:53 - 2016-04-22 23:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-10 22:53 - 2016-04-22 23:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-10 22:53 - 2016-04-22 23:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-10 22:53 - 2016-04-22 23:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-10 22:53 - 2016-04-22 23:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-10 22:53 - 2016-04-22 23:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-10 22:53 - 2016-04-22 23:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-10 22:53 - 2016-04-22 23:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-10 22:53 - 2016-04-22 23:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-10 22:53 - 2016-04-22 23:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-10 22:53 - 2016-04-22 23:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-10 22:53 - 2016-04-22 23:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-10 22:52 - 2016-05-05 23:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-10 22:52 - 2016-05-05 23:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-10 22:52 - 2016-05-05 22:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-10 22:52 - 2016-05-05 22:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-10 22:52 - 2016-05-05 22:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-10 22:52 - 2016-05-05 22:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-10 22:52 - 2016-04-30 01:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-10 22:52 - 2016-04-30 01:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-10 22:52 - 2016-04-23 01:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-10 22:52 - 2016-04-23 01:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-10 22:52 - 2016-04-23 01:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-10 22:52 - 2016-04-23 01:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-10 22:52 - 2016-04-23 01:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-10 22:52 - 2016-04-23 01:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-10 22:52 - 2016-04-23 01:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-10 22:52 - 2016-04-23 01:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-10 22:52 - 2016-04-23 00:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-10 22:52 - 2016-04-23 00:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-10 22:52 - 2016-04-23 00:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-10 22:52 - 2016-04-23 00:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-10 22:52 - 2016-04-23 00:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-10 22:52 - 2016-04-23 00:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-10 22:52 - 2016-04-23 00:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-10 22:52 - 2016-04-23 00:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-10 22:52 - 2016-04-23 00:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-10 22:52 - 2016-04-23 00:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-10 22:52 - 2016-04-23 00:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-10 22:52 - 2016-04-23 00:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-10 22:52 - 2016-04-23 00:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-10 22:52 - 2016-04-23 00:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-10 22:52 - 2016-04-23 00:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-10 22:52 - 2016-04-23 00:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-10 22:52 - 2016-04-23 00:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-10 22:52 - 2016-04-23 00:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-10 22:52 - 2016-04-23 00:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-10 22:52 - 2016-04-23 00:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-10 22:52 - 2016-04-23 00:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-10 22:52 - 2016-04-23 00:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-10 22:52 - 2016-04-23 00:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-10 22:52 - 2016-04-23 00:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-10 22:52 - 2016-04-23 00:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-10 22:52 - 2016-04-23 00:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-10 22:52 - 2016-04-23 00:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-10 22:52 - 2016-04-23 00:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-10 22:52 - 2016-04-23 00:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-10 22:52 - 2016-04-23 00:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-10 22:52 - 2016-04-23 00:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-10 22:52 - 2016-04-23 00:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-10 22:52 - 2016-04-23 00:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-10 22:52 - 2016-04-23 00:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-10 22:52 - 2016-04-23 00:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-10 22:52 - 2016-04-23 00:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-10 22:52 - 2016-04-23 00:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-10 22:52 - 2016-04-23 00:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-10 22:52 - 2016-04-23 00:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-10 22:52 - 2016-04-23 00:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-10 22:52 - 2016-04-23 00:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-10 22:52 - 2016-04-22 23:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-10 22:52 - 2016-04-22 23:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-10 22:52 - 2016-04-22 23:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-10 22:52 - 2016-04-22 23:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-10 22:52 - 2016-04-22 23:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-10 22:52 - 2016-04-22 23:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-10 22:52 - 2016-04-22 23:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-10 22:52 - 2016-04-22 23:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-10 22:52 - 2016-04-22 23:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-10 22:52 - 2016-04-22 23:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-10 22:52 - 2016-04-22 23:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-10 22:52 - 2016-04-22 23:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-10 22:52 - 2016-04-22 23:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-10 22:52 - 2016-04-22 23:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-10 22:52 - 2016-04-22 23:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-10 22:52 - 2016-04-22 23:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-10 22:52 - 2016-04-22 23:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-10 22:52 - 2016-04-22 23:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-10 22:52 - 2016-04-22 23:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-10 22:52 - 2016-04-22 23:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-10 22:52 - 2016-04-22 23:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-10 22:52 - 2016-04-22 23:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-10 22:52 - 2016-04-22 23:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-10 22:52 - 2016-04-22 23:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-10 22:52 - 2016-04-22 23:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-10 22:52 - 2016-04-22 23:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-10 22:52 - 2016-04-22 23:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-10 22:52 - 2016-04-22 23:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-10 22:52 - 2016-04-22 23:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-10 22:52 - 2016-04-22 23:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-10 22:52 - 2016-04-22 23:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-10 22:52 - 2016-04-22 23:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-10 22:52 - 2016-04-22 23:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-10 22:52 - 2016-04-22 23:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-10 22:52 - 2016-04-22 23:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-10 22:52 - 2016-04-22 23:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-10 22:52 - 2016-04-22 23:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-10 22:52 - 2016-04-22 23:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-10 22:52 - 2016-04-22 23:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-10 22:52 - 2016-04-22 23:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-10 22:52 - 2016-04-22 23:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-10 22:52 - 2016-04-22 23:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-10 22:52 - 2016-04-22 23:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-10 22:52 - 2016-04-22 23:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-10 22:52 - 2016-04-22 23:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-10 22:52 - 2016-04-22 23:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-10 22:52 - 2016-04-22 23:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-10 22:52 - 2016-04-22 23:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-10 22:52 - 2016-04-22 23:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-10 22:52 - 2016-04-22 23:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-10 22:52 - 2016-04-22 23:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-10 22:52 - 2016-04-22 23:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-10 22:52 - 2016-04-22 23:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-10 22:52 - 2016-04-22 23:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-10 22:52 - 2016-04-22 23:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-10 22:52 - 2016-04-22 23:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-10 22:52 - 2016-04-22 23:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-10 22:52 - 2016-04-22 23:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-10 22:52 - 2016-04-22 23:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-10 22:52 - 2016-04-22 23:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-10 22:52 - 2016-04-22 23:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-10 22:52 - 2016-04-22 23:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-10 22:52 - 2016-04-22 23:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-10 22:52 - 2016-04-22 23:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-10 22:52 - 2016-04-22 23:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-10 22:52 - 2016-04-22 23:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-10 22:52 - 2016-04-22 23:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-10 22:52 - 2016-04-22 23:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-10 22:52 - 2016-04-22 23:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-10 22:52 - 2016-04-22 23:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-10 22:52 - 2016-04-22 23:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-10 22:52 - 2016-04-22 23:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-10 22:52 - 2016-04-22 23:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-10 22:52 - 2016-04-22 23:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-10 22:52 - 2016-04-22 23:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-10 22:52 - 2016-04-22 23:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-10 22:52 - 2016-04-22 22:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-10 22:52 - 2016-04-22 21:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-10 22:51 - 2016-05-05 23:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-10 22:51 - 2016-05-05 22:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-10 22:51 - 2016-04-23 00:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-10 22:51 - 2016-04-23 00:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-10 22:51 - 2016-04-23 00:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-10 22:51 - 2016-04-23 00:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-10 22:51 - 2016-04-23 00:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-10 22:51 - 2016-04-23 00:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-10 22:51 - 2016-04-23 00:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-10 22:51 - 2016-04-23 00:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-10 22:51 - 2016-04-23 00:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-10 22:51 - 2016-04-23 00:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-10 22:51 - 2016-04-23 00:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-10 22:51 - 2016-04-23 00:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-10 22:51 - 2016-04-23 00:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-10 22:51 - 2016-04-22 23:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-10 22:51 - 2016-04-22 23:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-10 22:51 - 2016-04-22 23:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-10 22:51 - 2016-04-22 23:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-10 22:51 - 2016-04-22 23:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-10 22:51 - 2016-04-22 23:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-10 22:51 - 2016-04-22 23:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-10 22:51 - 2016-04-22 23:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-10 22:51 - 2016-04-22 23:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-10 22:51 - 2016-04-22 23:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-10 22:51 - 2016-04-22 23:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-10 22:51 - 2016-04-22 23:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-10 22:51 - 2016-04-22 23:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-10 22:51 - 2016-04-22 23:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-10 22:51 - 2016-04-22 23:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-10 22:51 - 2016-04-22 23:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-10 22:51 - 2016-04-22 23:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-10 22:51 - 2016-04-22 23:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-10 22:51 - 2016-04-22 23:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-10 22:51 - 2016-04-22 23:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-10 22:51 - 2016-04-22 23:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-10 22:51 - 2016-04-22 23:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-10 22:51 - 2016-04-22 23:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-10 22:51 - 2016-04-22 23:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-10 22:51 - 2016-04-22 23:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-10 22:51 - 2016-04-22 23:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-10 22:51 - 2016-04-22 23:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-10 22:51 - 2016-04-22 23:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-10 22:51 - 2016-04-22 23:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-10 22:51 - 2016-04-22 23:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-10 22:51 - 2016-04-22 23:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-10 22:51 - 2016-04-22 23:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-10 22:51 - 2016-04-22 23:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-10 22:51 - 2016-04-22 23:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-10 22:51 - 2016-04-22 23:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-10 22:51 - 2016-04-22 23:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-10 22:51 - 2016-04-22 23:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-10 22:51 - 2016-04-22 21:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-10 22:51 - 2016-04-18 17:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-10 17:08 - 2016-05-10 17:08 - 00003990 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 17:08 - 2016-05-10 17:08 - 00003758 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-09 14:30 - 2016-05-09 14:30 - 00000156 _____ C:\Users\brushmore\Desktop\New Internet Shortcut.url
2016-05-07 16:42 - 2016-05-29 07:44 - 00000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForbrushmore.job
2016-05-06 12:59 - 2016-05-06 12:59 - 00004687 _____ C:\Users\brushmore\Downloads\google (1).csv
2016-05-06 12:58 - 2016-05-06 12:58 - 00004687 _____ C:\Users\brushmore\Downloads\google.csv
2016-05-05 16:40 - 2016-05-05 16:48 - 00000000 ____D C:\Users\brushmore\Downloads\Family
2016-05-05 09:24 - 2016-05-05 09:24 - 02273962 _____ C:\Users\brushmore\Downloads\NOVEMBER BANK STATEMENT 1201 (1).pdf
2016-05-05 09:23 - 2016-05-05 09:23 - 19982306 _____ C:\Users\brushmore\Downloads\SEPTEMBER BANK STATEMENTS 1201.pdf
2016-05-05 09:23 - 2016-05-05 09:23 - 17047482 _____ C:\Users\brushmore\Downloads\JULY BANKSTATEMENT 1201 2015.pdf
2016-05-05 09:23 - 2016-05-05 09:23 - 04998969 _____ C:\Users\brushmore\Downloads\EDECEMBER BANKSTATEMENT 1201.pdf
2016-05-05 09:22 - 2016-05-05 09:22 - 17300837 _____ C:\Users\brushmore\Downloads\MARCH 2015 1201.pdf
2016-05-05 09:22 - 2016-05-05 09:22 - 11241475 _____ C:\Users\brushmore\Downloads\JANUARY 2015  1201.pdf
2016-05-05 09:22 - 2016-05-05 09:22 - 03153613 _____ C:\Users\brushmore\Downloads\DECEMBER BANK STATEMENT 1201.pdf
2016-05-05 09:21 - 2016-05-05 09:21 - 02273962 _____ C:\Users\brushmore\Downloads\NOVEMBER BANK STATEMENT 1201.pdf
2016-05-04 18:29 - 2016-05-04 18:30 - 13677800 _____ (Google) C:\Users\brushmore\Downloads\picasa39-setup.exe
2016-05-04 13:33 - 2016-05-04 13:33 - 00166940 _____ C:\Users\brushmore\Downloads\n8YOot4.jpeg
2016-05-04 13:29 - 2016-05-04 13:29 - 02400784 _____ (Microsoft Corporation) C:\Users\brushmore\Downloads\Live_Photo_Gallery.exe
2016-05-04 13:29 - 2016-05-04 13:29 - 00000000 ____D C:\ProgramData\WLInstaller
2016-05-04 13:28 - 2016-05-04 13:30 - 33205720 _____ ( ) C:\Users\brushmore\Downloads\p3dalbuminst-1.2.exe
2016-05-03 20:39 - 2016-05-05 16:53 - 00000000 ____D C:\Users\brushmore\Documents\My Smilebox Creations
2016-05-03 20:39 - 2016-05-03 20:39 - 00889632 _____ (Smilebox, Inc.) C:\Users\brushmore\Downloads\SmileboxInstaller.exe
2016-05-03 20:39 - 2016-05-03 20:39 - 00000416 _____ C:\Users\brushmore\Downloads\tmp.htm
2016-05-03 14:49 - 2016-05-03 14:49 - 15721345 _____ C:\Users\brushmore\Downloads\Zip 2.mov
2016-05-03 14:49 - 2016-05-03 14:49 - 11645833 _____ C:\Users\brushmore\Downloads\Zip 1.mov
2016-05-03 14:49 - 2016-05-03 14:49 - 05604186 _____ C:\Users\brushmore\Downloads\Zip 3.mov
2016-05-03 14:11 - 2016-05-03 14:12 - 386797986 _____ C:\Users\brushmore\Downloads\Nick's Moves.MOV
2016-05-03 14:10 - 2016-05-03 14:10 - 34292869 _____ C:\Users\brushmore\Downloads\Nicks Moves 1.MOV
2016-05-03 14:09 - 2016-05-03 14:09 - 90237532 _____ C:\Users\brushmore\Downloads\Brads Dance.MOV
2016-05-03 14:09 - 2016-05-03 14:09 - 18078182 _____ C:\Users\brushmore\Downloads\Beach Day Movie.mov
2016-05-03 14:09 - 2016-05-03 14:09 - 06845062 _____ C:\Users\brushmore\Downloads\Beach Day Waves.MOV
2016-05-03 11:46 - 2016-05-03 11:46 - 00113411 _____ C:\Users\brushmore\Downloads\2014-2015 G.L. Audit (1).pdf
2016-05-03 11:45 - 2016-05-03 11:45 - 00098399 _____ C:\Users\brushmore\Downloads\UnroutedAttachment (1).PDF
2016-05-03 09:23 - 2016-05-23 11:00 - 00000000 ___RD C:\Users\brushmore\iCloudDrive
2016-05-03 09:23 - 2016-05-03 09:23 - 00000000 ____D C:\Users\brushmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2016-05-03 09:23 - 2016-05-03 09:23 - 00000000 ____D C:\Users\brushmore\AppData\Local\Apple Inc
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-02 12:48 - 2016-04-11 11:48 - 00000911 _____ C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {30680B54-C78D-4B9C-B451-91E537BD9C1A}.job
2016-06-02 12:40 - 2011-01-06 10:50 - 00000000 ____D C:\Users\brushmore\AppData\Local\CrashDumps
2016-06-02 12:13 - 2013-06-26 08:41 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-02 12:00 - 2016-04-24 23:00 - 00000945 _____ C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {E683BAEF-6334-4E5B-9AE6-D83069EB7356}.job
2016-06-02 11:57 - 2012-04-02 12:13 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-02 11:38 - 2016-05-01 17:06 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5FDB7303-45FA-4BF1-B095-AB3B6A8C491C}
2016-06-02 11:31 - 2016-04-25 10:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2016-06-02 11:25 - 2016-05-01 14:42 - 00000000 ___RD C:\Users\brushmore\Google Drive
2016-06-02 11:25 - 2013-06-26 08:41 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-02 11:24 - 2016-04-26 16:35 - 00000000 ___RD C:\Users\brushmore\OneDrive
2016-06-02 11:24 - 2016-04-06 14:15 - 00000410 _____ C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job
2016-06-02 11:23 - 2013-04-17 15:07 - 00000439 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-06-02 11:22 - 2016-02-13 08:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-02 11:22 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-02 10:58 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-02 10:50 - 2010-08-16 19:33 - 00000000 ____D C:\ProgramData\TouchSmartData
2016-06-02 10:05 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-02 09:59 - 2016-04-27 14:23 - 00003866 _____ C:\WINDOWS\System32\Tasks\51602155
2016-06-02 09:59 - 2016-04-27 14:23 - 00003734 _____ C:\WINDOWS\System32\Tasks\Pa5160215551602155
2016-06-02 09:49 - 2016-04-24 22:41 - 00000000 ____D C:\Users\brushmore
2016-06-01 11:40 - 2016-04-11 13:12 - 00000000 ____D C:\Users\brushmore\Desktop\Brushmore
2016-05-31 18:28 - 2013-04-29 23:50 - 00000000 ____D C:\Users\brushmore\Documents\Outlook Files
2016-05-28 10:15 - 2016-05-01 12:59 - 00002117 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-05-28 10:15 - 2016-05-01 12:59 - 00002115 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-05-28 10:15 - 2016-05-01 12:59 - 00002105 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-05-28 10:15 - 2016-05-01 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-26 21:02 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-05-26 20:52 - 2011-01-12 11:08 - 00000000 ____D C:\Users\brushmore\AppData\Local\ElevatedDiagnostics
2016-05-26 20:42 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-26 16:19 - 2016-04-25 10:12 - 00000000 ____D C:\Users\brushmore\AppData\Local\Packages
2016-05-25 08:49 - 2016-04-26 16:35 - 00002418 _____ C:\Users\brushmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-23 12:25 - 2016-04-25 14:55 - 00000000 ____D C:\Users\brushmore\AppData\Roaming\Apple Computer
2016-05-23 12:25 - 2016-04-25 14:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-05-23 10:09 - 2016-04-25 13:58 - 00000000 ____D C:\Users\DefaultAppPool
2016-05-19 22:40 - 2016-02-13 08:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-19 22:32 - 2013-06-26 08:41 - 00000000 ____D C:\Users\brushmore\AppData\Local\Google
2016-05-19 22:32 - 2013-06-26 08:41 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-16 18:18 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-16 10:19 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-12 20:14 - 2013-06-26 08:42 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-12 13:32 - 2016-02-02 13:11 - 00000000 ____D C:\Users\brushmore\Documents\BRUSHMORE FORMS
2016-05-12 03:52 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-12 03:52 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-12 03:51 - 2016-02-13 08:03 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-12 03:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-12 03:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-11 16:40 - 2015-10-30 02:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-11 16:35 - 2013-07-12 14:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 16:19 - 2011-06-02 10:35 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 14:57 - 2015-10-30 02:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 14:57 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-05 17:11 - 2013-04-03 13:54 - 00000000 ___RD C:\Users\brushmore\Documents\Scanned Documents
 
==================== Files in the root of some directories =======
 
2016-04-27 14:23 - 2016-04-27 14:23 - 0000003 _____ () C:\Users\brushmore\AppData\Local\aatxtname.txt
2016-04-12 18:38 - 2016-04-12 18:38 - 0006144 _____ () C:\Users\brushmore\AppData\Local\cap.exe
2016-04-12 18:37 - 2016-04-12 18:37 - 0006144 _____ () C:\Users\brushmore\AppData\Local\cap4.exe
2016-04-18 09:02 - 2016-04-18 09:02 - 0005632 _____ () C:\Users\brushmore\AppData\Local\ddnow.exe
2016-04-18 10:49 - 2016-04-18 10:49 - 0005632 _____ () C:\Users\brushmore\AppData\Local\ddnow4.exe
2012-04-12 16:29 - 2012-04-26 11:26 - 0000236 _____ () C:\Users\brushmore\AppData\Local\LaunchHomeCenter.log
2016-04-27 14:21 - 2016-04-27 14:21 - 0035840 _____ () C:\Users\brushmore\AppData\Local\lstrmn.dll
2016-03-18 00:00 - 2016-03-18 00:00 - 0000000 _____ () C:\Users\brushmore\AppData\Local\ok223.txt
2016-04-27 14:23 - 2016-04-27 14:23 - 0546687 _____ () C:\Users\brushmore\AppData\Local\setupone.exe
2016-04-05 07:26 - 2016-04-05 07:26 - 0007680 _____ () C:\Users\brushmore\AppData\Local\tinstall.exe
2016-04-05 07:25 - 2016-04-05 07:25 - 0007680 _____ () C:\Users\brushmore\AppData\Local\tinstall4.exe
2016-04-27 14:23 - 2016-04-27 14:23 - 0000000 _____ () C:\Users\brushmore\AppData\Local\tr5b.txt
2016-04-27 14:21 - 2016-04-27 14:21 - 0002560 _____ () C:\Users\brushmore\AppData\Local\uninstallssl.exe
2016-04-11 10:43 - 2016-04-11 10:43 - 0000000 _____ () C:\Users\brushmore\AppData\Local\{B77F6B91-10D7-4012-9C62-1FFEFF433044}
2011-06-16 13:17 - 2011-06-16 13:17 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2013-06-24 21:41 - 2013-06-24 21:41 - 4325376 _____ () C:\ProgramData\ReadOnlyInstaller.msi
2013-06-26 13:50 - 2013-06-26 13:50 - 0033958 _____ () C:\ProgramData\uninstaller.exe
 
Files to move or delete:
====================
C:\ProgramData\uninstaller.exe
 
 
Some files in TEMP:
====================
C:\Users\brushmore\AppData\Local\Temp\IHU3B10.tmp.exe
C:\Users\brushmore\AppData\Local\Temp\IHUA7BF.tmp.exe
C:\Users\brushmore\AppData\Local\Temp\scp30D2.tmp.exe
C:\Users\brushmore\AppData\Local\Temp\Setup.exe
C:\Users\brushmore\AppData\Local\Temp\Uninstall.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-29 17:15
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-06-2016
Ran by brushmore (2016-06-02 12:49:53)
Running from C:\Users\brushmore\Downloads
Windows 10 Home Version 1511 (X64) (2016-04-25 15:12:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2503263900-158799546-2591639019-500 - Administrator - Disabled)
brushmore (S-1-5-21-2503263900-158799546-2591639019-1000 - Administrator - Enabled) => C:\Users\brushmore
DefaultAccount (S-1-5-21-2503263900-158799546-2591639019-503 - Limited - Disabled)
Guest (S-1-5-21-2503263900-158799546-2591639019-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2503263900-158799546-2591639019-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Reader X (10.1.7) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Ancient Hearts (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Azteca (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bob the Builder Can-Do-Zoo (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.95 - WildTangent) Hidden
Buttons & OSDs control application gen3 (HKLM-x32\...\{79ECA886-C6EF-4BB3-9920-CB7906C01589}) (Version: 1.0.5.0 - Hewlett-Packard)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Corel Paint it! touch - IPM (x32 Version: 1.1 - Corel Corporation) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.0.4030 - Hewlett-Packard)
DVD Menu Pack for HP TouchSmart Video (x32 Version: 4.0.4030 - Hewlett-Packard) Hidden
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.51.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
EPSON WF-2630 Series Printer Uninstall (HKLM\...\EPSON WF-2630 Series) (Version:  - SEIKO EPSON Corporation)
Epson WF-2630 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-2630 User’s Guide_is1) (Version: 1.0 - )
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{F983229B-587E-4322-BCB9-D7A49734E5CD}) (Version: 3.0.0.0 - SEIKO EPSON CORPORATION)
Facebook for HP TouchSmart (HKLM-x32\...\{DE665CEA-0968-4211-B0B0-2A917CE9EC7E}) (Version: 1.0.0019 - Hewlett-Packard)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
Gem Shop (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP AppsCenter 1.00 (HKLM-x32\...\HP AppsCenter 1.00) (Version:  - )
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BDDA1E1E-204E-4368-B0C2-737F16B76307}) (Version: 1.0.3.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.14.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.2.8.25 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.4.18.7 - Hewlett-Packard Company)
HP TouchSmart (HKLM-x32\...\{32A2B967-279F-457D-B767-76352DA2F108}) (Version: 4.0.32.0 - Hewlett-Packard)
HP TouchSmart Calendar (HKLM-x32\...\{22CD5AA1-C28D-458A-AC3D-FB30F74111F9}) (Version: 4.0.3845.32287 - Hewlett-Packard)
HP TouchSmart Canvas (HKLM-x32\...\{157A2E65-1D59-4BE2-BBD4-D16A14EEF959}) (Version: 2.0.3832.30169 - Hewlett-Packard)
HP TouchSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.0.4229 - Hewlett-Packard)
HP TouchSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.3.3017 - Hewlett-Packard)
HP TouchSmart Notes (HKLM-x32\...\{5A9DADC3-6C03-4C83-8622-60405126D1E0}) (Version: 4.0.3845.23935 - Hewlett-Packard)
HP TouchSmart Paint it! by Corel (HKLM-x32\...\_{6807F13C-A925-4DD8-80C0-24D93A6FFE83}) (Version: 1.5.0.100 - Hewlett-Packard)
HP TouchSmart Photo (HKLM-x32\...\InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}) (Version: 4.0.4215 - Hewlett-Packard)
HP TouchSmart Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 3.2.0.2 - Hewlett-Packard)
HP TouchSmart Twitter (HKLM-x32\...\{29F19C52-0B82-4741-8015-8D46E28638EC}) (Version: 3.0.3833.22527 - Hewlett-Packard)
HP TouchSmart Video (HKLM-x32\...\InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}) (Version: 4.0.4211 - Hewlett-Packard)
HP TouchSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.0.3107 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.4.0 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 7 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Movie Theme Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.0.4030 - Hewlett-Packard)
Movie Theme Pack for HP TouchSmart Video (x32 Version: 4.0.4030 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NetStream 1.0 (HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\NetStream 1.0) (Version:  - )
Norton 360 (HKLM-x32\...\N360) (Version: 22.6.0.142 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.28 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
PreReq (x32 Version: 6.2.3.0 - Eastman Kodak Company) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 -  NewspaperDirect Inc.)
QuickBooks (x32 Version: 21.0.4013.904 - Intuit Inc.) Hidden
QuickBooks Pro 2011 (HKLM-x32\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4013.904 - Intuit Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version:  - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6675 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3025 - CyberLink Corp.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skip-Bo - Castaway Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
SpongeBob Diner Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VZAccess Manager (HKLM-x32\...\{7641FD7D-E94E-424E-A95C-0593C84DC0C0}) (Version: 7.0.1.8 - Smith Micro Software Inc.)
Where's Waldo The Fantastic Journey (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App for HP (x32 Version: 4.1.1.8 - WildTangent) Hidden
Window Drive Manager (HKLM-x32\...\Window Drive Manager) (Version: 1.56 - Slideway Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2503263900-158799546-2591639019-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\brushmore\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03B88F19-8294-4DD0-8CA7-3D815BD06881} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {03FCE5F1-C0D3-42D7-B94C-B2CA9B653DD3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {0614E216-9586-4DC9-9417-9663E71FFA81} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {09DD22EA-249F-4834-94E9-2F324E944E0D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0E8551ED-005D-40C6-90E3-80D5843F8DBB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {1402BFE4-9979-488A-A325-C97978CE0D9D} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION
Task: {14E0C08B-D561-4490-A4A9-1126B538650F} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2016-02-25] (Symantec Corporation)
Task: {1BBD3D17-2BC2-48DE-B4CB-AC2D92933E25} - \RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION
Task: {26F2D476-6820-448C-8A42-22E4756D5D83} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {27A9FEE3-79DB-43B0-956D-3904E869F385} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {27C411B7-E322-486B-938E-48EF225CFC07} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2E9C0122-657E-42BD-A7DE-AD32C362C017} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2F0B2903-9F5B-4E96-8394-51698C1980DD} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {30EA2984-223F-4FED-BEEE-526451528BD4} - System32\Tasks\IHUninstallTrackingTASK => /C DEL C:\Users\BRUSHM~1\AppData\Local\Temp\IHU3989.tmp.exe
Task: {345E76C7-1FF6-4567-B74C-29C7CE00E20C} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {3691FF85-D708-409B-BE7A-284ADA2BCFB2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {38C2B106-E6CC-4C34-B21B-609D1C392CDE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-20] (Google Inc.)
Task: {392AAB2B-15F7-48B1-B07E-0BE480D834F6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {3A084DD6-42F0-4D4E-953E-137161098BD3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4174D0B1-D662-4442-BE05-E74FDA7AB687} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {46A90551-1549-4FC0-A381-534F27A3C5B2} - \EPSON WF-2630 Series Update {E683BAEF-6334-4E5B-9AE6-D83069EB7356} -> No File <==== ATTENTION
Task: {4FAD8A7F-ED7A-4521-A259-C1D9C9F07BF5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5C00F876-FA68-4444-AD7D-0B29D4B26E6A} - System32\Tasks\Pa5160215551602155 => C:\Program Files (x86)\freaky\glenlivet.exe [2016-04-27] ()
Task: {5F3EFF12-D237-431D-8C71-922D5380A040} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {6202B778-C475-42DB-A385-9573AA89BCE7} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION
Task: {7441741C-BF46-4BC6-A5E4-AF4D29C17A66} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {75E207A5-0575-446A-974A-D178024369F1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {7B0DFFF0-6088-41CF-A75A-878BA845C91F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {82F3522A-25EC-4879-BED4-DDF8EBA59DF4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {845FAD93-5797-4D02-B3E5-376C0D5C828D} - \CapSchedInst -> No File <==== ATTENTION
Task: {8465E2C1-36AD-4EA3-8ECA-5C561635B621} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {87885476-5820-48E3-8DF4-175CB40C18AF} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {8AE259D7-56CC-4182-9A1A-7698C13D1C63} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {92888A73-DB66-4D3F-B505-9925B0295D56} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {979AD95D-DE14-47CF-9E40-C7ED861E462E} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION
Task: {9C76EAFA-128D-49FE-8A1C-A8656F9EAE80} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {9D68AD1A-3850-45B6-BC03-009D74EB709E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {A1D35F98-7D4F-4EC2-9239-00601DC46FCE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {A489B528-91C6-4184-A0AF-723508AC6495} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {A894259E-D7D0-41BB-AED3-1D8F66401E39} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {B10439E1-E185-4DB2-807B-DD6AC98B530E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {B27BE36A-CD54-4594-8583-C64EE66B29E7} - System32\Tasks\51602155 => C:\Program Files (x86)\freaky\glenlivet.exe [2016-04-27] () <==== ATTENTION
Task: {B33CD610-AEEF-44D6-8FF0-91A65203D26C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {B7821461-1211-40B5-A4A8-4A597686C2DF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B92A5C1F-2083-497F-B44F-60F380623673} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {BEBF0A65-E669-4669-B267-AC4E55114387} - \FreeFileViewerUpdateChecker -> No File <==== ATTENTION
Task: {C4BD6749-3FE4-44F1-B34E-C813DE89904F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {C4D5D3CC-58F8-43D2-AC4F-FA91F4439F57} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C74BD26D-6DAB-4882-A334-3613ADBFE4D0} - \Norton WSC Integration -> No File <==== ATTENTION
Task: {C825BD0B-531F-4E81-9382-74BD63255423} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-20] (Google Inc.)
Task: {CE7D2DED-4416-4126-B1BC-41E59AC191D5} - \CapSvcInst -> No File <==== ATTENTION
Task: {D1B8B535-132C-4D95-8DE9-E7775B741AA1} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {D2B881D1-2B2A-4B6E-B055-762C08CE059A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {D49D884C-0ACC-40F0-B548-9A0F18802FF7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D71FA8DB-5EFF-4692-9F18-FC282EBC1891} - \RecoveryCDWin7 -> No File <==== ATTENTION
Task: {D86CCDED-181F-4C62-B8F5-309FC9AEF0B6} - \MirageAgent -> No File <==== ATTENTION
Task: {DFD2645C-AEDE-44A1-B76E-D0C2DF751F4E} - \EPSON WF-2630 Series Update {30680B54-C78D-4B9C-B451-91E537BD9C1A} -> No File <==== ATTENTION
Task: {E23D38B1-836A-4E07-9A00-351F4FD1BB54} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {E3CD75FC-5FCA-4B24-BBC3-9DB40041949E} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {E4BA447B-930E-42DE-BB0B-39F156EAF821} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {E8FA7856-F1C0-48C9-88EE-4613503C97E8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {EA4C1747-E334-423A-A66C-7E5574F6E37B} - \CapUninst -> No File <==== ATTENTION
Task: {ECFFABC4-9447-4464-9E4D-44B979FEB852} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {F809B3DB-23B7-4759-B88C-17638039582F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {F84AB4AB-D859-44EC-AFD6-7BC01D92E892} - \TVAgent -> No File <==== ATTENTION
Task: {F8E90029-AA5B-4AFD-9ACC-EE303E75AA4F} - \RealDownloaderRealUpgradeLogonTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION
Task: {FACCCF4E-B0E0-4268-8267-AFF50525E92D} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {FAF531E4-4FD2-436B-97DD-0B2129CB708F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FC168DBD-8327-4CC8-BEBE-28B294DC8806} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {30680B54-C78D-4B9C-B451-91E537BD9C1A}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE:/EXE:{30680B54-C78D-4B9C-B451-91E537BD9C1A} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {E683BAEF-6334-4E5B-9AE6-D83069EB7356}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE:/EXE:{E683BAEF-6334-4E5B-9AE6-D83069EB7356} /F:UpdateWORKGROUP\BRUSHMORE-HP$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForbrushmore.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\brushmore\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Liz - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 02:17 - 2015-10-30 02:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-25 01:29 - 2016-04-25 01:29 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-25 01:29 - 2016-04-25 01:29 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-25 08:49 - 2016-05-25 08:49 - 00959168 _____ () C:\Users\brushmore\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-02-13 07:54 - 2016-02-13 07:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 22:51 - 2016-04-22 23:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-10 22:53 - 2016-04-22 23:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-10 22:53 - 2016-04-22 22:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-10 22:53 - 2016-04-22 22:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-10 22:53 - 2016-04-22 23:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-04-27 13:05 - 2016-04-27 13:05 - 00036732 _____ () C:\Program Files (x86)\indexes\tenths.exe
2016-04-27 13:05 - 2016-04-27 13:05 - 00010752 _____ () C:\Program Files (x86)\freaky\glenlivet.exe
2016-04-27 13:05 - 2016-04-27 13:05 - 00006144 _____ () C:\Program Files (x86)\freaky\settings.dll
2010-08-16 19:26 - 2009-07-02 16:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
2016-04-26 10:52 - 2016-04-26 10:52 - 00011776 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleApp.exe
2016-04-26 10:52 - 2016-04-26 10:52 - 09355776 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleApp.dll
2016-04-26 10:52 - 2016-04-26 10:52 - 00123904 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll
2016-04-26 10:52 - 2016-04-26 10:52 - 03691520 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleShared.dll
2016-04-26 10:52 - 2016-04-26 10:52 - 01506304 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2016-04-26 10:52 - 2016-04-26 10:52 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-04-26 10:52 - 2016-04-26 10:52 - 00334848 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PersonPicture.UAP.dll
2016-04-30 06:17 - 2016-04-30 06:17 - 10256384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2016-05-25 08:48 - 2016-05-25 08:48 - 00679624 _____ () C:\Users\brushmore\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-04-27 14:21 - 2016-04-27 14:21 - 00035840 _____ () C:\Users\brushmore\AppData\Local\lstrmn.dll
2016-06-02 11:24 - 2016-06-02 11:24 - 00098816 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32api.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00110080 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\pywintypes27.dll
2016-06-02 11:24 - 2016-06-02 11:24 - 00364544 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\pythoncom27.dll
2016-06-02 11:24 - 2016-06-02 11:24 - 00320512 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32com.shell.shell.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00776704 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\_hashlib.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 01176576 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\wx._core_.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00806400 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\wx._gdi_.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00816128 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\wx._windows_.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 01067008 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\wx._controls_.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00733184 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\wx._misc_.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00682496 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\pysqlite2._sqlite.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00088064 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\_ctypes.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00119808 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32file.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00108544 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32security.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00007168 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\hashobjs_ext.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00017920 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\thumbnails_ext.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00088064 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\usb_ext.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00012288 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\common.time34.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00018432 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32event.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00167936 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32gui.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00046080 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\_socket.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 01208320 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\_ssl.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00128512 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\_elementtree.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00127488 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\pyexpat.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00038912 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32inet.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00036864 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\_psutil_windows.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00525208 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\windows._lib_cacheinvalidation.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00011264 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32crypt.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00077312 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\wx._html2.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00027136 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\_multiprocessing.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00020480 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\_yappi.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00035840 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32process.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00686080 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\unicodedata.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00078848 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\wx._animate.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00123392 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\wx._wizard.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00024064 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32pipe.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00010240 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\select.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00025600 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32pdh.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00017408 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32profile.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00022528 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32ts.pyd
2013-05-17 18:16 - 2013-05-17 18:16 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
2013-05-17 18:16 - 2013-05-17 18:16 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.dll
2013-05-17 18:16 - 2013-05-17 18:16 - 00348488 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll
2013-05-17 18:16 - 2013-05-17 18:16 - 00126792 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll
2005-07-20 00:18 - 2005-07-20 00:18 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll
2013-05-17 18:16 - 2013-05-17 18:16 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
2013-05-17 18:16 - 2013-05-17 18:16 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll
2011-01-06 09:57 - 2010-06-17 19:00 - 12286520 _____ () C:\Users\brushmore\AppData\Roaming\PictureMover\Bin\Core.dll
2011-01-06 09:57 - 2010-06-17 19:11 - 01699384 _____ () C:\Users\brushmore\AppData\Roaming\PictureMover\EN-US\Presentation.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2016-05-12 20:14 - 2016-05-11 06:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-12 20:14 - 2016-05-11 06:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
2016-05-12 20:14 - 2016-05-11 06:48 - 17565848 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll
2016-03-13 22:47 - 2016-03-13 22:47 - 48933888 _____ () C:\Program Files (x86)\WinDriveUse\libcef.dll
2015-01-14 05:55 - 2015-01-14 05:55 - 00386560 _____ () C:\Program Files (x86)\WinDriveUse\log4cplusU.dll
2016-03-13 22:47 - 2016-03-13 22:47 - 01665536 _____ () C:\Program Files (x86)\WinDriveUse\libglesv2.dll
2016-03-13 22:47 - 2016-03-13 22:47 - 00075264 _____ () C:\Program Files (x86)\WinDriveUse\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\$talisma_url$ -> hxxps://$talisma_url$
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\Control Panel\Desktop\\Wallpaper -> c:\users\brushmore\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{d5c9cceb-fc52-4a02-8ba5-dfe431759187}.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "ATT-SST_McciTrayApp"
HKLM\...\StartupApproved\Run32: => "Conime"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\StartupApproved\StartupFolder: => "FacebookGamesNotifier.exe.lnk"
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\StartupApproved\Run: => "Buzzing Dhol.exe"
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\StartupApproved\Run: => "lstrmn"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{CDBA7D61-772E-4EFA-BA0C-F79EDD52E092}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{1C73E30A-F15B-4764-B0F2-7181189584AA}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{D3656AFC-74D2-4FD1-BF4C-9D7E93C41F66}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{B52B5131-2D44-4B48-A2EE-D3225B2D39FF}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{D1B5CBE2-6EB7-414C-B931-C4EBC6BF0DBA}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{C16ADEEE-3970-47C9-991C-C786D902E133}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{5E5A8E41-5253-4A6E-81F3-4BBC2C01BE10}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
FirewallRules: [{1561E933-44D9-4888-843D-97C9EFD5E90F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{87AB5FF3-6187-4F21-AC5E-836A0E9A94F9}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{9D28829D-BA6A-4CFA-9DD8-7E30A64F6036}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{9CE9095F-B25F-4E46-A28F-46E07F255F93}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{55DE461C-D4C8-4421-84D3-984CDA177DA4}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{0FAB022E-604C-4BF6-838D-EE403D6358E2}] => (Allow) LPort=5353
FirewallRules: [{00DDD65D-C8CA-46D8-9316-9090A848A781}] => (Allow) LPort=9322
FirewallRules: [{6F743299-1982-47F5-AA08-4E03C5AA3102}] => (Allow) LPort=5353
FirewallRules: [{978CC816-ADB8-4566-A1F0-9D4C5FA0E4A0}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{95B39356-1FCC-400E-BFDC-58E09D572C08}] => (Allow) LPort=1900
FirewallRules: [{DDEAF765-CB95-4818-944C-CDA9D60A22E1}] => (Allow) LPort=2869
FirewallRules: [{A6BE83AA-6BF3-4FD8-91E9-6B2B6D60DD41}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0F9CCD52-DBBE-40E1-B773-3506DA1723B2}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{893E36A8-922C-4AEF-BE2E-5F3BBDFCA66A}] => (Allow) svchost.exe
FirewallRules: [{CEAEDAB5-35EF-41EC-A930-7D093192F770}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5E6E6DC0-1DFB-48C4-A7A7-E7298D8923A6}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\QPService.exe
FirewallRules: [{A70951F5-DF73-4309-997D-338EC8ED315A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\QP.exe
FirewallRules: [{88BADD9F-FC37-4840-90BB-C03EA699E27A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{BE9DB4BC-CD94-4304-9182-3E6D3E46F84F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{9CBA46AA-3550-4B66-AE0C-7671E4736B23}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{2E1E126B-2E37-4095-BDB8-D973B809BFE5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{9B19C332-0176-489D-B38A-FB6243FCFD4F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{BA297109-7E92-42CC-B140-86E2DD5B8AE4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{A031A384-F475-49E3-84CC-46A4AE721ED5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{513D3901-555B-47C7-8CBC-236E28B63644}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{316E4BE8-6E1A-4FB0-A877-B99A374F1CFF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\TSMAgent.exe
FirewallRules: [{4EBF2E20-9590-4836-B04E-F00034664CA8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartVideo.exe
FirewallRules: [{217B518C-5954-4BEF-A878-D0B260B6ED95}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartPhoto.exe
FirewallRules: [{B6639966-048C-40D3-9DD3-D0CAE705E377}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartMusic.exe
FirewallRules: [{C1A71A21-B5EF-49EB-AD9E-BB86BA9ED739}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Photo\PhotoAgent.exe
FirewallRules: [{66190683-B6D9-4FF6-9F8A-0AADEF772109}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Photo\HPTouchSmartPhoto.exe
FirewallRules: [{8E2B3339-CA3E-439E-887E-7AAE5C6D3C44}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{074B874A-060A-4577-8D8B-5FE66820A865}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{751D3DEB-8CF4-4BC0-A87F-8FBDEA790BAF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{7E81C6A9-AAE9-40E8-9271-0FF2CA94AB2A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{08D73478-0277-4303-BC43-609FE53D7B03}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{79DB8D72-B5F4-455B-91E8-5761577E41E6}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩牤癩略敳睜湩牤癩略敳攮數
FirewallRules: [{0469A839-C950-4939-B32C-57B59BC1CA2E}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩牤癩略敳睜湩牤癩略敳⹟硥e
FirewallRules: [{C9467CDB-DBD0-4FEC-81D6-A2256E9C41B4}] => (Allow) C:\Users\brushmore\AppData\Local\ddnowyes.exe
FirewallRules: [{B5BE0333-1CD5-4205-8709-31D9BFDB2472}] => (Allow) C:\Users\brushmore\AppData\Local\77240979.exe
FirewallRules: [{F97464B8-87BD-493F-A792-ECAE9406DD48}] => (Allow) C:\Users\brushmore\AppData\Local\tinstall.exe
FirewallRules: [{958384B8-3519-49A5-A1B9-4A4816D77EB3}] => (Allow) C:\Users\brushmore\AppData\Local\cap.exe
FirewallRules: [{45C2364D-6C47-46A8-A34A-2575D3D02744}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{E658D117-9F49-4D2C-AB8B-317BA37A0E7A}] => (Allow) C:\Program Files (x86)\freaky\glenlivet.exe
FirewallRules: [{FC368896-477C-4F42-BCAF-0720CF1B5769}] => (Allow) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
FirewallRules: [{2AA0D376-F2CA-4158-A190-EE22C9C4BF96}] => (Allow) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
FirewallRules: [{6F6CC42A-843A-42A9-801E-CD9302648D17}] => (Allow) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
FirewallRules: [{860209F8-6534-4672-8087-B2E32192D995}] => (Allow) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
FirewallRules: [{F3218C8B-8B16-4150-BC32-76E7D03C7E2B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A1B84356-B335-4D3E-B1A2-89BDFC747905}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2150D9E5-5688-45D6-ADE7-F245914261F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8B7EB3AB-C52D-4E0B-A2CE-81131B7A1165}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F53DC981-D367-416B-A87D-B80B31100039}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
16-05-2016 10:14:39 Windows Update
23-05-2016 10:40:04 Scheduled Checkpoint
25-05-2016 15:23:07 Removed DriverUpdate
02-06-2016 10:43:19 Removed Facebook Games Arcade 0.5.0.0
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/02/2016 12:40:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x2e58
Faulting application start time: 0xwindrivetask_.exe0
Faulting application path: windrivetask_.exe1
Faulting module path: windrivetask_.exe2
Report Id: windrivetask_.exe3
Faulting package full name: windrivetask_.exe4
Faulting package-relative application ID: windrivetask_.exe5
 
Error: (06/02/2016 12:40:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x31f4
Faulting application start time: 0xwindrivetask_.exe0
Faulting application path: windrivetask_.exe1
Faulting module path: windrivetask_.exe2
Report Id: windrivetask_.exe3
Faulting package full name: windrivetask_.exe4
Faulting package-relative application ID: windrivetask_.exe5
 
Error: (06/02/2016 12:39:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x321c
Faulting application start time: 0xwindrivetask_.exe0
Faulting application path: windrivetask_.exe1
Faulting module path: windrivetask_.exe2
Report Id: windrivetask_.exe3
Faulting package full name: windrivetask_.exe4
Faulting package-relative application ID: windrivetask_.exe5
 
Error: (06/02/2016 12:39:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x33cc
Faulting application start time: 0xwindrivetask_.exe0
Faulting application path: windrivetask_.exe1
Faulting module path: windrivetask_.exe2
Report Id: windrivetask_.exe3
Faulting package full name: windrivetask_.exe4
Faulting package-relative application ID: windrivetask_.exe5
 
Error: (06/02/2016 12:37:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x74c
Faulting application start time: 0xwindrivetask_.exe0
Faulting application path: windrivetask_.exe1
Faulting module path: windrivetask_.exe2
Report Id: windrivetask_.exe3
Faulting package full name: windrivetask_.exe4
Faulting package-relative application ID: windrivetask_.exe5
 
Error: (06/02/2016 12:37:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x30f0
Faulting application start time: 0xwindrivetask_.exe0
Faulting application path: windrivetask_.exe1
Faulting module path: windrivetask_.exe2
Report Id: windrivetask_.exe3
Faulting package full name: windrivetask_.exe4
Faulting package-relative application ID: windrivetask_.exe5
 
Error: (06/02/2016 12:37:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x2cc4
Faulting application start time: 0xwindrivetask_.exe0
Faulting application path: windrivetask_.exe1
Faulting module path: windrivetask_.exe2
Report Id: windrivetask_.exe3
Faulting package full name: windrivetask_.exe4
Faulting package-relative application ID: windrivetask_.exe5
 
Error: (06/02/2016 12:29:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x1c98
Faulting application start time: 0xwindrivetask_.exe0
Faulting application path: windrivetask_.exe1
Faulting module path: windrivetask_.exe2
Report Id: windrivetask_.exe3
Faulting package full name: windrivetask_.exe4
Faulting package-relative application ID: windrivetask_.exe5
 
Error: (06/02/2016 12:29:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x27bc
Faulting application start time: 0xwindrivetask_.exe0
Faulting application path: windrivetask_.exe1
Faulting module path: windrivetask_.exe2
Report Id: windrivetask_.exe3
Faulting package full name: windrivetask_.exe4
Faulting package-relative application ID: windrivetask_.exe5
 
Error: (06/02/2016 12:28:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x1770
Faulting application start time: 0xwindrivetask_.exe0
Faulting application path: windrivetask_.exe1
Faulting module path: windrivetask_.exe2
Report Id: windrivetask_.exe3
Faulting package full name: windrivetask_.exe4
Faulting package-relative application ID: windrivetask_.exe5
 
 
System errors:
=============
Error: (06/02/2016 11:22:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
%%1058
 
Error: (06/02/2016 11:21:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_4d16c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/02/2016 11:21:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_4d16c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/02/2016 11:21:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_4d16c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/02/2016 11:21:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4d16c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/02/2016 10:53:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
%%1058
 
Error: (06/02/2016 10:52:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_c7ac4 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/02/2016 10:52:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_c7ac4 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/02/2016 10:52:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_c7ac4 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/02/2016 10:52:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_c7ac4 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-05-17 11:04:28.903
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-16 10:46:18.230
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-12 18:35:33.357
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-12 12:13:54.148
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-05-12 12:13:54.107
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-05-12 12:13:54.059
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-05-12 12:13:53.975
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-05-12 12:13:53.917
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-05-12 12:13:53.883
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-05-12 12:13:52.048
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 80%
Total physical RAM: 3831.11 MB
Available physical RAM: 728.23 MB
Total Virtual: 15607.11 MB
Available Virtual: 10723.68 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:916.34 GB) (Free:840.39 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:14.63 GB) (Free:1.72 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 596BACF9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=916.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 

  • 0

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hello Liz Corley Dickinson and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.

    I'm having a look through your logs and will post a fix soon. :)

  • 0

#3
Liz Corley Dickinson

Liz Corley Dickinson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Hello Liz Corley Dickinson and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

A few things before we get started.

  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.

    I'm having a look through your logs and will post a fix soon. :)

 

Ok  I have done everything you asked so far except the backup and will do that now.  So I am ready when you are.


  • 0

#4
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
OK

Try this fix and let me know how things are running. :)

Step1 - Remove Programs

Please uninstall the following unwanted programs:

Free File Viewer 2014

To do this.

Right-click the Start button and click Control Panel.
Go to Programs and Features (if your Control Panel is in Category view, go to Uninstall a Program).
Find the program you want to uninstall, click it to select it, and then click Uninstall.


Step2 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   8.79KB   226 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step3 - Junkware Removal Tool

    Download Junkware Removal Tool by Malwarebytes and save it to your desktop.

    Important: Please disable your anti virus prior to running this program.. Advice on how to do this for your anti virus can be found here

    1.Ensure all programs and windows are closed before proceeding.
    2.Simply double-click the program icon to run it. It will ask for administrator privileges.
    3.A black window will appear. Press any key to continue.
    4.Wait for it to finish. It won't take long.
    5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
    7. Reboot your machine and enable your anti virus again.


    Step4 - AdwCleaner


    Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    adwcleaner_zpslhu4ltda.jpg
  • Click the Scan button and wait for the program to finish.
  • Click on options tick -
    Reset proxy settings
    Reset winsock settings
    Reset TCP/IP settings
    Reset IPSec settings
    Reset Internet Explorer policies
    Reset Chrome policies
  • When finished, please click Cleaning button.
  • Upon completion, click Logfile. A log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.


    Things for your next post:
  • fixlog.txt
  • JRT.txt
  • AdwCleaner[C*].txt
  • How is your computer running now?

  • 0

#5
Liz Corley Dickinson

Liz Corley Dickinson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Its working great.  Thank you so much for all your help.  Let me know if I can delete the logs but if I need to keep the programs.  I will be donating to your paypal once you let me know this is completed.  Thank you again.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:01-06-2016
Ran by brushmore (2016-06-03 09:05:25) Run:1
Running from C:\Users\brushmore\Downloads
Loaded Profiles: brushmore (Available Profiles: brushmore & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
() C:\Program Files (x86)\indexes\tenths.exe
() C:\Program Files (x86)\freaky\glenlivet.exe
HKLM\...\Run: [alimony] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] ()
HKLM-x32\...\Run: [tannic] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] ()
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [lstrmn] => rundll32.exe "C:\Users\brushmore\AppData\Local\lstrmn.dll",lstrmn <===== ATTENTION
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [environment] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] ()
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [gaddi] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] ()
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [tenths] => C:\Program Files (x86)\indexes\tenths.exe [36732 2016-04-27] ()
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [iden] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] ()
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [Buzzing Dhol.exe] => C:\WINDOWS\system32\Buzzing Dhol.exe
Startup: C:\Users\brushmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\boughs.lnk [2016-04-27]
ShortcutTarget: boughs.lnk -> C:\Program Files (x86)\freaky\glenlivet.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={7EED87F7-DE91-11E2-A42C-7071BC899902}
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={7EED87F7-DE91-11E2-A42C-7071BC899902}
SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {BBFF1E0C-DD2A-4934-9DC9-031DD3573DE2} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=78199393-8436-4250-9016-05051E037B7C&apn_sauid=9EE7FF5E-0237-42A0-9EDD-A07958B16F9E
SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {e4a1ece8-ed94-4f93-80ea-75f978ceaf24} URL = 
Toolbar: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox => not found
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\Users\brushmore\Downloads\62632UNETA.492836F161CC8_rmspfwnbz040j!App
C:\WINDOWS\System32\Tasks\51602155
C:\WINDOWS\System32\Tasks\Pa5160215551602155
2016-04-27 14:23 - 2016-04-27 14:23 - 0000003 _____ () C:\Users\brushmore\AppData\Local\aatxtname.txt
2016-04-12 18:38 - 2016-04-12 18:38 - 0006144 _____ () C:\Users\brushmore\AppData\Local\cap.exe
2016-04-12 18:37 - 2016-04-12 18:37 - 0006144 _____ () C:\Users\brushmore\AppData\Local\cap4.exe
2016-04-18 09:02 - 2016-04-18 09:02 - 0005632 _____ () C:\Users\brushmore\AppData\Local\ddnow.exe
2016-04-18 10:49 - 2016-04-18 10:49 - 0005632 _____ () C:\Users\brushmore\AppData\Local\ddnow4.exe
2016-04-27 14:21 - 2016-04-27 14:21 - 0035840 _____ () C:\Users\brushmore\AppData\Local\lstrmn.dll
2016-03-18 00:00 - 2016-03-18 00:00 - 0000000 _____ () C:\Users\brushmore\AppData\Local\ok223.txt
2016-04-27 14:23 - 2016-04-27 14:23 - 0546687 _____ () C:\Users\brushmore\AppData\Local\setupone.exe
2016-04-05 07:26 - 2016-04-05 07:26 - 0007680 _____ () C:\Users\brushmore\AppData\Local\tinstall.exe
2016-04-05 07:25 - 2016-04-05 07:25 - 0007680 _____ () C:\Users\brushmore\AppData\Local\tinstall4.exe
2016-04-27 14:23 - 2016-04-27 14:23 - 0000000 _____ () C:\Users\brushmore\AppData\Local\tr5b.txt
2016-04-27 14:21 - 2016-04-27 14:21 - 0002560 _____ () C:\Users\brushmore\AppData\Local\uninstallssl.exe
2016-04-11 10:43 - 2016-04-11 10:43 - 0000000 _____ () C:\Users\brushmore\AppData\Local\{B77F6B91-10D7-4012-9C62-1FFEFF433044}
C:\ProgramData\uninstaller.exe
Task: {1402BFE4-9979-488A-A325-C97978CE0D9D} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION
Task: {1BBD3D17-2BC2-48DE-B4CB-AC2D92933E25} - \RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION
Task: {26F2D476-6820-448C-8A42-22E4756D5D83} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {27A9FEE3-79DB-43B0-956D-3904E869F385} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {2E9C0122-657E-42BD-A7DE-AD32C362C017} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {30EA2984-223F-4FED-BEEE-526451528BD4} - System32\Tasks\IHUninstallTrackingTASK => /C DEL C:\Users\BRUSHM~1\AppData\Local\Temp\IHU3989.tmp.exe
Task: {3A084DD6-42F0-4D4E-953E-137161098BD3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {46A90551-1549-4FC0-A381-534F27A3C5B2} - \EPSON WF-2630 Series Update {E683BAEF-6334-4E5B-9AE6-D83069EB7356} -> No File <==== ATTENTION
Task: {4FAD8A7F-ED7A-4521-A259-C1D9C9F07BF5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5C00F876-FA68-4444-AD7D-0B29D4B26E6A} - System32\Tasks\Pa5160215551602155 => C:\Program Files (x86)\freaky\glenlivet.exe [2016-04-27] ()
Task: {6202B778-C475-42DB-A385-9573AA89BCE7} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION
Task: {7441741C-BF46-4BC6-A5E4-AF4D29C17A66} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {82F3522A-25EC-4879-BED4-DDF8EBA59DF4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {845FAD93-5797-4D02-B3E5-376C0D5C828D} - \CapSchedInst -> No File <==== ATTENTION
Task: {92888A73-DB66-4D3F-B505-9925B0295D56} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {979AD95D-DE14-47CF-9E40-C7ED861E462E} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION
Task: {B27BE36A-CD54-4594-8583-C64EE66B29E7} - System32\Tasks\51602155 => C:\Program Files (x86)\freaky\glenlivet.exe [2016-04-27] () <==== ATTENTION
Task: {B7821461-1211-40B5-A4A8-4A597686C2DF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BEBF0A65-E669-4669-B267-AC4E55114387} - \FreeFileViewerUpdateChecker -> No File <==== ATTENTION
Task: {C74BD26D-6DAB-4882-A334-3613ADBFE4D0} - \Norton WSC Integration -> No File <==== ATTENTION
Task: {CE7D2DED-4416-4126-B1BC-41E59AC191D5} - \CapSvcInst -> No File <==== ATTENTION
Task: {D2B881D1-2B2A-4B6E-B055-762C08CE059A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {D49D884C-0ACC-40F0-B548-9A0F18802FF7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D71FA8DB-5EFF-4692-9F18-FC282EBC1891} - \RecoveryCDWin7 -> No File <==== ATTENTION
Task: {D86CCDED-181F-4C62-B8F5-309FC9AEF0B6} - \MirageAgent -> No File <==== ATTENTION
Task: {DFD2645C-AEDE-44A1-B76E-D0C2DF751F4E} - \EPSON WF-2630 Series Update {30680B54-C78D-4B9C-B451-91E537BD9C1A} -> No File <==== ATTENTION
Task: {E23D38B1-836A-4E07-9A00-351F4FD1BB54} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {EA4C1747-E334-423A-A66C-7E5574F6E37B} - \CapUninst -> No File <==== ATTENTION
Task: {ECFFABC4-9447-4464-9E4D-44B979FEB852} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {F84AB4AB-D859-44EC-AFD6-7BC01D92E892} - \TVAgent -> No File <==== ATTENTION
Task: {F8E90029-AA5B-4AFD-9ACC-EE303E75AA4F} - \RealDownloaderRealUpgradeLogonTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION
Task: {FAF531E4-4FD2-436B-97DD-0B2129CB708F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
C:\Program Files (x86)\indexes
C:\Program Files (x86)\freaky
C:\Users\brushmore\AppData\Local\lstrmn.dll
C:\WINDOWS\system32\Buzzing Dhol.exe
C:\Program Files\Updater By SweetPacks
C:\Program Files (x86)\FreeFileViewer
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:
 
 
*****************
 
Restore point was successfully created.
[2308] C:\Program Files (x86)\indexes\tenths.exe => process closed successfully.
[5744] C:\Program Files (x86)\freaky\glenlivet.exe => process closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\alimony => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\tannic => value removed successfully
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\Software\Microsoft\Windows\CurrentVersion\Run\\lstrmn => value removed successfully
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\Software\Microsoft\Windows\CurrentVersion\Run\\environment => value removed successfully
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\Software\Microsoft\Windows\CurrentVersion\Run\\gaddi => value removed successfully
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\Software\Microsoft\Windows\CurrentVersion\Run\\tenths => value removed successfully
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\Software\Microsoft\Windows\CurrentVersion\Run\\iden => value removed successfully
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Buzzing Dhol.exe => value removed successfully
C:\Users\brushmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\boughs.lnk => moved successfully
C:\Program Files (x86)\freaky\glenlivet.exe => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}" => key removed successfully
HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => key not found. 
"HKU\S-1-5-21-2503263900-158799546-2591639019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BBFF1E0C-DD2A-4934-9DC9-031DD3573DE2}" => key removed successfully
HKCR\CLSID\{BBFF1E0C-DD2A-4934-9DC9-031DD3573DE2} => key not found. 
"HKU\S-1-5-21-2503263900-158799546-2591639019-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{e4a1ece8-ed94-4f93-80ea-75f978ceaf24}" => key removed successfully
HKCR\CLSID\{e4a1ece8-ed94-4f93-80ea-75f978ceaf24} => key not found. 
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found. 
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKLM\Software\Mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} => value removed successfully
idsvc => service removed successfully
wpcsvc => service removed successfully
C:\Users\brushmore\Downloads\62632UNETA.492836F161CC8_rmspfwnbz040j!App => moved successfully
C:\WINDOWS\System32\Tasks\51602155 => moved successfully
C:\WINDOWS\System32\Tasks\Pa5160215551602155 => moved successfully
C:\Users\brushmore\AppData\Local\aatxtname.txt => moved successfully
C:\Users\brushmore\AppData\Local\cap.exe => moved successfully
C:\Users\brushmore\AppData\Local\cap4.exe => moved successfully
C:\Users\brushmore\AppData\Local\ddnow.exe => moved successfully
C:\Users\brushmore\AppData\Local\ddnow4.exe => moved successfully
C:\Users\brushmore\AppData\Local\lstrmn.dll => moved successfully
C:\Users\brushmore\AppData\Local\ok223.txt => moved successfully
C:\Users\brushmore\AppData\Local\setupone.exe => moved successfully
C:\Users\brushmore\AppData\Local\tinstall.exe => moved successfully
C:\Users\brushmore\AppData\Local\tinstall4.exe => moved successfully
C:\Users\brushmore\AppData\Local\tr5b.txt => moved successfully
C:\Users\brushmore\AppData\Local\uninstallssl.exe => moved successfully
C:\Users\brushmore\AppData\Local\{B77F6B91-10D7-4012-9C62-1FFEFF433044} => moved successfully
C:\ProgramData\uninstaller.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1402BFE4-9979-488A-A325-C97978CE0D9D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1402BFE4-9979-488A-A325-C97978CE0D9D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloaderDownloaderScheduledTaskS-1-5-21-2503263900-158799546-2591639019-1000" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1BBD3D17-2BC2-48DE-B4CB-AC2D92933E25}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BBD3D17-2BC2-48DE-B4CB-AC2D92933E25}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2503263900-158799546-2591639019-1000" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26F2D476-6820-448C-8A42-22E4756D5D83}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26F2D476-6820-448C-8A42-22E4756D5D83}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27A9FEE3-79DB-43B0-956D-3904E869F385}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27A9FEE3-79DB-43B0-956D-3904E869F385}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E9C0122-657E-42BD-A7DE-AD32C362C017}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E9C0122-657E-42BD-A7DE-AD32C362C017}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30EA2984-223F-4FED-BEEE-526451528BD4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30EA2984-223F-4FED-BEEE-526451528BD4}" => key removed successfully
C:\WINDOWS\System32\Tasks\IHUninstallTrackingTASK => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IHUninstallTrackingTASK" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A084DD6-42F0-4D4E-953E-137161098BD3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A084DD6-42F0-4D4E-953E-137161098BD3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46A90551-1549-4FC0-A381-534F27A3C5B2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46A90551-1549-4FC0-A381-534F27A3C5B2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPSON WF-2630 Series Update {E683BAEF-6334-4E5B-9AE6-D83069EB7356}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4FAD8A7F-ED7A-4521-A259-C1D9C9F07BF5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FAD8A7F-ED7A-4521-A259-C1D9C9F07BF5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C00F876-FA68-4444-AD7D-0B29D4B26E6A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C00F876-FA68-4444-AD7D-0B29D4B26E6A}" => key removed successfully
C:\WINDOWS\System32\Tasks\Pa5160215551602155 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pa5160215551602155" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6202B778-C475-42DB-A385-9573AA89BCE7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6202B778-C475-42DB-A385-9573AA89BCE7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2503263900-158799546-2591639019-1000" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7441741C-BF46-4BC6-A5E4-AF4D29C17A66}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7441741C-BF46-4BC6-A5E4-AF4D29C17A66}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82F3522A-25EC-4879-BED4-DDF8EBA59DF4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82F3522A-25EC-4879-BED4-DDF8EBA59DF4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{845FAD93-5797-4D02-B3E5-376C0D5C828D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{845FAD93-5797-4D02-B3E5-376C0D5C828D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CapSchedInst" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{92888A73-DB66-4D3F-B505-9925B0295D56}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92888A73-DB66-4D3F-B505-9925B0295D56}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{979AD95D-DE14-47CF-9E40-C7ED861E462E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{979AD95D-DE14-47CF-9E40-C7ED861E462E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeLogonTaskS-1-5-21-2503263900-158799546-2591639019-1000" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B27BE36A-CD54-4594-8583-C64EE66B29E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B27BE36A-CD54-4594-8583-C64EE66B29E7}" => key removed successfully
C:\WINDOWS\System32\Tasks\51602155 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\51602155" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7821461-1211-40B5-A4A8-4A597686C2DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7821461-1211-40B5-A4A8-4A597686C2DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEBF0A65-E669-4669-B267-AC4E55114387} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeFileViewerUpdateChecker => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C74BD26D-6DAB-4882-A334-3613ADBFE4D0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C74BD26D-6DAB-4882-A334-3613ADBFE4D0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE7D2DED-4416-4126-B1BC-41E59AC191D5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE7D2DED-4416-4126-B1BC-41E59AC191D5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CapSvcInst" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2B881D1-2B2A-4B6E-B055-762C08CE059A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2B881D1-2B2A-4B6E-B055-762C08CE059A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D49D884C-0ACC-40F0-B548-9A0F18802FF7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D49D884C-0ACC-40F0-B548-9A0F18802FF7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D71FA8DB-5EFF-4692-9F18-FC282EBC1891}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D71FA8DB-5EFF-4692-9F18-FC282EBC1891}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RecoveryCDWin7" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D86CCDED-181F-4C62-B8F5-309FC9AEF0B6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D86CCDED-181F-4C62-B8F5-309FC9AEF0B6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MirageAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFD2645C-AEDE-44A1-B76E-D0C2DF751F4E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFD2645C-AEDE-44A1-B76E-D0C2DF751F4E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPSON WF-2630 Series Update {30680B54-C78D-4B9C-B451-91E537BD9C1A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E23D38B1-836A-4E07-9A00-351F4FD1BB54}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E23D38B1-836A-4E07-9A00-351F4FD1BB54}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA4C1747-E334-423A-A66C-7E5574F6E37B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA4C1747-E334-423A-A66C-7E5574F6E37B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CapUninst" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECFFABC4-9447-4464-9E4D-44B979FEB852}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECFFABC4-9447-4464-9E4D-44B979FEB852}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F84AB4AB-D859-44EC-AFD6-7BC01D92E892}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F84AB4AB-D859-44EC-AFD6-7BC01D92E892}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TVAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F8E90029-AA5B-4AFD-9ACC-EE303E75AA4F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8E90029-AA5B-4AFD-9ACC-EE303E75AA4F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2503263900-158799546-2591639019-1000" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FAF531E4-4FD2-436B-97DD-0B2129CB708F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FAF531E4-4FD2-436B-97DD-0B2129CB708F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => not found.
C:\Program Files (x86)\indexes => moved successfully
C:\Program Files (x86)\freaky => moved successfully
"C:\Users\brushmore\AppData\Local\lstrmn.dll" => not found.
"C:\WINDOWS\system32\Buzzing Dhol.exe" => not found.
"C:\Program Files\Updater By SweetPacks" => not found.
"C:\Program Files (x86)\FreeFileViewer" => not found.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {9D27F3A6-9D55-48DD-8624-E8B3DFEE6DE1}.
Unable to cancel {F5399692-521E-4874-B95B-C56B46DFBBF4}.
{148EC5B3-F20F-4145-8D5A-DEBA7AA1E2AA} canceled.
{A7CC8E21-0B1C-4C72-ADAA-454709C64A8A} canceled.
2 out of 4 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 2.3 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 09:07:43 ====
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64 
Ran by brushmore (Administrator) on Fri 06/03/2016 at  9:59:09.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 11 
 
Successfully deleted: C:\end (File) 
Successfully deleted: C:\ProgramData\ask (Folder) 
Successfully deleted: C:\Users\brushmore\AppData\Local\{0460429D-7B82-48CF-9507-028C9F2CE648} (Empty Folder)
Successfully deleted: C:\Users\brushmore\AppData\Local\{15444AE7-CF42-482A-864A-9AD0F9948032} (Empty Folder)
Successfully deleted: C:\Users\brushmore\AppData\Local\slimware utilities inc (Folder) 
Successfully deleted: C:\Users\brushmore\AppData\Roaming\systweak (Folder) 
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder) 
Successfully deleted: C:\WINDOWS\system32\drivers\swdumon.sys (File) 
Successfully deleted: C:\WINDOWS\wininit.ini (File) 
Successfully deleted: C:\WINDOWS\prefetch\DRIVERUPDATE-SETUP.EXE-55E870B0.pf (File) 
Successfully deleted: C:\WINDOWS\prefetch\FREEFILEVIEWER.EXE-7A385F01.pf (File) 
 
 
 
Registry: 4 
 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A334AA6E-85E6-4159-9BDC-747AC59C00A5} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{A334AA6E-85E6-4159-9BDC-747AC59C00A5} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/03/2016 at 10:04:39.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v5.119 - Logfile created 03/06/2016 at 12:41:52
# Updated 30/05/2016 by Xplode
# Database : 2016-05-30.3 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : brushmore - BRUSHMORE
# Running from : C:\Users\brushmore\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\WINDOWS\Buzzing Dhol
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\brushmore\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
[-] Key Deleted : HKCU\Software\Bitberry
[-] Key Deleted : HKCU\Software\Bitberry Software
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\wecarereminder
[-] Key Deleted : HKCU\Software\INSTALLPATH\STATUS
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By Sweetpacks
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key Deleted : HKLM\SOFTWARE\firstsearch
[-] Key Deleted : HKLM\SOFTWARE\MPC
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\SweetIM
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Key Deleted : HKLM\SOFTWARE\Updater By Sweetpacks
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetStream 1.0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
[-] Key Deleted : HKU\.DEFAULT\Software\WNLT
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2503263900-158799546-2591639019-1000\Software\IM
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2503263900-158799546-2591639019-1000\Software\SweetIM
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2503263900-158799546-2591639019-1000\Software\Updater By Sweetpacks
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2503263900-158799546-2591639019-1000\Software\WNLT
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A334AA6E-85E6-4159-9BDC-747AC59C00A5}
[-] Value Deleted : HKU\S-1-5-21-2503263900-158799546-2591639019-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Buzzing Dhol.exe]
[-] Value Deleted : HKU\S-1-5-21-2503263900-158799546-2591639019-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [lstrmn]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask_
[-] [C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask
[-] [C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www.ask.com/web?q={searchTerms}&amp;o=15527&amp;l=dis&amp;prt=360&amp;chn=retail&amp;geo=US&amp;ver=6&gct=sb&qsrc=2869
 
*************************
 
:: "Tracing" keys deleted
:: Proxy settings cleared
:: Winsock settings cleared
:: TCP/IP settings cleared
:: IPSec settings cleared
:: IE policies deleted
:: Chrome policies deleted
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [6846 bytes] - [03/06/2016 12:41:52]
C:\AdwCleaner\AdwCleaner[S1].txt - [331 bytes] - [03/06/2016 12:37:02]
C:\AdwCleaner\AdwCleaner[S2].txt - [7294 bytes] - [03/06/2016 12:38:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7064 bytes] ##########
 
 

  • 0

#6
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Liz Corley Dickinson
 

Its working great.

:thumbsup:

Excellent! Stay with me though as we still have a few things to check before I declare your machine clean.

Next steps for you.

Step1 - Malwarebytes


Please download Malwarebytes' Anti-Malware from Here or Here
Double-click on mbam-setup-version-number.exe to install the application.
Before clicking Finish perform the following actions --

Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
Check the box beside Launch Malwarebytes Anti-Malware

Once the program has loaded, The MBAM dashboard may appear with an alert to update - click the button Fix Now;

Navigate to the Settings tab > Detection and Protection and ensure all the boxes under Detection Options are checked.

MBAM_settings_zps3dey1yqg.jpg

Return to the Dashboard click on Scan Now;

MBAM_scan_zpsoqfjupkt.jpg

If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
Copy and Paste the contents of the log in your next reply.


Step2 - ESET scan


You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.
  • Please go here then click on esetbar_zps93905f48.jpg.
  • You will however need to disable your current installed Anti-Virus, how to do so can be read here.
If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow Add-On/Active X to install.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
    2.JPG
  • Now click on Start.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt.
  • Copy and paste that log as a reply to this topic.
  • When completed select Uninstall application on close.
  • Now click on Finish.

    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


    Things for your next post:
  • MBAM log
  • ESET log.txt

  • 0

#7
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP