Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

commercial playing over speakers when computer is on; commercial is fo

Started by Liz Corley Dickinson , Jun 02 2016 12:10 PM

This topic is locked

#1
Liz Corley Dickinson

Posted 02 June 2016 - 12:10 PM

New Member

Member
3 posts

A commercial plays every time I turn on my computer. I am unable to listen to the radio, watch a movie or use my speakers in any way. the most common one is for "Nissan" Please help

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-06-2016

Ran by brushmore (administrator) on BRUSHMORE (02-06-2016 12:49:00)

Running from C:\Users\brushmore\Downloads

Loaded Profiles: brushmore (Available Profiles: brushmore & DefaultAppPool)

Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe

(Microsoft Corporation) C:\Windows\System32\mqsvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\N360.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Slideway Inc.) C:\Program Files (x86)\windriveuse\WinDriveSync.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE

(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe

(Slideway Inc.) C:\Program Files (x86)\windriveuse\WinDriveSync_.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(Microsoft Corporation) C:\Windows\System32\alg.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\N360.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe

() C:\Program Files (x86)\indexes\tenths.exe

() C:\Program Files (x86)\freaky\glenlivet.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE

(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe

(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

() C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleApp.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe

(Slideway Inc.) C:\Program Files (x86)\windriveuse\WinDriveUse.exe

(Slideway Inc.) C:\Program Files (x86)\windriveuse\WinDriveUse_.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-05] (Realtek Semiconductor)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM\...\Run: [alimony] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] ()

HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)

HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)

HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)

HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)

HKLM-x32\...\Run: [Buttons & OSDs control application gen3] => c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe [53248 2009-11-30] (Hewlett-Packard)

HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2014-05-26] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2014-05-26] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [tannic] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] ()

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()

HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [lstrmn] => rundll32.exe "C:\Users\brushmore\AppData\Local\lstrmn.dll",lstrmn <===== ATTENTION

HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [environment] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] ()

HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [gaddi] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] ()

HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [tenths] => C:\Program Files (x86)\indexes\tenths.exe [36732 2016-04-27] ()

HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [iden] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] ()

HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [Buzzing Dhol.exe] => C:\WINDOWS\system32\Buzzing Dhol.exe

HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)

HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe

HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe

HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\RunOnce: [Uninstall C:\Users\brushmore\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\brushmore\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"

HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\RunOnce: [Uninstall C:\Users\brushmore\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\brushmore\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"

HKU\S-1-5-21-2503263900-158799546-2591639019-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->

HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMDE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)

HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)

ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)

ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)

ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)

ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)

ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)

ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2011-01-06]

ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2011-01-06]

ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2011-01-06]

ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk [2010-08-16]

ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

Startup: C:\Users\brushmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\boughs.lnk [2016-04-27]

ShortcutTarget: boughs.lnk -> C:\Program Files (x86)\freaky\glenlivet.exe ()

Startup: C:\Users\brushmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FacebookGamesNotifier.exe.lnk [2016-05-12]

ShortcutTarget: FacebookGamesNotifier.exe.lnk -> C:\Users\brushmore\AppData\Local\Facebook\Games\FacebookGamesNotifier.exe (No File)

Startup: C:\Users\brushmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-06-01]

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip\..\Interfaces\{59fc41d8-6d53-4d0a-887c-269cb3670b38}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip\..\Interfaces\{90f1d325-819d-43d1-be8c-3a555eb07ca7}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:

==================

HKU\S-1-5-21-2503263900-158799546-2591639019-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/webhp?sourceid=navclient&ie=UTF-8&gws_rd=ssl

HKU\S-1-5-21-2503263900-158799546-2591639019-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1

SearchScopes: HKLM -> DefaultScope {1A418B94-1411-4359-819B-7233A215D941} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

SearchScopes: HKLM -> {11A01865-BF8E-4CE0-9B1E-D858D3158720} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM -> {1A418B94-1411-4359-819B-7233A215D941} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

SearchScopes: HKLM -> {A334AA6E-85E6-4159-9BDC-747AC59C00A5} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKLM -> {B4143579-943C-46D9-8636-18BC034FA098} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={7EED87F7-DE91-11E2-A42C-7071BC899902}

SearchScopes: HKLM-x32 -> {11A01865-BF8E-4CE0-9B1E-D858D3158720} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM-x32 -> {1A418B94-1411-4359-819B-7233A215D941} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {A334AA6E-85E6-4159-9BDC-747AC59C00A5} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKLM-x32 -> {B4143579-943C-46D9-8636-18BC034FA098} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={7EED87F7-DE91-11E2-A42C-7071BC899902}

SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {11A01865-BF8E-4CE0-9B1E-D858D3158720} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {1A418B94-1411-4359-819B-7233A215D941} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {A334AA6E-85E6-4159-9BDC-747AC59C00A5} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5

SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {B4143579-943C-46D9-8636-18BC034FA098} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {BBFF1E0C-DD2A-4934-9DC9-031DD3573DE2} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=78199393-8436-4250-9016-05051E037B7C&apn_sauid=9EE7FF5E-0237-42A0-9EDD-A07958B16F9E

SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {e4a1ece8-ed94-4f93-80ea-75f978ceaf24} URL =

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)

BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)

Toolbar: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

Toolbar: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll [2013-05-17] (Intuit, Inc.)

Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [] ()

FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-04] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [] ()

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2016-03-09] ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2503263900-158799546-2591639019-1000: @citrixonline.com/appdetectorplugin -> C:\Users\brushmore\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-06-28] (Citrix Online)

FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox => not found

FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.6.0.142\coFFAddon

FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.6.0.142\coFFAddon [2016-04-25]

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\coFFPlgn => not found

FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox => not found

FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.6.0.142\coFFAddon

Chrome:

=======

CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/?gws_rd=ssl"

CHR Profile: C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-31]

CHR Extension: (Google Drive) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]

CHR Extension: (YouTube) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-20]

CHR Extension: (Google Search) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]

CHR Extension: (Google Docs Offline) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-01]

CHR Extension: (Norton Identity Safe) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-04-25]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-01]

CHR Extension: (Chrome Web Store Payments) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]

CHR Extension: (My Chrome Theme) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-04-25]

CHR Extension: (Maleficent Theme) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\paemmgjnkkafpbppkooglpgcbjfjclmm [2016-04-25]

CHR Extension: (Gmail) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-31]

CHR Profile: C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1

CHR Extension: (Google Slides) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-03]

CHR Extension: (Google Docs) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-03]

CHR Extension: (Google Drive) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-03]

CHR Extension: (YouTube) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-03]

CHR Extension: (Norton Security Toolbar) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-05-03]

CHR Extension: (Google Sheets) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-03]

CHR Extension: (PDFConverterHQ) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbbkoefeoahoeacccmoggemldnjccbdf [2016-05-24]

CHR Extension: (Google Docs Offline) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-03]

CHR Extension: (Norton Identity Safe) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-05-03]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-03]

CHR Extension: (Chrome Web Store Payments) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-03]

CHR Extension: (Gmail) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-03]

CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\Exts\Chrome.crx [2016-04-25]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

CHR HKU\S-1-5-21-2503263900-158799546-2591639019-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\Exts\Chrome.crx [2016-04-25]

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)

R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-06-25] (SEIKO EPSON CORPORATION)

R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)

S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-03-09] (WildTangent)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)

R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]

R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\N360.exe [289080 2016-02-26] (Symantec Corporation)

R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)

R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-03-02] (Alcatel-Lucent) [File not signed]

R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)

R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-05-17] (Intuit) [File not signed]

S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]

R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-11-09] (Intuit Inc.) [File not signed]

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

R2 WinDriveSvc; C:\Program Files (x86)\windriveuse\WinDriveSync.exe [140984 2016-03-31] (Slideway Inc.)

R2 WinDriveSvc2; C:\Program Files (x86)\windriveuse\WinDriveSync_.exe [140984 2016-03-31] (Slideway Inc.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIService; C:\Windows\System32\drivers\OSDACPI.SYS [17992 2009-06-17] ()

R3 AVerAVF2; C:\Windows\system32\DRIVERS\AVerAVF2.sys [1212416 2010-11-11] (AVerMedia TECHNOLOGIES, Inc.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.6.0.142\Definitions\BASHDefs\20160125.001\BHDrvx64.sys [1665608 2016-02-23] (Symantec Corporation)

R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1606000.08E\ccSetx64.sys [173808 2016-02-23] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2016-02-04] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2016-02-04] (Symantec Corporation)

R3 FintekCIR; C:\Windows\system32\DRIVERS\FintekCIR.sys [33064 2013-07-25] (Fintek)

R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.6.0.142\Definitions\IPSDefs\20160223.011\IDSVia64.sys [767224 2016-02-23] (Symantec Corporation)

S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))

S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.6.0.142\Definitions\VirusDefs\20160424.025\ENG64.SYS [138488 2016-02-04] (Symantec Corporation)

S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.6.0.142\Definitions\VirusDefs\20160424.025\EX64.SYS [2148080 2016-02-04] (Symantec Corporation)

R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)

R3 NWVoltron; C:\Windows\System32\drivers\NWVoltron.sys [28920 2013-02-04] ()

R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )

S3 SMSIVZAM5X64; C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys [43032 2009-03-20] (Smith Micro Inc.)

S3 SRTSP; C:\Windows\system32\drivers\N360x64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1606000.08E\SRTSPX64.SYS [50936 2016-02-23] (Symantec Corporation)

S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [13920 2016-05-24] ()

R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation)

S4 SymELAM; C:\Windows\system32\drivers\N360x64\1606000.08E\SymELAM.sys [24192 2016-02-23] (Symantec Corporation)

R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-04-25] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360x64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation)

R1 SymNetS; C:\Windows\system32\drivers\N360x64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

U3 idsvc; no ImagePath

U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-02 12:11 - 2016-06-02 12:15 - 00065156 _____ C:\Users\brushmore\Downloads\Addition.txt

2016-06-02 12:09 - 2016-06-02 12:49 - 00035154 _____ C:\Users\brushmore\Downloads\FRST.txt

2016-06-02 12:09 - 2016-06-02 12:49 - 00000000 ____D C:\FRST

2016-06-02 12:09 - 2016-06-02 12:09 - 02383872 _____ (Farbar) C:\Users\brushmore\Downloads\FRST64.exe

2016-06-02 11:24 - 2016-06-02 11:24 - 00000000 ___HD C:\OneDriveTemp

2016-06-01 12:33 - 2016-06-01 12:33 - 00063668 _____ C:\Users\brushmore\Downloads\FAX_20160601_1464802018_134 (2).pdf

2016-06-01 12:30 - 2016-06-01 12:30 - 00063668 _____ C:\Users\brushmore\Downloads\FAX_20160601_1464802018_134 (1).pdf

2016-06-01 12:29 - 2016-06-01 12:29 - 00063668 _____ C:\Users\brushmore\Downloads\FAX_20160601_1464802018_134.pdf

2016-06-01 10:04 - 2016-06-01 10:04 - 00017620 _____ C:\Users\brushmore\Downloads\restauraurant contract.wpd

2016-05-31 11:08 - 2016-05-31 11:08 - 05237558 _____ C:\Users\brushmore\Downloads\Madison Terminal Building Bid Set Specifications-signed.pdf

2016-05-28 10:14 - 2016-05-28 10:14 - 00000000 ____D C:\Users\Default\AppData\Local\Google

2016-05-28 10:14 - 2016-05-28 10:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

2016-05-26 11:01 - 2016-05-26 11:02 - 00001463 _____ C:\Users\brushmore\Desktop\Transmittal Letter.lnk

2016-05-24 20:45 - 2016-05-24 20:45 - 00000000 ___RD C:\Users\brushmore\Downloads\62632UNETA.492836F161CC8_rmspfwnbz040j!App

2016-05-24 20:40 - 2016-05-25 15:23 - 00000000 ____D C:\Users\brushmore\AppData\Local\SlimWare Utilities Inc

2016-05-24 20:40 - 2016-05-24 20:40 - 00013920 _____ C:\WINDOWS\system32\Drivers\SWDUMon.sys

2016-05-24 20:40 - 2016-05-24 20:40 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers

2016-05-24 20:39 - 2016-05-24 20:39 - 00961800 _____ (Slimware Utilities, Inc.) C:\Users\brushmore\Downloads\DriverUpdate-setup.exe

2016-05-24 17:40 - 2016-06-01 10:05 - 00000000 ____D C:\Users\brushmore\Desktop\Liz

2016-05-24 17:18 - 2016-05-24 17:18 - 00032770 _____ C:\Users\brushmore\Downloads\FAX_20160524_1464121754_77.pdf

2016-05-23 19:52 - 2016-05-23 19:52 - 00000000 ____D C:\Users\brushmore\AppData\Local\HuluDesktop

2016-05-23 13:46 - 2016-05-23 13:46 - 00070518 _____ C:\Users\brushmore\Downloads\FAX_20160523_1464027183_113.pdf

2016-05-18 17:11 - 2016-05-18 17:11 - 00036703 _____ C:\Users\brushmore\Downloads\Report_from_BRUSHMORE_PAINT_LLC.pdf

2016-05-16 10:55 - 2016-05-16 10:55 - 00001282 _____ C:\Users\brushmore\Desktop\Proposal.lnk

2016-05-12 18:34 - 2016-05-12 18:34 - 00000000 ____D C:\Users\brushmore\AppData\Local\FacebookGames

2016-05-12 18:32 - 2016-05-12 18:32 - 00001296 _____ C:\Users\brushmore\Desktop\Facebook Games.lnk

2016-05-12 18:32 - 2016-05-12 18:32 - 00000000 ____D C:\Users\brushmore\AppData\Local\Facebook

2016-05-12 18:29 - 2016-05-12 18:31 - 00100120 _____ () C:\Users\brushmore\Downloads\FacebookGamesArcadeSetup.exe

2016-05-12 13:45 - 2016-05-12 13:47 - 00000205 _____ C:\Users\brushmore\Desktop\EFax.url

2016-05-12 03:55 - 2016-05-12 03:55 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

2016-05-10 22:53 - 2016-04-23 00:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2016-05-10 22:53 - 2016-04-23 00:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2016-05-10 22:53 - 2016-04-23 00:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2016-05-10 22:53 - 2016-04-23 00:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2016-05-10 22:53 - 2016-04-23 00:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2016-05-10 22:53 - 2016-04-23 00:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2016-05-10 22:53 - 2016-04-23 00:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll

2016-05-10 22:53 - 2016-04-23 00:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll

2016-05-10 22:53 - 2016-04-22 23:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2016-05-10 22:53 - 2016-04-22 23:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2016-05-10 22:53 - 2016-04-22 23:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2016-05-10 22:53 - 2016-04-22 23:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll

2016-05-10 22:53 - 2016-04-22 23:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll

2016-05-10 22:53 - 2016-04-22 23:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2016-05-10 22:53 - 2016-04-22 23:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2016-05-10 22:53 - 2016-04-22 23:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll

2016-05-10 22:53 - 2016-04-22 23:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2016-05-10 22:53 - 2016-04-22 23:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2016-05-10 22:53 - 2016-04-22 23:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll

2016-05-10 22:53 - 2016-04-22 23:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll

2016-05-10 22:53 - 2016-04-22 23:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2016-05-10 22:53 - 2016-04-22 23:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll

2016-05-10 22:53 - 2016-04-22 23:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll

2016-05-10 22:53 - 2016-04-22 23:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2016-05-10 22:53 - 2016-04-22 23:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll

2016-05-10 22:53 - 2016-04-22 23:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll

2016-05-10 22:53 - 2016-04-22 23:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll

2016-05-10 22:53 - 2016-04-22 23:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll

2016-05-10 22:53 - 2016-04-22 23:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll

2016-05-10 22:53 - 2016-04-22 23:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2016-05-10 22:53 - 2016-04-22 23:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll

2016-05-10 22:53 - 2016-04-22 23:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll

2016-05-10 22:53 - 2016-04-22 23:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2016-05-10 22:53 - 2016-04-22 23:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll

2016-05-10 22:53 - 2016-04-22 23:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll

2016-05-10 22:53 - 2016-04-22 23:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll

2016-05-10 22:53 - 2016-04-22 23:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2016-05-10 22:53 - 2016-04-22 23:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2016-05-10 22:53 - 2016-04-22 23:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2016-05-10 22:53 - 2016-04-22 23:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll

2016-05-10 22:53 - 2016-04-22 23:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2016-05-10 22:53 - 2016-04-22 23:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2016-05-10 22:53 - 2016-04-22 23:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2016-05-10 22:52 - 2016-05-05 23:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys

2016-05-10 22:52 - 2016-05-05 23:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll

2016-05-10 22:52 - 2016-05-05 22:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll

2016-05-10 22:52 - 2016-05-05 22:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll

2016-05-10 22:52 - 2016-05-05 22:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll

2016-05-10 22:52 - 2016-05-05 22:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll

2016-05-10 22:52 - 2016-04-30 01:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2016-05-10 22:52 - 2016-04-30 01:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2016-05-10 22:52 - 2016-04-23 01:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2016-05-10 22:52 - 2016-04-23 01:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2016-05-10 22:52 - 2016-04-23 01:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2016-05-10 22:52 - 2016-04-23 01:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2016-05-10 22:52 - 2016-04-23 01:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2016-05-10 22:52 - 2016-04-23 01:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe

2016-05-10 22:52 - 2016-04-23 01:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2016-05-10 22:52 - 2016-04-23 01:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe

2016-05-10 22:52 - 2016-04-23 00:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2016-05-10 22:52 - 2016-04-23 00:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll

2016-05-10 22:52 - 2016-04-23 00:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2016-05-10 22:52 - 2016-04-23 00:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2016-05-10 22:52 - 2016-04-23 00:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll

2016-05-10 22:52 - 2016-04-23 00:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll

2016-05-10 22:52 - 2016-04-23 00:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll

2016-05-10 22:52 - 2016-04-23 00:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll

2016-05-10 22:52 - 2016-04-23 00:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll

2016-05-10 22:52 - 2016-04-23 00:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe

2016-05-10 22:52 - 2016-04-23 00:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll

2016-05-10 22:52 - 2016-04-23 00:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll

2016-05-10 22:52 - 2016-04-23 00:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll

2016-05-10 22:52 - 2016-04-23 00:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys

2016-05-10 22:52 - 2016-04-23 00:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

2016-05-10 22:52 - 2016-04-23 00:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll

2016-05-10 22:52 - 2016-04-23 00:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe

2016-05-10 22:52 - 2016-04-23 00:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe

2016-05-10 22:52 - 2016-04-23 00:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe

2016-05-10 22:52 - 2016-04-23 00:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

2016-05-10 22:52 - 2016-04-23 00:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll

2016-05-10 22:52 - 2016-04-23 00:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll

2016-05-10 22:52 - 2016-04-23 00:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll

2016-05-10 22:52 - 2016-04-23 00:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe

2016-05-10 22:52 - 2016-04-23 00:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll

2016-05-10 22:52 - 2016-04-23 00:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2016-05-10 22:52 - 2016-04-23 00:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll

2016-05-10 22:52 - 2016-04-23 00:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll

2016-05-10 22:52 - 2016-04-23 00:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

2016-05-10 22:52 - 2016-04-23 00:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll

2016-05-10 22:52 - 2016-04-23 00:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll

2016-05-10 22:52 - 2016-04-23 00:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2016-05-10 22:52 - 2016-04-23 00:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll

2016-05-10 22:52 - 2016-04-23 00:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll

2016-05-10 22:52 - 2016-04-23 00:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll

2016-05-10 22:52 - 2016-04-23 00:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll

2016-05-10 22:52 - 2016-04-23 00:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll

2016-05-10 22:52 - 2016-04-23 00:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll

2016-05-10 22:52 - 2016-04-23 00:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll

2016-05-10 22:52 - 2016-04-23 00:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll

2016-05-10 22:52 - 2016-04-23 00:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll

2016-05-10 22:52 - 2016-04-22 23:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS

2016-05-10 22:52 - 2016-04-22 23:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll

2016-05-10 22:52 - 2016-04-22 23:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll

2016-05-10 22:52 - 2016-04-22 23:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll

2016-05-10 22:52 - 2016-04-22 23:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll

2016-05-10 22:52 - 2016-04-22 23:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll

2016-05-10 22:52 - 2016-04-22 23:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll

2016-05-10 22:52 - 2016-04-22 23:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll

2016-05-10 22:52 - 2016-04-22 23:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe

2016-05-10 22:52 - 2016-04-22 23:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll

2016-05-10 22:52 - 2016-04-22 23:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll

2016-05-10 22:52 - 2016-04-22 23:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll

2016-05-10 22:52 - 2016-04-22 23:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll

2016-05-10 22:52 - 2016-04-22 23:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll

2016-05-10 22:52 - 2016-04-22 23:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll

2016-05-10 22:52 - 2016-04-22 23:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll

2016-05-10 22:52 - 2016-04-22 23:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll

2016-05-10 22:52 - 2016-04-22 23:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll

2016-05-10 22:52 - 2016-04-22 23:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll

2016-05-10 22:52 - 2016-04-22 23:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll

2016-05-10 22:52 - 2016-04-22 23:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll

2016-05-10 22:52 - 2016-04-22 23:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll

2016-05-10 22:52 - 2016-04-22 23:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll

2016-05-10 22:52 - 2016-04-22 23:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll

2016-05-10 22:52 - 2016-04-22 23:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll

2016-05-10 22:52 - 2016-04-22 23:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll

2016-05-10 22:52 - 2016-04-22 23:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll

2016-05-10 22:52 - 2016-04-22 23:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll

2016-05-10 22:52 - 2016-04-22 23:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll

2016-05-10 22:52 - 2016-04-22 23:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2016-05-10 22:52 - 2016-04-22 23:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2016-05-10 22:52 - 2016-04-22 23:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe

2016-05-10 22:52 - 2016-04-22 23:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll

2016-05-10 22:52 - 2016-04-22 23:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll

2016-05-10 22:52 - 2016-04-22 23:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll

2016-05-10 22:52 - 2016-04-22 23:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll

2016-05-10 22:52 - 2016-04-22 23:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll

2016-05-10 22:52 - 2016-04-22 23:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll

2016-05-10 22:52 - 2016-04-22 23:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2016-05-10 22:52 - 2016-04-22 23:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll

2016-05-10 22:52 - 2016-04-22 23:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll

2016-05-10 22:52 - 2016-04-22 23:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll

2016-05-10 22:52 - 2016-04-22 23:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll

2016-05-10 22:52 - 2016-04-22 23:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll

2016-05-10 22:52 - 2016-04-22 23:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll

2016-05-10 22:52 - 2016-04-22 23:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2016-05-10 22:52 - 2016-04-22 23:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2016-05-10 22:52 - 2016-04-22 23:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll

2016-05-10 22:52 - 2016-04-22 23:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll

2016-05-10 22:52 - 2016-04-22 23:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2016-05-10 22:52 - 2016-04-22 23:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll

2016-05-10 22:52 - 2016-04-22 23:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll

2016-05-10 22:52 - 2016-04-22 23:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll

2016-05-10 22:52 - 2016-04-22 23:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll

2016-05-10 22:52 - 2016-04-22 23:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2016-05-10 22:52 - 2016-04-22 23:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2016-05-10 22:52 - 2016-04-22 23:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll

2016-05-10 22:52 - 2016-04-22 23:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2016-05-10 22:52 - 2016-04-22 23:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll

2016-05-10 22:52 - 2016-04-22 23:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll

2016-05-10 22:52 - 2016-04-22 23:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2016-05-10 22:52 - 2016-04-22 23:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll

2016-05-10 22:52 - 2016-04-22 23:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2016-05-10 22:52 - 2016-04-22 23:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2016-05-10 22:52 - 2016-04-22 23:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll

2016-05-10 22:52 - 2016-04-22 23:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll

2016-05-10 22:52 - 2016-04-22 23:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2016-05-10 22:52 - 2016-04-22 23:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2016-05-10 22:52 - 2016-04-22 23:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2016-05-10 22:52 - 2016-04-22 23:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll

2016-05-10 22:52 - 2016-04-22 23:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll

2016-05-10 22:52 - 2016-04-22 23:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll

2016-05-10 22:52 - 2016-04-22 23:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll

2016-05-10 22:52 - 2016-04-22 23:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2016-05-10 22:52 - 2016-04-22 23:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll

2016-05-10 22:52 - 2016-04-22 23:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll

2016-05-10 22:52 - 2016-04-22 22:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll

2016-05-10 22:52 - 2016-04-22 21:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2016-05-10 22:51 - 2016-05-05 23:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll

2016-05-10 22:51 - 2016-05-05 22:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll

2016-05-10 22:51 - 2016-04-23 00:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys

2016-05-10 22:51 - 2016-04-23 00:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys

2016-05-10 22:51 - 2016-04-23 00:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys

2016-05-10 22:51 - 2016-04-23 00:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2016-05-10 22:51 - 2016-04-23 00:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll

2016-05-10 22:51 - 2016-04-23 00:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll

2016-05-10 22:51 - 2016-04-23 00:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll

2016-05-10 22:51 - 2016-04-23 00:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys

2016-05-10 22:51 - 2016-04-23 00:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll

2016-05-10 22:51 - 2016-04-23 00:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe

2016-05-10 22:51 - 2016-04-23 00:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll

2016-05-10 22:51 - 2016-04-23 00:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll

2016-05-10 22:51 - 2016-04-23 00:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll

2016-05-10 22:51 - 2016-04-22 23:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys

2016-05-10 22:51 - 2016-04-22 23:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll

2016-05-10 22:51 - 2016-04-22 23:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2016-05-10 22:51 - 2016-04-22 23:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll

2016-05-10 22:51 - 2016-04-22 23:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll

2016-05-10 22:51 - 2016-04-22 23:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys

2016-05-10 22:51 - 2016-04-22 23:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe

2016-05-10 22:51 - 2016-04-22 23:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll

2016-05-10 22:51 - 2016-04-22 23:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll

2016-05-10 22:51 - 2016-04-22 23:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll

2016-05-10 22:51 - 2016-04-22 23:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys

2016-05-10 22:51 - 2016-04-22 23:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll

2016-05-10 22:51 - 2016-04-22 23:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe

2016-05-10 22:51 - 2016-04-22 23:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll

2016-05-10 22:51 - 2016-04-22 23:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll

2016-05-10 22:51 - 2016-04-22 23:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll

2016-05-10 22:51 - 2016-04-22 23:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll

2016-05-10 22:51 - 2016-04-22 23:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll

2016-05-10 22:51 - 2016-04-22 23:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys

2016-05-10 22:51 - 2016-04-22 23:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll

2016-05-10 22:51 - 2016-04-22 23:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll

2016-05-10 22:51 - 2016-04-22 23:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll

2016-05-10 22:51 - 2016-04-22 23:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2016-05-10 22:51 - 2016-04-22 23:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll

2016-05-10 22:51 - 2016-04-22 23:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe

2016-05-10 22:51 - 2016-04-22 23:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll

2016-05-10 22:51 - 2016-04-22 23:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll

2016-05-10 22:51 - 2016-04-22 23:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll

2016-05-10 22:51 - 2016-04-22 23:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll

2016-05-10 22:51 - 2016-04-22 23:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll

2016-05-10 22:51 - 2016-04-22 23:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll

2016-05-10 22:51 - 2016-04-22 23:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll

2016-05-10 22:51 - 2016-04-22 23:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll

2016-05-10 22:51 - 2016-04-22 23:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll

2016-05-10 22:51 - 2016-04-22 23:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll

2016-05-10 22:51 - 2016-04-22 23:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll

2016-05-10 22:51 - 2016-04-22 23:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll

2016-05-10 22:51 - 2016-04-22 21:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml

2016-05-10 22:51 - 2016-04-18 17:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml

2016-05-10 17:08 - 2016-05-10 17:08 - 00003990 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2016-05-10 17:08 - 2016-05-10 17:08 - 00003758 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2016-05-09 14:30 - 2016-05-09 14:30 - 00000156 _____ C:\Users\brushmore\Desktop\New Internet Shortcut.url

2016-05-07 16:42 - 2016-05-29 07:44 - 00000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForbrushmore.job

2016-05-06 12:59 - 2016-05-06 12:59 - 00004687 _____ C:\Users\brushmore\Downloads\google (1).csv

2016-05-06 12:58 - 2016-05-06 12:58 - 00004687 _____ C:\Users\brushmore\Downloads\google.csv

2016-05-05 16:40 - 2016-05-05 16:48 - 00000000 ____D C:\Users\brushmore\Downloads\Family

2016-05-05 09:24 - 2016-05-05 09:24 - 02273962 _____ C:\Users\brushmore\Downloads\NOVEMBER BANK STATEMENT 1201 (1).pdf

2016-05-05 09:23 - 2016-05-05 09:23 - 19982306 _____ C:\Users\brushmore\Downloads\SEPTEMBER BANK STATEMENTS 1201.pdf

2016-05-05 09:23 - 2016-05-05 09:23 - 17047482 _____ C:\Users\brushmore\Downloads\JULY BANKSTATEMENT 1201 2015.pdf

2016-05-05 09:23 - 2016-05-05 09:23 - 04998969 _____ C:\Users\brushmore\Downloads\EDECEMBER BANKSTATEMENT 1201.pdf

2016-05-05 09:22 - 2016-05-05 09:22 - 17300837 _____ C:\Users\brushmore\Downloads\MARCH 2015 1201.pdf

2016-05-05 09:22 - 2016-05-05 09:22 - 11241475 _____ C:\Users\brushmore\Downloads\JANUARY 2015 1201.pdf

2016-05-05 09:22 - 2016-05-05 09:22 - 03153613 _____ C:\Users\brushmore\Downloads\DECEMBER BANK STATEMENT 1201.pdf

2016-05-05 09:21 - 2016-05-05 09:21 - 02273962 _____ C:\Users\brushmore\Downloads\NOVEMBER BANK STATEMENT 1201.pdf

2016-05-04 18:29 - 2016-05-04 18:30 - 13677800 _____ (Google) C:\Users\brushmore\Downloads\picasa39-setup.exe

2016-05-04 13:33 - 2016-05-04 13:33 - 00166940 _____ C:\Users\brushmore\Downloads\n8YOot4.jpeg

2016-05-04 13:29 - 2016-05-04 13:29 - 02400784 _____ (Microsoft Corporation) C:\Users\brushmore\Downloads\Live_Photo_Gallery.exe

2016-05-04 13:29 - 2016-05-04 13:29 - 00000000 ____D C:\ProgramData\WLInstaller

2016-05-04 13:28 - 2016-05-04 13:30 - 33205720 _____ ( ) C:\Users\brushmore\Downloads\p3dalbuminst-1.2.exe

2016-05-03 20:39 - 2016-05-05 16:53 - 00000000 ____D C:\Users\brushmore\Documents\My Smilebox Creations

2016-05-03 20:39 - 2016-05-03 20:39 - 00889632 _____ (Smilebox, Inc.) C:\Users\brushmore\Downloads\SmileboxInstaller.exe

2016-05-03 20:39 - 2016-05-03 20:39 - 00000416 _____ C:\Users\brushmore\Downloads\tmp.htm

2016-05-03 14:49 - 2016-05-03 14:49 - 15721345 _____ C:\Users\brushmore\Downloads\Zip 2.mov

2016-05-03 14:49 - 2016-05-03 14:49 - 11645833 _____ C:\Users\brushmore\Downloads\Zip 1.mov

2016-05-03 14:49 - 2016-05-03 14:49 - 05604186 _____ C:\Users\brushmore\Downloads\Zip 3.mov

2016-05-03 14:11 - 2016-05-03 14:12 - 386797986 _____ C:\Users\brushmore\Downloads\Nick's Moves.MOV

2016-05-03 14:10 - 2016-05-03 14:10 - 34292869 _____ C:\Users\brushmore\Downloads\Nicks Moves 1.MOV

2016-05-03 14:09 - 2016-05-03 14:09 - 90237532 _____ C:\Users\brushmore\Downloads\Brads Dance.MOV

2016-05-03 14:09 - 2016-05-03 14:09 - 18078182 _____ C:\Users\brushmore\Downloads\Beach Day Movie.mov

2016-05-03 14:09 - 2016-05-03 14:09 - 06845062 _____ C:\Users\brushmore\Downloads\Beach Day Waves.MOV

2016-05-03 11:46 - 2016-05-03 11:46 - 00113411 _____ C:\Users\brushmore\Downloads\2014-2015 G.L. Audit (1).pdf

2016-05-03 11:45 - 2016-05-03 11:45 - 00098399 _____ C:\Users\brushmore\Downloads\UnroutedAttachment (1).PDF

2016-05-03 09:23 - 2016-05-23 11:00 - 00000000 ___RD C:\Users\brushmore\iCloudDrive

2016-05-03 09:23 - 2016-05-03 09:23 - 00000000 ____D C:\Users\brushmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud

2016-05-03 09:23 - 2016-05-03 09:23 - 00000000 ____D C:\Users\brushmore\AppData\Local\Apple Inc

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-02 12:48 - 2016-04-11 11:48 - 00000911 _____ C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {30680B54-C78D-4B9C-B451-91E537BD9C1A}.job

2016-06-02 12:40 - 2011-01-06 10:50 - 00000000 ____D C:\Users\brushmore\AppData\Local\CrashDumps

2016-06-02 12:13 - 2013-06-26 08:41 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2016-06-02 12:00 - 2016-04-24 23:00 - 00000945 _____ C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {E683BAEF-6334-4E5B-9AE6-D83069EB7356}.job

2016-06-02 11:57 - 2012-04-02 12:13 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2016-06-02 11:38 - 2016-05-01 17:06 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5FDB7303-45FA-4BF1-B095-AB3B6A8C491C}

2016-06-02 11:31 - 2016-04-25 10:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360

2016-06-02 11:25 - 2016-05-01 14:42 - 00000000 ___RD C:\Users\brushmore\Google Drive

2016-06-02 11:25 - 2013-06-26 08:41 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-06-02 11:24 - 2016-04-26 16:35 - 00000000 ___RD C:\Users\brushmore\OneDrive

2016-06-02 11:24 - 2016-04-06 14:15 - 00000410 _____ C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job

2016-06-02 11:23 - 2013-04-17 15:07 - 00000439 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics

2016-06-02 11:22 - 2016-02-13 08:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-06-02 11:22 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI

2016-06-02 10:58 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness

2016-06-02 10:50 - 2010-08-16 19:33 - 00000000 ____D C:\ProgramData\TouchSmartData

2016-06-02 10:05 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps

2016-06-02 09:59 - 2016-04-27 14:23 - 00003866 _____ C:\WINDOWS\System32\Tasks\51602155

2016-06-02 09:59 - 2016-04-27 14:23 - 00003734 _____ C:\WINDOWS\System32\Tasks\Pa5160215551602155

2016-06-02 09:49 - 2016-04-24 22:41 - 00000000 ____D C:\Users\brushmore

2016-06-01 11:40 - 2016-04-11 13:12 - 00000000 ____D C:\Users\brushmore\Desktop\Brushmore

2016-05-31 18:28 - 2013-04-29 23:50 - 00000000 ____D C:\Users\brushmore\Documents\Outlook Files

2016-05-28 10:15 - 2016-05-01 12:59 - 00002117 _____ C:\Users\Public\Desktop\Google Slides.lnk

2016-05-28 10:15 - 2016-05-01 12:59 - 00002115 _____ C:\Users\Public\Desktop\Google Sheets.lnk

2016-05-28 10:15 - 2016-05-01 12:59 - 00002105 _____ C:\Users\Public\Desktop\Google Docs.lnk

2016-05-28 10:15 - 2016-05-01 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2016-05-26 21:02 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM

2016-05-26 20:52 - 2011-01-12 11:08 - 00000000 ____D C:\Users\brushmore\AppData\Local\ElevatedDiagnostics

2016-05-26 20:42 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF

2016-05-26 16:19 - 2016-04-25 10:12 - 00000000 ____D C:\Users\brushmore\AppData\Local\Packages

2016-05-25 08:49 - 2016-04-26 16:35 - 00002418 _____ C:\Users\brushmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2016-05-23 12:25 - 2016-04-25 14:55 - 00000000 ____D C:\Users\brushmore\AppData\Roaming\Apple Computer

2016-05-23 12:25 - 2016-04-25 14:54 - 00000000 ____D C:\Program Files\Common Files\Apple

2016-05-23 10:09 - 2016-04-25 13:58 - 00000000 ____D C:\Users\DefaultAppPool

2016-05-19 22:40 - 2016-02-13 08:20 - 00000000 __RHD C:\Users\Public\AccountPictures

2016-05-19 22:32 - 2013-06-26 08:41 - 00000000 ____D C:\Users\brushmore\AppData\Local\Google

2016-05-19 22:32 - 2013-06-26 08:41 - 00000000 ____D C:\Program Files (x86)\Google

2016-05-16 18:18 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache

2016-05-16 10:19 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp

2016-05-12 20:14 - 2013-06-26 08:42 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-05-12 13:32 - 2016-02-02 13:11 - 00000000 ____D C:\Users\brushmore\Documents\BRUSHMORE FORMS

2016-05-12 03:52 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe

2016-05-12 03:52 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser

2016-05-12 03:51 - 2016-02-13 08:03 - 00000000 ____D C:\Program Files\Windows Journal

2016-05-12 03:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Provisioning

2016-05-12 03:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr

2016-05-11 16:40 - 2015-10-30 02:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml

2016-05-11 16:35 - 2013-07-12 14:36 - 00000000 ____D C:\WINDOWS\system32\MRT

2016-05-11 16:19 - 2011-06-02 10:35 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2016-05-11 14:57 - 2015-10-30 02:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2016-05-11 14:57 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2016-05-05 17:11 - 2013-04-03 13:54 - 00000000 ___RD C:\Users\brushmore\Documents\Scanned Documents

==================== Files in the root of some directories =======

2016-04-27 14:23 - 2016-04-27 14:23 - 0000003 _____ () C:\Users\brushmore\AppData\Local\aatxtname.txt

2016-04-12 18:38 - 2016-04-12 18:38 - 0006144 _____ () C:\Users\brushmore\AppData\Local\cap.exe

2016-04-12 18:37 - 2016-04-12 18:37 - 0006144 _____ () C:\Users\brushmore\AppData\Local\cap4.exe

2016-04-18 09:02 - 2016-04-18 09:02 - 0005632 _____ () C:\Users\brushmore\AppData\Local\ddnow.exe

2016-04-18 10:49 - 2016-04-18 10:49 - 0005632 _____ () C:\Users\brushmore\AppData\Local\ddnow4.exe

2012-04-12 16:29 - 2012-04-26 11:26 - 0000236 _____ () C:\Users\brushmore\AppData\Local\LaunchHomeCenter.log

2016-04-27 14:21 - 2016-04-27 14:21 - 0035840 _____ () C:\Users\brushmore\AppData\Local\lstrmn.dll

2016-03-18 00:00 - 2016-03-18 00:00 - 0000000 _____ () C:\Users\brushmore\AppData\Local\ok223.txt

2016-04-27 14:23 - 2016-04-27 14:23 - 0546687 _____ () C:\Users\brushmore\AppData\Local\setupone.exe

2016-04-05 07:26 - 2016-04-05 07:26 - 0007680 _____ () C:\Users\brushmore\AppData\Local\tinstall.exe

2016-04-05 07:25 - 2016-04-05 07:25 - 0007680 _____ () C:\Users\brushmore\AppData\Local\tinstall4.exe

2016-04-27 14:23 - 2016-04-27 14:23 - 0000000 _____ () C:\Users\brushmore\AppData\Local\tr5b.txt

2016-04-27 14:21 - 2016-04-27 14:21 - 0002560 _____ () C:\Users\brushmore\AppData\Local\uninstallssl.exe

2016-04-11 10:43 - 2016-04-11 10:43 - 0000000 _____ () C:\Users\brushmore\AppData\Local\{B77F6B91-10D7-4012-9C62-1FFEFF433044}

2011-06-16 13:17 - 2011-06-16 13:17 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

2013-06-24 21:41 - 2013-06-24 21:41 - 4325376 _____ () C:\ProgramData\ReadOnlyInstaller.msi

2013-06-26 13:50 - 2013-06-26 13:50 - 0033958 _____ () C:\ProgramData\uninstaller.exe

Files to move or delete:

====================

C:\ProgramData\uninstaller.exe

Some files in TEMP:

====================

C:\Users\brushmore\AppData\Local\Temp\IHU3B10.tmp.exe

C:\Users\brushmore\AppData\Local\Temp\IHUA7BF.tmp.exe

C:\Users\brushmore\AppData\Local\Temp\scp30D2.tmp.exe

C:\Users\brushmore\AppData\Local\Temp\Setup.exe

C:\Users\brushmore\AppData\Local\Temp\Uninstall.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-29 17:15

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-06-2016

Ran by brushmore (2016-06-02 12:49:53)

Running from C:\Users\brushmore\Downloads

Windows 10 Home Version 1511 (X64) (2016-04-25 15:12:14)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2503263900-158799546-2591639019-500 - Administrator - Disabled)

brushmore (S-1-5-21-2503263900-158799546-2591639019-1000 - Administrator - Enabled) => C:\Users\brushmore

DefaultAccount (S-1-5-21-2503263900-158799546-2591639019-503 - Limited - Disabled)

Guest (S-1-5-21-2503263900-158799546-2591639019-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2503263900-158799546-2591639019-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Norton 360 (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}

FW: Norton 360 (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)

Adobe Reader X (10.1.7) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)

Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden

Ancient Hearts (x32 Version: 2.2.0.95 - WildTangent) Hidden

Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)

Azteca (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)

Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden

Bob the Builder Can-Do-Zoo (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden

Build-a-lot (x32 Version: 2.2.0.95 - WildTangent) Hidden

Buttons & OSDs control application gen3 (HKLM-x32\...\{79ECA886-C6EF-4BB3-9920-CB7906C01589}) (Version: 1.0.5.0 - Hewlett-Packard)

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)

Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)

Corel Paint it! touch - IPM (x32 Version: 1.1 - Corel Corporation) Hidden

CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden

DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden

Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.0.4030 - Hewlett-Packard)

DVD Menu Pack for HP TouchSmart Video (x32 Version: 4.0.4030 - Hewlett-Packard) Hidden

Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)

Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)

Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.51.00 - SEIKO EPSON CORPORATION)

Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)

EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)

EPSON WF-2630 Series Printer Uninstall (HKLM\...\EPSON WF-2630 Series) (Version: - SEIKO EPSON Corporation)

Epson WF-2630 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-2630 User’s Guide_is1) (Version: 1.0 - )

EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version: - SEIKO EPSON Corporation)

EpsonNet Print (HKLM\...\{F983229B-587E-4322-BCB9-D7A49734E5CD}) (Version: 3.0.0.0 - SEIKO EPSON CORPORATION)

Facebook for HP TouchSmart (HKLM-x32\...\{DE665CEA-0968-4211-B0B0-2A917CE9EC7E}) (Version: 1.0.0019 - Hewlett-Packard)

FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden

Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION

Gem Shop (x32 Version: 2.2.0.95 - WildTangent) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)

Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)

HP AppsCenter 1.00 (HKLM-x32\...\HP AppsCenter 1.00) (Version: - )

HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)

HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)

HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BDDA1E1E-204E-4368-B0C2-737F16B76307}) (Version: 1.0.3.0 - Hewlett-Packard)

HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.14.0 - Hewlett-Packard)

HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)

HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.2.8.25 - Hewlett-Packard Company)

HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)

HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.4.18.7 - Hewlett-Packard Company)

HP TouchSmart (HKLM-x32\...\{32A2B967-279F-457D-B767-76352DA2F108}) (Version: 4.0.32.0 - Hewlett-Packard)

HP TouchSmart Calendar (HKLM-x32\...\{22CD5AA1-C28D-458A-AC3D-FB30F74111F9}) (Version: 4.0.3845.32287 - Hewlett-Packard)

HP TouchSmart Canvas (HKLM-x32\...\{157A2E65-1D59-4BE2-BBD4-D16A14EEF959}) (Version: 2.0.3832.30169 - Hewlett-Packard)

HP TouchSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.0.4229 - Hewlett-Packard)

HP TouchSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.3.3017 - Hewlett-Packard)

HP TouchSmart Notes (HKLM-x32\...\{5A9DADC3-6C03-4C83-8622-60405126D1E0}) (Version: 4.0.3845.23935 - Hewlett-Packard)

HP TouchSmart Paint it! by Corel (HKLM-x32\...\_{6807F13C-A925-4DD8-80C0-24D93A6FFE83}) (Version: 1.5.0.100 - Hewlett-Packard)

HP TouchSmart Photo (HKLM-x32\...\InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}) (Version: 4.0.4215 - Hewlett-Packard)

HP TouchSmart Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 3.2.0.2 - Hewlett-Packard)

HP TouchSmart Twitter (HKLM-x32\...\{29F19C52-0B82-4741-8015-8D46E28638EC}) (Version: 3.0.3833.22527 - Hewlett-Packard)

HP TouchSmart Video (HKLM-x32\...\InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}) (Version: 4.0.4211 - Hewlett-Packard)

HP TouchSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.0.3107 - Hewlett-Packard)

HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)

HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.4.0 - Hewlett-Packard)

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Java 7 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)

Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.)

LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden

LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)

Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)

Movie Theme Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.0.4030 - Hewlett-Packard)

Movie Theme Pack for HP TouchSmart Video (x32 Version: 4.0.4030 - Hewlett-Packard) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

NetStream 1.0 (HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\NetStream 1.0) (Version: - )

Norton 360 (HKLM-x32\...\N360) (Version: 22.6.0.142 - Symantec Corporation)

Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)

PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc)

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)

PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden

PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.28 - Hewlett-Packard Company)

Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.)

Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden

PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.)

PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden

PreReq (x32 Version: 6.2.3.0 - Eastman Kodak Company) Hidden

PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 - NewspaperDirect Inc.)

QuickBooks (x32 Version: 21.0.4013.904 - Intuit Inc.) Hidden

QuickBooks Pro 2011 (HKLM-x32\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4013.904 - Intuit Inc.)

Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: - Ralink)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6675 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.3025 - CyberLink Corp.) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

Skip-Bo - Castaway Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden

Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)

SpongeBob Diner Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden

Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden

Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden

VZAccess Manager (HKLM-x32\...\{7641FD7D-E94E-424E-A95C-0593C84DC0C0}) (Version: 7.0.1.8 - Smith Micro Software Inc.)

Where's Waldo The Fantastic Journey (x32 Version: 2.2.0.95 - WildTangent) Hidden

WildTangent Games App for HP (x32 Version: 4.1.1.8 - WildTangent) Hidden

Window Drive Manager (HKLM-x32\...\Window Drive Manager) (Version: 1.56 - Slideway Inc.)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2503263900-158799546-2591639019-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\brushmore\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03B88F19-8294-4DD0-8CA7-3D815BD06881} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe

Task: {03FCE5F1-C0D3-42D7-B94C-B2CA9B653DD3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)

Task: {0614E216-9586-4DC9-9417-9663E71FFA81} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe

Task: {09DD22EA-249F-4834-94E9-2F324E944E0D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {0E8551ED-005D-40C6-90E3-80D5843F8DBB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe

Task: {1402BFE4-9979-488A-A325-C97978CE0D9D} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION

Task: {14E0C08B-D561-4490-A4A9-1126B538650F} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2016-02-25] (Symantec Corporation)

Task: {1BBD3D17-2BC2-48DE-B4CB-AC2D92933E25} - \RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION

Task: {26F2D476-6820-448C-8A42-22E4756D5D83} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {27A9FEE3-79DB-43B0-956D-3904E869F385} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION

Task: {27C411B7-E322-486B-938E-48EF225CFC07} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe

Task: {2E9C0122-657E-42BD-A7DE-AD32C362C017} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {2F0B2903-9F5B-4E96-8394-51698C1980DD} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe

Task: {30EA2984-223F-4FED-BEEE-526451528BD4} - System32\Tasks\IHUninstallTrackingTASK => /C DEL C:\Users\BRUSHM~1\AppData\Local\Temp\IHU3989.tmp.exe

Task: {345E76C7-1FF6-4567-B74C-29C7CE00E20C} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)

Task: {3691FF85-D708-409B-BE7A-284ADA2BCFB2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe

Task: {38C2B106-E6CC-4C34-B21B-609D1C392CDE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-20] (Google Inc.)

Task: {392AAB2B-15F7-48B1-B07E-0BE480D834F6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe

Task: {3A084DD6-42F0-4D4E-953E-137161098BD3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {4174D0B1-D662-4442-BE05-E74FDA7AB687} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {46A90551-1549-4FC0-A381-534F27A3C5B2} - \EPSON WF-2630 Series Update {E683BAEF-6334-4E5B-9AE6-D83069EB7356} -> No File <==== ATTENTION

Task: {4FAD8A7F-ED7A-4521-A259-C1D9C9F07BF5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {5C00F876-FA68-4444-AD7D-0B29D4B26E6A} - System32\Tasks\Pa5160215551602155 => C:\Program Files (x86)\freaky\glenlivet.exe [2016-04-27] ()

Task: {5F3EFF12-D237-431D-8C71-922D5380A040} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe

Task: {6202B778-C475-42DB-A385-9573AA89BCE7} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION

Task: {7441741C-BF46-4BC6-A5E4-AF4D29C17A66} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {75E207A5-0575-446A-974A-D178024369F1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe

Task: {7B0DFFF0-6088-41CF-A75A-878BA845C91F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe

Task: {82F3522A-25EC-4879-BED4-DDF8EBA59DF4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {845FAD93-5797-4D02-B3E5-376C0D5C828D} - \CapSchedInst -> No File <==== ATTENTION

Task: {8465E2C1-36AD-4EA3-8ECA-5C561635B621} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe

Task: {87885476-5820-48E3-8DF4-175CB40C18AF} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)

Task: {8AE259D7-56CC-4182-9A1A-7698C13D1C63} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)

Task: {92888A73-DB66-4D3F-B505-9925B0295D56} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {979AD95D-DE14-47CF-9E40-C7ED861E462E} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION

Task: {9C76EAFA-128D-49FE-8A1C-A8656F9EAE80} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)

Task: {9D68AD1A-3850-45B6-BC03-009D74EB709E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe

Task: {A1D35F98-7D4F-4EC2-9239-00601DC46FCE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe

Task: {A489B528-91C6-4184-A0AF-723508AC6495} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe

Task: {A894259E-D7D0-41BB-AED3-1D8F66401E39} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe

Task: {B10439E1-E185-4DB2-807B-DD6AC98B530E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe

Task: {B27BE36A-CD54-4594-8583-C64EE66B29E7} - System32\Tasks\51602155 => C:\Program Files (x86)\freaky\glenlivet.exe [2016-04-27] () <==== ATTENTION

Task: {B33CD610-AEEF-44D6-8FF0-91A65203D26C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

Task: {B7821461-1211-40B5-A4A8-4A597686C2DF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {B92A5C1F-2083-497F-B44F-60F380623673} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe

Task: {BEBF0A65-E669-4669-B267-AC4E55114387} - \FreeFileViewerUpdateChecker -> No File <==== ATTENTION

Task: {C4BD6749-3FE4-44F1-B34E-C813DE89904F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)

Task: {C4D5D3CC-58F8-43D2-AC4F-FA91F4439F57} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe

Task: {C74BD26D-6DAB-4882-A334-3613ADBFE4D0} - \Norton WSC Integration -> No File <==== ATTENTION

Task: {C825BD0B-531F-4E81-9382-74BD63255423} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-20] (Google Inc.)

Task: {CE7D2DED-4416-4126-B1BC-41E59AC191D5} - \CapSvcInst -> No File <==== ATTENTION

Task: {D1B8B535-132C-4D95-8DE9-E7775B741AA1} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)

Task: {D2B881D1-2B2A-4B6E-B055-762C08CE059A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION

Task: {D49D884C-0ACC-40F0-B548-9A0F18802FF7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: {D71FA8DB-5EFF-4692-9F18-FC282EBC1891} - \RecoveryCDWin7 -> No File <==== ATTENTION

Task: {D86CCDED-181F-4C62-B8F5-309FC9AEF0B6} - \MirageAgent -> No File <==== ATTENTION

Task: {DFD2645C-AEDE-44A1-B76E-D0C2DF751F4E} - \EPSON WF-2630 Series Update {30680B54-C78D-4B9C-B451-91E537BD9C1A} -> No File <==== ATTENTION

Task: {E23D38B1-836A-4E07-9A00-351F4FD1BB54} - \Adobe Flash Player Updater -> No File <==== ATTENTION

Task: {E3CD75FC-5FCA-4B24-BBC3-9DB40041949E} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()

Task: {E4BA447B-930E-42DE-BB0B-39F156EAF821} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)

Task: {E8FA7856-F1C0-48C9-88EE-4613503C97E8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {EA4C1747-E334-423A-A66C-7E5574F6E37B} - \CapUninst -> No File <==== ATTENTION

Task: {ECFFABC4-9447-4464-9E4D-44B979FEB852} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION

Task: {F809B3DB-23B7-4759-B88C-17638039582F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe

Task: {F84AB4AB-D859-44EC-AFD6-7BC01D92E892} - \TVAgent -> No File <==== ATTENTION

Task: {F8E90029-AA5B-4AFD-9ACC-EE303E75AA4F} - \RealDownloaderRealUpgradeLogonTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION

Task: {FACCCF4E-B0E0-4268-8267-AFF50525E92D} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)

Task: {FAF531E4-4FD2-436B-97DD-0B2129CB708F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {FC168DBD-8327-4CC8-BEBE-28B294DC8806} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {30680B54-C78D-4B9C-B451-91E537BD9C1A}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE:/EXE:{30680B54-C78D-4B9C-B451-91E537BD9C1A} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

Task: C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {E683BAEF-6334-4E5B-9AE6-D83069EB7356}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE:/EXE:{E683BAEF-6334-4E5B-9AE6-D83069EB7356} /F:UpdateWORKGROUP\BRUSHMORE-HP$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\HPCeeScheduleForbrushmore.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\brushmore\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Liz - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:17 - 2015-10-30 02:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2016-04-25 01:29 - 2016-04-25 01:29 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2016-04-25 01:29 - 2016-04-25 01:29 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

2016-05-25 08:49 - 2016-05-25 08:49 - 00959168 _____ () C:\Users\brushmore\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll

2016-02-13 07:54 - 2016-02-13 07:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll

2016-05-10 22:51 - 2016-04-22 23:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

2016-05-10 22:53 - 2016-04-22 23:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2016-05-10 22:53 - 2016-04-22 22:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2016-05-10 22:53 - 2016-04-22 22:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2016-05-10 22:53 - 2016-04-22 23:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2016-04-27 13:05 - 2016-04-27 13:05 - 00036732 _____ () C:\Program Files (x86)\indexes\tenths.exe

2016-04-27 13:05 - 2016-04-27 13:05 - 00010752 _____ () C:\Program Files (x86)\freaky\glenlivet.exe

2016-04-27 13:05 - 2016-04-27 13:05 - 00006144 _____ () C:\Program Files (x86)\freaky\settings.dll

2010-08-16 19:26 - 2009-07-02 16:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe

2016-04-26 10:52 - 2016-04-26 10:52 - 00011776 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleApp.exe

2016-04-26 10:52 - 2016-04-26 10:52 - 09355776 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleApp.dll

2016-04-26 10:52 - 2016-04-26 10:52 - 00123904 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll

2016-04-26 10:52 - 2016-04-26 10:52 - 03691520 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleShared.dll

2016-04-26 10:52 - 2016-04-26 10:52 - 01506304 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll

2016-04-26 10:52 - 2016-04-26 10:52 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll

2016-04-26 10:52 - 2016-04-26 10:52 - 00334848 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PersonPicture.UAP.dll

2016-04-30 06:17 - 2016-04-30 06:17 - 10256384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll

2016-05-25 08:48 - 2016-05-25 08:48 - 00679624 _____ () C:\Users\brushmore\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll

2016-04-27 14:21 - 2016-04-27 14:21 - 00035840 _____ () C:\Users\brushmore\AppData\Local\lstrmn.dll

2016-06-02 11:24 - 2016-06-02 11:24 - 00098816 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32api.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00110080 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\pywintypes27.dll

2016-06-02 11:24 - 2016-06-02 11:24 - 00364544 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\pythoncom27.dll

2016-06-02 11:24 - 2016-06-02 11:24 - 00320512 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32com.shell.shell.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00776704 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\_hashlib.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 01176576 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\wx._core_.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00806400 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\wx._gdi_.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00816128 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\wx._windows_.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 01067008 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\wx._controls_.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00733184 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\wx._misc_.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00682496 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\pysqlite2._sqlite.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00088064 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\_ctypes.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00119808 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32file.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00108544 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32security.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00007168 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\hashobjs_ext.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00017920 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\thumbnails_ext.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00088064 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\usb_ext.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00012288 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\common.time34.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00018432 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32event.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00167936 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32gui.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00046080 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\_socket.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 01208320 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\_ssl.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00128512 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\_elementtree.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00127488 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\pyexpat.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00038912 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32inet.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00036864 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\_psutil_windows.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00525208 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\windows._lib_cacheinvalidation.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00011264 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32crypt.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00077312 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\wx._html2.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00027136 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\_multiprocessing.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00020480 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\_yappi.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00035840 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32process.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00686080 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\unicodedata.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00078848 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\wx._animate.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00123392 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\wx._wizard.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00024064 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32pipe.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00010240 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\select.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00025600 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32pdh.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00017408 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32profile.pyd

2016-06-02 11:24 - 2016-06-02 11:24 - 00022528 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32ts.pyd

2013-05-17 18:16 - 2013-05-17 18:16 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll

2013-05-17 18:16 - 2013-05-17 18:16 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.dll

2013-05-17 18:16 - 2013-05-17 18:16 - 00348488 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll

2013-05-17 18:16 - 2013-05-17 18:16 - 00126792 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll

2005-07-20 00:18 - 2005-07-20 00:18 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll

2013-05-17 18:16 - 2013-05-17 18:16 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll

2013-05-17 18:16 - 2013-05-17 18:16 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll

2011-01-06 09:57 - 2010-06-17 19:00 - 12286520 _____ () C:\Users\brushmore\AppData\Roaming\PictureMover\Bin\Core.dll

2011-01-06 09:57 - 2010-06-17 19:11 - 01699384 _____ () C:\Users\brushmore\AppData\Roaming\PictureMover\EN-US\Presentation.dll

2010-02-09 20:58 - 2010-02-09 20:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

2010-02-09 20:58 - 2010-02-09 20:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll

2010-02-09 20:58 - 2010-02-09 20:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll

2010-02-09 20:58 - 2010-02-09 20:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll

2010-02-09 20:58 - 2010-02-09 20:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll

2010-02-09 20:58 - 2010-02-09 20:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll

2010-02-09 20:58 - 2010-02-09 20:58 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll

2010-02-09 20:58 - 2010-02-09 20:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

2016-05-12 20:14 - 2016-05-11 06:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll

2016-05-12 20:14 - 2016-05-11 06:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll

2016-05-12 20:14 - 2016-05-11 06:48 - 17565848 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll

2016-03-13 22:47 - 2016-03-13 22:47 - 48933888 _____ () C:\Program Files (x86)\WinDriveUse\libcef.dll

2015-01-14 05:55 - 2015-01-14 05:55 - 00386560 _____ () C:\Program Files (x86)\WinDriveUse\log4cplusU.dll

2016-03-13 22:47 - 2016-03-13 22:47 - 01665536 _____ () C:\Program Files (x86)\WinDriveUse\libglesv2.dll

2016-03-13 22:47 - 2016-03-13 22:47 - 00075264 _____ () C:\Program Files (x86)\WinDriveUse\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\$talisma_url$ -> hxxps://$talisma_url$

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2503263900-158799546-2591639019-1000\Control Panel\Desktop\\Wallpaper -> c:\users\brushmore\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{d5c9cceb-fc52-4a02-8ba5-dfe431759187}.jpg

DNS Servers: 75.75.75.75 - 75.75.76.76

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "ATT-SST_McciTrayApp"

HKLM\...\StartupApproved\Run32: => "Conime"

HKLM\...\StartupApproved\Run32: => "Norton Online Backup"

HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\StartupApproved\StartupFolder: => "FacebookGamesNotifier.exe.lnk"

HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\StartupApproved\Run: => "Buzzing Dhol.exe"

HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\StartupApproved\Run: => "lstrmn"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808

FirewallRules: [{CDBA7D61-772E-4EFA-BA0C-F79EDD52E092}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

FirewallRules: [{1C73E30A-F15B-4764-B0F2-7181189584AA}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

FirewallRules: [{D3656AFC-74D2-4FD1-BF4C-9D7E93C41F66}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe

FirewallRules: [{B52B5131-2D44-4B48-A2EE-D3225B2D39FF}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe

FirewallRules: [{D1B5CBE2-6EB7-414C-B931-C4EBC6BF0DBA}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe

FirewallRules: [{C16ADEEE-3970-47C9-991C-C786D902E133}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe

FirewallRules: [{5E5A8E41-5253-4A6E-81F3-4BBC2C01BE10}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe

FirewallRules: [{1561E933-44D9-4888-843D-97C9EFD5E90F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

FirewallRules: [{87AB5FF3-6187-4F21-AC5E-836A0E9A94F9}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe

FirewallRules: [{9D28829D-BA6A-4CFA-9DD8-7E30A64F6036}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe

FirewallRules: [{9CE9095F-B25F-4E46-A28F-46E07F255F93}] => (Allow) C:\Windows\System32\dmwu.exe

FirewallRules: [{55DE461C-D4C8-4421-84D3-984CDA177DA4}] => (Allow) C:\Windows\System32\dmwu.exe

FirewallRules: [{0FAB022E-604C-4BF6-838D-EE403D6358E2}] => (Allow) LPort=5353

FirewallRules: [{00DDD65D-C8CA-46D8-9316-9090A848A781}] => (Allow) LPort=9322

FirewallRules: [{6F743299-1982-47F5-AA08-4E03C5AA3102}] => (Allow) LPort=5353

FirewallRules: [{978CC816-ADB8-4566-A1F0-9D4C5FA0E4A0}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

FirewallRules: [{95B39356-1FCC-400E-BFDC-58E09D572C08}] => (Allow) LPort=1900

FirewallRules: [{DDEAF765-CB95-4818-944C-CDA9D60A22E1}] => (Allow) LPort=2869

FirewallRules: [{A6BE83AA-6BF3-4FD8-91E9-6B2B6D60DD41}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{0F9CCD52-DBBE-40E1-B773-3506DA1723B2}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe

FirewallRules: [{893E36A8-922C-4AEF-BE2E-5F3BBDFCA66A}] => (Allow) svchost.exe

FirewallRules: [{CEAEDAB5-35EF-41EC-A930-7D093192F770}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{5E6E6DC0-1DFB-48C4-A7A7-E7298D8923A6}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\QPService.exe

FirewallRules: [{A70951F5-DF73-4309-997D-338EC8ED315A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\QP.exe

FirewallRules: [{88BADD9F-FC37-4840-90BB-C03EA699E27A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe

FirewallRules: [{BE9DB4BC-CD94-4304-9182-3E6D3E46F84F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe

FirewallRules: [{9CBA46AA-3550-4B66-AE0C-7671E4736B23}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe

FirewallRules: [{2E1E126B-2E37-4095-BDB8-D973B809BFE5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe

FirewallRules: [{9B19C332-0176-489D-B38A-FB6243FCFD4F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe

FirewallRules: [{BA297109-7E92-42CC-B140-86E2DD5B8AE4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe

FirewallRules: [{A031A384-F475-49E3-84CC-46A4AE721ED5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe

FirewallRules: [{513D3901-555B-47C7-8CBC-236E28B63644}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\Kernel\CLML\CLMLSvc.exe

FirewallRules: [{316E4BE8-6E1A-4FB0-A877-B99A374F1CFF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\TSMAgent.exe

FirewallRules: [{4EBF2E20-9590-4836-B04E-F00034664CA8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartVideo.exe

FirewallRules: [{217B518C-5954-4BEF-A878-D0B260B6ED95}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartPhoto.exe

FirewallRules: [{B6639966-048C-40D3-9DD3-D0CAE705E377}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartMusic.exe

FirewallRules: [{C1A71A21-B5EF-49EB-AD9E-BB86BA9ED739}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Photo\PhotoAgent.exe

FirewallRules: [{66190683-B6D9-4FF6-9F8A-0AADEF772109}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Photo\HPTouchSmartPhoto.exe

FirewallRules: [{8E2B3339-CA3E-439E-887E-7AAE5C6D3C44}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe

FirewallRules: [{074B874A-060A-4577-8D8B-5FE66820A865}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe

FirewallRules: [{751D3DEB-8CF4-4BC0-A87F-8FBDEA790BAF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\CinemaNow\CinemaNow.exe

FirewallRules: [{7E81C6A9-AAE9-40E8-9271-0FF2CA94AB2A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\CinemaNow\CinemaNow.exe

FirewallRules: [{08D73478-0277-4303-BC43-609FE53D7B03}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE

FirewallRules: [{79DB8D72-B5F4-455B-91E8-5761577E41E6}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩牤癩略敳睜湩牤癩略敳攮數

FirewallRules: [{0469A839-C950-4939-B32C-57B59BC1CA2E}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩牤癩略敳睜湩牤癩略敳⹟硥e

FirewallRules: [{C9467CDB-DBD0-4FEC-81D6-A2256E9C41B4}] => (Allow) C:\Users\brushmore\AppData\Local\ddnowyes.exe

FirewallRules: [{B5BE0333-1CD5-4205-8709-31D9BFDB2472}] => (Allow) C:\Users\brushmore\AppData\Local\77240979.exe

FirewallRules: [{F97464B8-87BD-493F-A792-ECAE9406DD48}] => (Allow) C:\Users\brushmore\AppData\Local\tinstall.exe

FirewallRules: [{958384B8-3519-49A5-A1B9-4A4816D77EB3}] => (Allow) C:\Users\brushmore\AppData\Local\cap.exe

FirewallRules: [{45C2364D-6C47-46A8-A34A-2575D3D02744}] => (Allow) C:\WINDOWS\system32\rundll32.exe

FirewallRules: [{E658D117-9F49-4D2C-AB8B-317BA37A0E7A}] => (Allow) C:\Program Files (x86)\freaky\glenlivet.exe

FirewallRules: [{FC368896-477C-4F42-BCAF-0720CF1B5769}] => (Allow) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe

FirewallRules: [{2AA0D376-F2CA-4158-A190-EE22C9C4BF96}] => (Allow) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe

FirewallRules: [{6F6CC42A-843A-42A9-801E-CD9302648D17}] => (Allow) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe

FirewallRules: [{860209F8-6534-4672-8087-B2E32192D995}] => (Allow) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe

FirewallRules: [{F3218C8B-8B16-4150-BC32-76E7D03C7E2B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{A1B84356-B335-4D3E-B1A2-89BDFC747905}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{2150D9E5-5688-45D6-ADE7-F245914261F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{8B7EB3AB-C52D-4E0B-A2CE-81131B7A1165}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{F53DC981-D367-416B-A87D-B80B31100039}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

16-05-2016 10:14:39 Windows Update

23-05-2016 10:40:04 Scheduled Checkpoint

25-05-2016 15:23:07 Removed DriverUpdate

02-06-2016 10:43:19 Removed Facebook Games Arcade 0.5.0.0

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (06/02/2016 12:40:38 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85

Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85

Exception code: 0xc0000005

Fault offset: 0x000020c0

Faulting process id: 0x2e58

Faulting application start time: 0xwindrivetask_.exe0

Faulting application path: windrivetask_.exe1

Faulting module path: windrivetask_.exe2

Report Id: windrivetask_.exe3

Faulting package full name: windrivetask_.exe4

Faulting package-relative application ID: windrivetask_.exe5

Error: (06/02/2016 12:40:22 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85

Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85

Exception code: 0xc0000005

Fault offset: 0x000020c0

Faulting process id: 0x31f4

Faulting application start time: 0xwindrivetask_.exe0

Faulting application path: windrivetask_.exe1

Faulting module path: windrivetask_.exe2

Report Id: windrivetask_.exe3

Faulting package full name: windrivetask_.exe4

Faulting package-relative application ID: windrivetask_.exe5

Error: (06/02/2016 12:39:54 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85

Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85

Exception code: 0xc0000005

Fault offset: 0x000020c0

Faulting process id: 0x321c

Faulting application start time: 0xwindrivetask_.exe0

Faulting application path: windrivetask_.exe1

Faulting module path: windrivetask_.exe2

Report Id: windrivetask_.exe3

Faulting package full name: windrivetask_.exe4

Faulting package-relative application ID: windrivetask_.exe5

Error: (06/02/2016 12:39:00 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85

Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85

Exception code: 0xc0000005

Fault offset: 0x000020c0

Faulting process id: 0x33cc

Faulting application start time: 0xwindrivetask_.exe0

Faulting application path: windrivetask_.exe1

Faulting module path: windrivetask_.exe2

Report Id: windrivetask_.exe3

Faulting package full name: windrivetask_.exe4

Faulting package-relative application ID: windrivetask_.exe5

Error: (06/02/2016 12:37:57 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85

Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85

Exception code: 0xc0000005

Fault offset: 0x000020c0

Faulting process id: 0x74c

Faulting application start time: 0xwindrivetask_.exe0

Faulting application path: windrivetask_.exe1

Faulting module path: windrivetask_.exe2

Report Id: windrivetask_.exe3

Faulting package full name: windrivetask_.exe4

Faulting package-relative application ID: windrivetask_.exe5

Error: (06/02/2016 12:37:35 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85

Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85

Exception code: 0xc0000005

Fault offset: 0x000020c0

Faulting process id: 0x30f0

Faulting application start time: 0xwindrivetask_.exe0

Faulting application path: windrivetask_.exe1

Faulting module path: windrivetask_.exe2

Report Id: windrivetask_.exe3

Faulting package full name: windrivetask_.exe4

Faulting package-relative application ID: windrivetask_.exe5

Error: (06/02/2016 12:37:20 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85

Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85

Exception code: 0xc0000005

Fault offset: 0x000020c0

Faulting process id: 0x2cc4

Faulting application start time: 0xwindrivetask_.exe0

Faulting application path: windrivetask_.exe1

Faulting module path: windrivetask_.exe2

Report Id: windrivetask_.exe3

Faulting package full name: windrivetask_.exe4

Faulting package-relative application ID: windrivetask_.exe5

Error: (06/02/2016 12:29:57 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85

Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85

Exception code: 0xc0000005

Fault offset: 0x000020c0

Faulting process id: 0x1c98

Faulting application start time: 0xwindrivetask_.exe0

Faulting application path: windrivetask_.exe1

Faulting module path: windrivetask_.exe2

Report Id: windrivetask_.exe3

Faulting package full name: windrivetask_.exe4

Faulting package-relative application ID: windrivetask_.exe5

Error: (06/02/2016 12:29:03 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85

Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85

Exception code: 0xc0000005

Fault offset: 0x000020c0

Faulting process id: 0x27bc

Faulting application start time: 0xwindrivetask_.exe0

Faulting application path: windrivetask_.exe1

Faulting module path: windrivetask_.exe2

Report Id: windrivetask_.exe3

Faulting package full name: windrivetask_.exe4

Faulting package-relative application ID: windrivetask_.exe5

Error: (06/02/2016 12:28:49 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85

Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85

Exception code: 0xc0000005

Fault offset: 0x000020c0

Faulting process id: 0x1770

Faulting application start time: 0xwindrivetask_.exe0

Faulting application path: windrivetask_.exe1

Faulting module path: windrivetask_.exe2

Report Id: windrivetask_.exe3

Faulting package full name: windrivetask_.exe4

Faulting package-relative application ID: windrivetask_.exe5

System errors:

=============

Error: (06/02/2016 11:22:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:

%%1058

Error: (06/02/2016 11:21:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The User Data Access_4d16c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/02/2016 11:21:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The User Data Storage_4d16c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/02/2016 11:21:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Contact Data_4d16c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/02/2016 11:21:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Sync Host_4d16c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/02/2016 10:53:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:

%%1058

Error: (06/02/2016 10:52:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The User Data Access_c7ac4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/02/2016 10:52:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The User Data Storage_c7ac4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/02/2016 10:52:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Contact Data_c7ac4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/02/2016 10:52:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Sync Host_c7ac4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

CodeIntegrity:

===================================

Date: 2016-05-17 11:04:28.903

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-16 10:46:18.230

Date: 2016-05-12 18:35:33.357

Date: 2016-05-12 12:13:54.148

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2016-05-12 12:13:54.107

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2016-05-12 12:13:54.059

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2016-05-12 12:13:53.975

Date: 2016-05-12 12:13:53.917

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2016-05-12 12:13:53.883

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2016-05-12 12:13:52.048

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz

Percentage of memory in use: 80%

Total physical RAM: 3831.11 MB

Available physical RAM: 728.23 MB

Total Virtual: 15607.11 MB

Available Virtual: 10723.68 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.34 GB) (Free:840.39 GB) NTFS

Drive d: (HP_RECOVERY) (Fixed) (Total:14.63 GB) (Free:1.72 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 596BACF9)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=916.3 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

Partition 4: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#2
Bruce1270

Posted 02 June 2016 - 03:31 PM

Trusted Helper

Malware Removal
1,714 posts

Hello Liz Corley Dickinson and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

A few things before we get started.

Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
Please follow all instructions in the order given.
Please do not install any other software unless advised. This may hinder the removal process.
At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.

Important!

Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

I would strongly recommend you back up your personal data and folders before we begin.

Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding.
As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

OK. Let's move on.

I'm having a look through your logs and will post a fix soon.

#3
Liz Corley Dickinson

Posted 02 June 2016 - 04:04 PM

New Member

Topic Starter
Member
3 posts

Hello Liz Corley Dickinson and

My name is Bruce1270 and I will be helping you with your malware problem.

A few things before we get started.

Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.

Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.

Please follow all instructions in the order given.

Please do not install any other software unless advised. This may hinder the removal process.

At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.

Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.

Important!

Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

I would strongly recommend you back up your personal data and folders before we begin.

Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding.
As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

OK. Let's move on.

I'm having a look through your logs and will post a fix soon.

Ok I have done everything you asked so far except the backup and will do that now. So I am ready when you are.

#4
Bruce1270

Posted 02 June 2016 - 04:57 PM

Trusted Helper

Malware Removal
1,714 posts

OK

Try this fix and let me know how things are running.

Step1 - Remove Programs

Please uninstall the following unwanted programs:

Free File Viewer 2014

To do this.

Right-click the Start button and click Control Panel.
Go to Programs and Features (if your Control Panel is in Category view, go to Uninstall a Program).
Find the program you want to uninstall, click it to select it, and then click Uninstall.

Step2 - FRST fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.

fixlist.txt 8.79KB 367 downloads

Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
Run FRST by right clicking on it and selecting Run as Administrator and press Fix
On completion a log (fixlog.txt) will be generated.
Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

Step3 - Junkware Removal Tool

Download Junkware Removal Tool by Malwarebytes and save it to your desktop.

Important: Please disable your anti virus prior to running this program.. Advice on how to do this for your anti virus can be found here

1.Ensure all programs and windows are closed before proceeding.
2.Simply double-click the program icon to run it. It will ask for administrator privileges.
3.A black window will appear. Press any key to continue.
4.Wait for it to finish. It won't take long.
5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
7. Reboot your machine and enable your anti virus again.

Step4 - AdwCleaner

Download AdwCleaner from here to the Desktop
Close all open windows and browsers
Double click the Adwcleaner icon to execute the program
When the Tool opens for the first time accept the Terms of use
Click the Scan button and wait for the program to finish.
Click on options tick -
Reset proxy settings
Reset winsock settings
Reset TCP/IP settings
Reset IPSec settings
Reset Internet Explorer policies
Reset Chrome policies
When finished, please click Cleaning button.
Upon completion, click Logfile. A log (AdwCleaner[C*].txt) will open.
Please copy and paste this in your next reply.

Things for your next post:
fixlog.txt
JRT.txt
AdwCleaner[C*].txt
How is your computer running now?

#5
Liz Corley Dickinson

Posted 03 June 2016 - 12:00 PM

New Member

Topic Starter
Member
3 posts

Its working great. Thank you so much for all your help. Let me know if I can delete the logs but if I need to keep the programs. I will be donating to your paypal once you let me know this is completed. Thank you again.

Fix result of Farbar Recovery Scan Tool (x64) Version:01-06-2016

Ran by brushmore (2016-06-03 09:05:25) Run:1

Running from C:\Users\brushmore\Downloads

Loaded Profiles: brushmore (Available Profiles: brushmore & DefaultAppPool)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CreateRestorePoint: