A commercial plays every time I turn on my computer. I am unable to listen to the radio, watch a movie or use my speakers in any way. the most common one is for "Nissan" Please help
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-06-2016
Ran by brushmore (administrator) on BRUSHMORE (02-06-2016 12:49:00)
Running from C:\Users\brushmore\Downloads
Loaded Profiles: brushmore (Available Profiles: brushmore & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\N360.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Slideway Inc.) C:\Program Files (x86)\windriveuse\WinDriveSync.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Slideway Inc.) C:\Program Files (x86)\windriveuse\WinDriveSync_.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\N360.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
() C:\Program Files (x86)\indexes\tenths.exe
() C:\Program Files (x86)\freaky\glenlivet.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Slideway Inc.) C:\Program Files (x86)\windriveuse\WinDriveUse.exe
(Slideway Inc.) C:\Program Files (x86)\windriveuse\WinDriveUse.exe
(Slideway Inc.) C:\Program Files (x86)\windriveuse\WinDriveUse.exe
(Slideway Inc.) C:\Program Files (x86)\windriveuse\WinDriveUse.exe
(Slideway Inc.) C:\Program Files (x86)\windriveuse\WinDriveUse_.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-05] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [alimony] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] ()
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Buttons & OSDs control application gen3] => c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe [53248 2009-11-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-10-08] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [tannic] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [lstrmn] => rundll32.exe "C:\Users\brushmore\AppData\Local\lstrmn.dll",lstrmn <===== ATTENTION
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [environment] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] ()
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [gaddi] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] ()
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [tenths] => C:\Program Files (x86)\indexes\tenths.exe [36732 2016-04-27] ()
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [iden] => C:\Program Files (x86)\freaky\glenlivet.exe [10752 2016-04-27] ()
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [Buzzing Dhol.exe] => C:\WINDOWS\system32\Buzzing Dhol.exe
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\RunOnce: [Uninstall C:\Users\brushmore\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\brushmore\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\RunOnce: [Uninstall C:\Users\brushmore\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\brushmore\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMDE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2011-01-06]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2011-01-06]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2011-01-06]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk [2010-08-16]
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\brushmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\boughs.lnk [2016-04-27]
ShortcutTarget: boughs.lnk -> C:\Program Files (x86)\freaky\glenlivet.exe ()
Startup: C:\Users\brushmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FacebookGamesNotifier.exe.lnk [2016-05-12]
ShortcutTarget: FacebookGamesNotifier.exe.lnk -> C:\Users\brushmore\AppData\Local\Facebook\Games\FacebookGamesNotifier.exe (No File)
Startup: C:\Users\brushmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-06-01]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{59fc41d8-6d53-4d0a-887c-269cb3670b38}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{90f1d325-819d-43d1-be8c-3a555eb07ca7}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/webhp?sourceid=navclient&ie=UTF-8&gws_rd=ssl
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> DefaultScope {1A418B94-1411-4359-819B-7233A215D941} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {11A01865-BF8E-4CE0-9B1E-D858D3158720} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {1A418B94-1411-4359-819B-7233A215D941} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {A334AA6E-85E6-4159-9BDC-747AC59C00A5} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM -> {B4143579-943C-46D9-8636-18BC034FA098} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={7EED87F7-DE91-11E2-A42C-7071BC899902}
SearchScopes: HKLM-x32 -> {11A01865-BF8E-4CE0-9B1E-D858D3158720} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {1A418B94-1411-4359-819B-7233A215D941} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {A334AA6E-85E6-4159-9BDC-747AC59C00A5} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {B4143579-943C-46D9-8636-18BC034FA098} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={7EED87F7-DE91-11E2-A42C-7071BC899902}
SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {11A01865-BF8E-4CE0-9B1E-D858D3158720} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {1A418B94-1411-4359-819B-7233A215D941} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {A334AA6E-85E6-4159-9BDC-747AC59C00A5} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5
SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {B4143579-943C-46D9-8636-18BC034FA098} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {BBFF1E0C-DD2A-4934-9DC9-031DD3573DE2} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=78199393-8436-4250-9016-05051E037B7C&apn_sauid=9EE7FF5E-0237-42A0-9EDD-A07958B16F9E
SearchScopes: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> {e4a1ece8-ed94-4f93-80ea-75f978ceaf24} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-2503263900-158799546-2591639019-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll [2013-05-17] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [] ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2016-03-09] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2503263900-158799546-2591639019-1000: @citrixonline.com/appdetectorplugin -> C:\Users\brushmore\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-06-28] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox => not found
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.6.0.142\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.6.0.142\coFFAddon [2016-04-25]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.6.0.142\coFFAddon
Chrome:
=======
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/?gws_rd=ssl"
CHR Profile: C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-31]
CHR Extension: (Google Drive) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-20]
CHR Extension: (Google Search) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-01]
CHR Extension: (Norton Identity Safe) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-04-25]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (My Chrome Theme) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-04-25]
CHR Extension: (Maleficent Theme) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\paemmgjnkkafpbppkooglpgcbjfjclmm [2016-04-25]
CHR Extension: (Gmail) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-31]
CHR Profile: C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-03]
CHR Extension: (Google Docs) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-03]
CHR Extension: (Google Drive) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-03]
CHR Extension: (YouTube) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-03]
CHR Extension: (Norton Security Toolbar) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-05-03]
CHR Extension: (Google Sheets) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-03]
CHR Extension: (PDFConverterHQ) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbbkoefeoahoeacccmoggemldnjccbdf [2016-05-24]
CHR Extension: (Google Docs Offline) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-03]
CHR Extension: (Norton Identity Safe) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-05-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-03]
CHR Extension: (Gmail) - C:\Users\brushmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-03]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\Exts\Chrome.crx [2016-04-25]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2503263900-158799546-2591639019-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\Exts\Chrome.crx [2016-04-25]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-06-25] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-03-09] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\N360.exe [289080 2016-02-26] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-03-02] (Alcatel-Lucent) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-05-17] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-11-09] (Intuit Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WinDriveSvc; C:\Program Files (x86)\windriveuse\WinDriveSync.exe [140984 2016-03-31] (Slideway Inc.)
R2 WinDriveSvc2; C:\Program Files (x86)\windriveuse\WinDriveSync_.exe [140984 2016-03-31] (Slideway Inc.)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ACPIService; C:\Windows\System32\drivers\OSDACPI.SYS [17992 2009-06-17] ()
R3 AVerAVF2; C:\Windows\system32\DRIVERS\AVerAVF2.sys [1212416 2010-11-11] (AVerMedia TECHNOLOGIES, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.6.0.142\Definitions\BASHDefs\20160125.001\BHDrvx64.sys [1665608 2016-02-23] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1606000.08E\ccSetx64.sys [173808 2016-02-23] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2016-02-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2016-02-04] (Symantec Corporation)
R3 FintekCIR; C:\Windows\system32\DRIVERS\FintekCIR.sys [33064 2013-07-25] (Fintek)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.6.0.142\Definitions\IPSDefs\20160223.011\IDSVia64.sys [767224 2016-02-23] (Symantec Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.6.0.142\Definitions\VirusDefs\20160424.025\ENG64.SYS [138488 2016-02-04] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.6.0.142\Definitions\VirusDefs\20160424.025\EX64.SYS [2148080 2016-02-04] (Symantec Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R3 NWVoltron; C:\Windows\System32\drivers\NWVoltron.sys [28920 2013-02-04] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 SMSIVZAM5X64; C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys [43032 2009-03-20] (Smith Micro Inc.)
S3 SRTSP; C:\Windows\system32\drivers\N360x64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1606000.08E\SRTSPX64.SYS [50936 2016-02-23] (Symantec Corporation)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [13920 2016-05-24] ()
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\N360x64\1606000.08E\SymELAM.sys [24192 2016-02-23] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-04-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-02 12:11 - 2016-06-02 12:15 - 00065156 _____ C:\Users\brushmore\Downloads\Addition.txt
2016-06-02 12:09 - 2016-06-02 12:49 - 00035154 _____ C:\Users\brushmore\Downloads\FRST.txt
2016-06-02 12:09 - 2016-06-02 12:49 - 00000000 ____D C:\FRST
2016-06-02 12:09 - 2016-06-02 12:09 - 02383872 _____ (Farbar) C:\Users\brushmore\Downloads\FRST64.exe
2016-06-02 11:24 - 2016-06-02 11:24 - 00000000 ___HD C:\OneDriveTemp
2016-06-01 12:33 - 2016-06-01 12:33 - 00063668 _____ C:\Users\brushmore\Downloads\FAX_20160601_1464802018_134 (2).pdf
2016-06-01 12:30 - 2016-06-01 12:30 - 00063668 _____ C:\Users\brushmore\Downloads\FAX_20160601_1464802018_134 (1).pdf
2016-06-01 12:29 - 2016-06-01 12:29 - 00063668 _____ C:\Users\brushmore\Downloads\FAX_20160601_1464802018_134.pdf
2016-06-01 10:04 - 2016-06-01 10:04 - 00017620 _____ C:\Users\brushmore\Downloads\restauraurant contract.wpd
2016-05-31 11:08 - 2016-05-31 11:08 - 05237558 _____ C:\Users\brushmore\Downloads\Madison Terminal Building Bid Set Specifications-signed.pdf
2016-05-28 10:14 - 2016-05-28 10:14 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-05-28 10:14 - 2016-05-28 10:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-05-26 11:01 - 2016-05-26 11:02 - 00001463 _____ C:\Users\brushmore\Desktop\Transmittal Letter.lnk
2016-05-24 20:45 - 2016-05-24 20:45 - 00000000 ___RD C:\Users\brushmore\Downloads\62632UNETA.492836F161CC8_rmspfwnbz040j!App
2016-05-24 20:40 - 2016-05-25 15:23 - 00000000 ____D C:\Users\brushmore\AppData\Local\SlimWare Utilities Inc
2016-05-24 20:40 - 2016-05-24 20:40 - 00013920 _____ C:\WINDOWS\system32\Drivers\SWDUMon.sys
2016-05-24 20:40 - 2016-05-24 20:40 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2016-05-24 20:39 - 2016-05-24 20:39 - 00961800 _____ (Slimware Utilities, Inc.) C:\Users\brushmore\Downloads\DriverUpdate-setup.exe
2016-05-24 17:40 - 2016-06-01 10:05 - 00000000 ____D C:\Users\brushmore\Desktop\Liz
2016-05-24 17:18 - 2016-05-24 17:18 - 00032770 _____ C:\Users\brushmore\Downloads\FAX_20160524_1464121754_77.pdf
2016-05-23 19:52 - 2016-05-23 19:52 - 00000000 ____D C:\Users\brushmore\AppData\Local\HuluDesktop
2016-05-23 13:46 - 2016-05-23 13:46 - 00070518 _____ C:\Users\brushmore\Downloads\FAX_20160523_1464027183_113.pdf
2016-05-18 17:11 - 2016-05-18 17:11 - 00036703 _____ C:\Users\brushmore\Downloads\Report_from_BRUSHMORE_PAINT_LLC.pdf
2016-05-16 10:55 - 2016-05-16 10:55 - 00001282 _____ C:\Users\brushmore\Desktop\Proposal.lnk
2016-05-12 18:34 - 2016-05-12 18:34 - 00000000 ____D C:\Users\brushmore\AppData\Local\FacebookGames
2016-05-12 18:32 - 2016-05-12 18:32 - 00001296 _____ C:\Users\brushmore\Desktop\Facebook Games.lnk
2016-05-12 18:32 - 2016-05-12 18:32 - 00000000 ____D C:\Users\brushmore\AppData\Local\Facebook
2016-05-12 18:29 - 2016-05-12 18:31 - 00100120 _____ () C:\Users\brushmore\Downloads\FacebookGamesArcadeSetup.exe
2016-05-12 13:45 - 2016-05-12 13:47 - 00000205 _____ C:\Users\brushmore\Desktop\EFax.url
2016-05-12 03:55 - 2016-05-12 03:55 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-05-10 22:53 - 2016-04-23 00:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-10 22:53 - 2016-04-23 00:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-10 22:53 - 2016-04-23 00:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-10 22:53 - 2016-04-23 00:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-10 22:53 - 2016-04-23 00:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-10 22:53 - 2016-04-23 00:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-10 22:53 - 2016-04-23 00:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-10 22:53 - 2016-04-23 00:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-10 22:53 - 2016-04-22 23:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-10 22:53 - 2016-04-22 23:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-10 22:53 - 2016-04-22 23:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-10 22:53 - 2016-04-22 23:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-10 22:53 - 2016-04-22 23:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-10 22:53 - 2016-04-22 23:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-10 22:53 - 2016-04-22 23:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-10 22:53 - 2016-04-22 23:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-10 22:53 - 2016-04-22 23:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-10 22:53 - 2016-04-22 23:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-10 22:53 - 2016-04-22 23:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-10 22:53 - 2016-04-22 23:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-10 22:53 - 2016-04-22 23:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-10 22:53 - 2016-04-22 23:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-10 22:53 - 2016-04-22 23:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-10 22:53 - 2016-04-22 23:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-10 22:53 - 2016-04-22 23:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-10 22:53 - 2016-04-22 23:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-10 22:53 - 2016-04-22 23:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-10 22:53 - 2016-04-22 23:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-10 22:53 - 2016-04-22 23:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-10 22:53 - 2016-04-22 23:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-10 22:53 - 2016-04-22 23:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-10 22:53 - 2016-04-22 23:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-10 22:53 - 2016-04-22 23:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-10 22:53 - 2016-04-22 23:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-10 22:53 - 2016-04-22 23:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-10 22:53 - 2016-04-22 23:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-10 22:53 - 2016-04-22 23:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-10 22:53 - 2016-04-22 23:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-10 22:53 - 2016-04-22 23:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-10 22:53 - 2016-04-22 23:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-10 22:53 - 2016-04-22 23:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-10 22:53 - 2016-04-22 23:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-10 22:53 - 2016-04-22 23:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-10 22:52 - 2016-05-05 23:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-10 22:52 - 2016-05-05 23:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-10 22:52 - 2016-05-05 22:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-10 22:52 - 2016-05-05 22:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-10 22:52 - 2016-05-05 22:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-10 22:52 - 2016-05-05 22:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-10 22:52 - 2016-04-30 01:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-10 22:52 - 2016-04-30 01:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-10 22:52 - 2016-04-23 01:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-10 22:52 - 2016-04-23 01:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-10 22:52 - 2016-04-23 01:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-10 22:52 - 2016-04-23 01:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-10 22:52 - 2016-04-23 01:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-10 22:52 - 2016-04-23 01:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-10 22:52 - 2016-04-23 01:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-10 22:52 - 2016-04-23 01:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-10 22:52 - 2016-04-23 00:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-10 22:52 - 2016-04-23 00:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-10 22:52 - 2016-04-23 00:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-10 22:52 - 2016-04-23 00:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-10 22:52 - 2016-04-23 00:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-10 22:52 - 2016-04-23 00:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-10 22:52 - 2016-04-23 00:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-10 22:52 - 2016-04-23 00:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-10 22:52 - 2016-04-23 00:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-10 22:52 - 2016-04-23 00:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-10 22:52 - 2016-04-23 00:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-10 22:52 - 2016-04-23 00:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-10 22:52 - 2016-04-23 00:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-10 22:52 - 2016-04-23 00:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-10 22:52 - 2016-04-23 00:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-10 22:52 - 2016-04-23 00:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-10 22:52 - 2016-04-23 00:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-10 22:52 - 2016-04-23 00:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-10 22:52 - 2016-04-23 00:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-10 22:52 - 2016-04-23 00:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-10 22:52 - 2016-04-23 00:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-10 22:52 - 2016-04-23 00:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-10 22:52 - 2016-04-23 00:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-10 22:52 - 2016-04-23 00:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-10 22:52 - 2016-04-23 00:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-10 22:52 - 2016-04-23 00:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-10 22:52 - 2016-04-23 00:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-10 22:52 - 2016-04-23 00:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-10 22:52 - 2016-04-23 00:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-10 22:52 - 2016-04-23 00:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-10 22:52 - 2016-04-23 00:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-10 22:52 - 2016-04-23 00:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-10 22:52 - 2016-04-23 00:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-10 22:52 - 2016-04-23 00:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-10 22:52 - 2016-04-23 00:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-10 22:52 - 2016-04-23 00:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-10 22:52 - 2016-04-23 00:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-10 22:52 - 2016-04-23 00:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-10 22:52 - 2016-04-23 00:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-10 22:52 - 2016-04-23 00:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-10 22:52 - 2016-04-23 00:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-10 22:52 - 2016-04-22 23:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-10 22:52 - 2016-04-22 23:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-10 22:52 - 2016-04-22 23:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-10 22:52 - 2016-04-22 23:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-10 22:52 - 2016-04-22 23:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-10 22:52 - 2016-04-22 23:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-10 22:52 - 2016-04-22 23:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-10 22:52 - 2016-04-22 23:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-10 22:52 - 2016-04-22 23:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-10 22:52 - 2016-04-22 23:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-10 22:52 - 2016-04-22 23:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-10 22:52 - 2016-04-22 23:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-10 22:52 - 2016-04-22 23:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-10 22:52 - 2016-04-22 23:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-10 22:52 - 2016-04-22 23:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-10 22:52 - 2016-04-22 23:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-10 22:52 - 2016-04-22 23:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-10 22:52 - 2016-04-22 23:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-10 22:52 - 2016-04-22 23:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-10 22:52 - 2016-04-22 23:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-10 22:52 - 2016-04-22 23:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-10 22:52 - 2016-04-22 23:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-10 22:52 - 2016-04-22 23:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-10 22:52 - 2016-04-22 23:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-10 22:52 - 2016-04-22 23:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-10 22:52 - 2016-04-22 23:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-10 22:52 - 2016-04-22 23:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-10 22:52 - 2016-04-22 23:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-10 22:52 - 2016-04-22 23:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-10 22:52 - 2016-04-22 23:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-10 22:52 - 2016-04-22 23:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-10 22:52 - 2016-04-22 23:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-10 22:52 - 2016-04-22 23:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-10 22:52 - 2016-04-22 23:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-10 22:52 - 2016-04-22 23:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-10 22:52 - 2016-04-22 23:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-10 22:52 - 2016-04-22 23:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-10 22:52 - 2016-04-22 23:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-10 22:52 - 2016-04-22 23:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-10 22:52 - 2016-04-22 23:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-10 22:52 - 2016-04-22 23:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-10 22:52 - 2016-04-22 23:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-10 22:52 - 2016-04-22 23:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-10 22:52 - 2016-04-22 23:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-10 22:52 - 2016-04-22 23:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-10 22:52 - 2016-04-22 23:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-10 22:52 - 2016-04-22 23:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-10 22:52 - 2016-04-22 23:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-10 22:52 - 2016-04-22 23:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-10 22:52 - 2016-04-22 23:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-10 22:52 - 2016-04-22 23:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-10 22:52 - 2016-04-22 23:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-10 22:52 - 2016-04-22 23:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-10 22:52 - 2016-04-22 23:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-10 22:52 - 2016-04-22 23:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-10 22:52 - 2016-04-22 23:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-10 22:52 - 2016-04-22 23:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-10 22:52 - 2016-04-22 23:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-10 22:52 - 2016-04-22 23:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-10 22:52 - 2016-04-22 23:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-10 22:52 - 2016-04-22 23:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-10 22:52 - 2016-04-22 23:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-10 22:52 - 2016-04-22 23:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-10 22:52 - 2016-04-22 23:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-10 22:52 - 2016-04-22 23:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-10 22:52 - 2016-04-22 23:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-10 22:52 - 2016-04-22 23:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-10 22:52 - 2016-04-22 23:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-10 22:52 - 2016-04-22 23:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-10 22:52 - 2016-04-22 23:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-10 22:52 - 2016-04-22 23:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-10 22:52 - 2016-04-22 23:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-10 22:52 - 2016-04-22 23:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-10 22:52 - 2016-04-22 23:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-10 22:52 - 2016-04-22 23:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-10 22:52 - 2016-04-22 23:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-10 22:52 - 2016-04-22 22:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-10 22:52 - 2016-04-22 21:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-10 22:51 - 2016-05-05 23:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-10 22:51 - 2016-05-05 22:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-10 22:51 - 2016-04-23 00:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-10 22:51 - 2016-04-23 00:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-10 22:51 - 2016-04-23 00:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-10 22:51 - 2016-04-23 00:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-10 22:51 - 2016-04-23 00:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-10 22:51 - 2016-04-23 00:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-10 22:51 - 2016-04-23 00:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-10 22:51 - 2016-04-23 00:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-10 22:51 - 2016-04-23 00:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-10 22:51 - 2016-04-23 00:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-10 22:51 - 2016-04-23 00:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-10 22:51 - 2016-04-23 00:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-10 22:51 - 2016-04-23 00:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-10 22:51 - 2016-04-22 23:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-10 22:51 - 2016-04-22 23:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-10 22:51 - 2016-04-22 23:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-10 22:51 - 2016-04-22 23:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-10 22:51 - 2016-04-22 23:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-10 22:51 - 2016-04-22 23:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-10 22:51 - 2016-04-22 23:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-10 22:51 - 2016-04-22 23:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-10 22:51 - 2016-04-22 23:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-10 22:51 - 2016-04-22 23:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-10 22:51 - 2016-04-22 23:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-10 22:51 - 2016-04-22 23:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-10 22:51 - 2016-04-22 23:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-10 22:51 - 2016-04-22 23:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-10 22:51 - 2016-04-22 23:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-10 22:51 - 2016-04-22 23:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-10 22:51 - 2016-04-22 23:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-10 22:51 - 2016-04-22 23:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-10 22:51 - 2016-04-22 23:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-10 22:51 - 2016-04-22 23:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-10 22:51 - 2016-04-22 23:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-10 22:51 - 2016-04-22 23:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-10 22:51 - 2016-04-22 23:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-10 22:51 - 2016-04-22 23:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-10 22:51 - 2016-04-22 23:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-10 22:51 - 2016-04-22 23:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-10 22:51 - 2016-04-22 23:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-10 22:51 - 2016-04-22 23:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-10 22:51 - 2016-04-22 23:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-10 22:51 - 2016-04-22 23:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-10 22:51 - 2016-04-22 23:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-10 22:51 - 2016-04-22 23:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-10 22:51 - 2016-04-22 23:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-10 22:51 - 2016-04-22 23:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-10 22:51 - 2016-04-22 23:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-10 22:51 - 2016-04-22 23:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-10 22:51 - 2016-04-22 23:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-10 22:51 - 2016-04-22 21:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-10 22:51 - 2016-04-18 17:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-10 17:08 - 2016-05-10 17:08 - 00003990 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 17:08 - 2016-05-10 17:08 - 00003758 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-09 14:30 - 2016-05-09 14:30 - 00000156 _____ C:\Users\brushmore\Desktop\New Internet Shortcut.url
2016-05-07 16:42 - 2016-05-29 07:44 - 00000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForbrushmore.job
2016-05-06 12:59 - 2016-05-06 12:59 - 00004687 _____ C:\Users\brushmore\Downloads\google (1).csv
2016-05-06 12:58 - 2016-05-06 12:58 - 00004687 _____ C:\Users\brushmore\Downloads\google.csv
2016-05-05 16:40 - 2016-05-05 16:48 - 00000000 ____D C:\Users\brushmore\Downloads\Family
2016-05-05 09:24 - 2016-05-05 09:24 - 02273962 _____ C:\Users\brushmore\Downloads\NOVEMBER BANK STATEMENT 1201 (1).pdf
2016-05-05 09:23 - 2016-05-05 09:23 - 19982306 _____ C:\Users\brushmore\Downloads\SEPTEMBER BANK STATEMENTS 1201.pdf
2016-05-05 09:23 - 2016-05-05 09:23 - 17047482 _____ C:\Users\brushmore\Downloads\JULY BANKSTATEMENT 1201 2015.pdf
2016-05-05 09:23 - 2016-05-05 09:23 - 04998969 _____ C:\Users\brushmore\Downloads\EDECEMBER BANKSTATEMENT 1201.pdf
2016-05-05 09:22 - 2016-05-05 09:22 - 17300837 _____ C:\Users\brushmore\Downloads\MARCH 2015 1201.pdf
2016-05-05 09:22 - 2016-05-05 09:22 - 11241475 _____ C:\Users\brushmore\Downloads\JANUARY 2015 1201.pdf
2016-05-05 09:22 - 2016-05-05 09:22 - 03153613 _____ C:\Users\brushmore\Downloads\DECEMBER BANK STATEMENT 1201.pdf
2016-05-05 09:21 - 2016-05-05 09:21 - 02273962 _____ C:\Users\brushmore\Downloads\NOVEMBER BANK STATEMENT 1201.pdf
2016-05-04 18:29 - 2016-05-04 18:30 - 13677800 _____ (Google) C:\Users\brushmore\Downloads\picasa39-setup.exe
2016-05-04 13:33 - 2016-05-04 13:33 - 00166940 _____ C:\Users\brushmore\Downloads\n8YOot4.jpeg
2016-05-04 13:29 - 2016-05-04 13:29 - 02400784 _____ (Microsoft Corporation) C:\Users\brushmore\Downloads\Live_Photo_Gallery.exe
2016-05-04 13:29 - 2016-05-04 13:29 - 00000000 ____D C:\ProgramData\WLInstaller
2016-05-04 13:28 - 2016-05-04 13:30 - 33205720 _____ ( ) C:\Users\brushmore\Downloads\p3dalbuminst-1.2.exe
2016-05-03 20:39 - 2016-05-05 16:53 - 00000000 ____D C:\Users\brushmore\Documents\My Smilebox Creations
2016-05-03 20:39 - 2016-05-03 20:39 - 00889632 _____ (Smilebox, Inc.) C:\Users\brushmore\Downloads\SmileboxInstaller.exe
2016-05-03 20:39 - 2016-05-03 20:39 - 00000416 _____ C:\Users\brushmore\Downloads\tmp.htm
2016-05-03 14:49 - 2016-05-03 14:49 - 15721345 _____ C:\Users\brushmore\Downloads\Zip 2.mov
2016-05-03 14:49 - 2016-05-03 14:49 - 11645833 _____ C:\Users\brushmore\Downloads\Zip 1.mov
2016-05-03 14:49 - 2016-05-03 14:49 - 05604186 _____ C:\Users\brushmore\Downloads\Zip 3.mov
2016-05-03 14:11 - 2016-05-03 14:12 - 386797986 _____ C:\Users\brushmore\Downloads\Nick's Moves.MOV
2016-05-03 14:10 - 2016-05-03 14:10 - 34292869 _____ C:\Users\brushmore\Downloads\Nicks Moves 1.MOV
2016-05-03 14:09 - 2016-05-03 14:09 - 90237532 _____ C:\Users\brushmore\Downloads\Brads Dance.MOV
2016-05-03 14:09 - 2016-05-03 14:09 - 18078182 _____ C:\Users\brushmore\Downloads\Beach Day Movie.mov
2016-05-03 14:09 - 2016-05-03 14:09 - 06845062 _____ C:\Users\brushmore\Downloads\Beach Day Waves.MOV
2016-05-03 11:46 - 2016-05-03 11:46 - 00113411 _____ C:\Users\brushmore\Downloads\2014-2015 G.L. Audit (1).pdf
2016-05-03 11:45 - 2016-05-03 11:45 - 00098399 _____ C:\Users\brushmore\Downloads\UnroutedAttachment (1).PDF
2016-05-03 09:23 - 2016-05-23 11:00 - 00000000 ___RD C:\Users\brushmore\iCloudDrive
2016-05-03 09:23 - 2016-05-03 09:23 - 00000000 ____D C:\Users\brushmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2016-05-03 09:23 - 2016-05-03 09:23 - 00000000 ____D C:\Users\brushmore\AppData\Local\Apple Inc
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-02 12:48 - 2016-04-11 11:48 - 00000911 _____ C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {30680B54-C78D-4B9C-B451-91E537BD9C1A}.job
2016-06-02 12:40 - 2011-01-06 10:50 - 00000000 ____D C:\Users\brushmore\AppData\Local\CrashDumps
2016-06-02 12:13 - 2013-06-26 08:41 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-02 12:00 - 2016-04-24 23:00 - 00000945 _____ C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {E683BAEF-6334-4E5B-9AE6-D83069EB7356}.job
2016-06-02 11:57 - 2012-04-02 12:13 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-02 11:38 - 2016-05-01 17:06 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5FDB7303-45FA-4BF1-B095-AB3B6A8C491C}
2016-06-02 11:31 - 2016-04-25 10:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2016-06-02 11:25 - 2016-05-01 14:42 - 00000000 ___RD C:\Users\brushmore\Google Drive
2016-06-02 11:25 - 2013-06-26 08:41 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-02 11:24 - 2016-04-26 16:35 - 00000000 ___RD C:\Users\brushmore\OneDrive
2016-06-02 11:24 - 2016-04-06 14:15 - 00000410 _____ C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job
2016-06-02 11:23 - 2013-04-17 15:07 - 00000439 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-06-02 11:22 - 2016-02-13 08:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-02 11:22 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-02 10:58 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-02 10:50 - 2010-08-16 19:33 - 00000000 ____D C:\ProgramData\TouchSmartData
2016-06-02 10:05 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-02 09:59 - 2016-04-27 14:23 - 00003866 _____ C:\WINDOWS\System32\Tasks\51602155
2016-06-02 09:59 - 2016-04-27 14:23 - 00003734 _____ C:\WINDOWS\System32\Tasks\Pa5160215551602155
2016-06-02 09:49 - 2016-04-24 22:41 - 00000000 ____D C:\Users\brushmore
2016-06-01 11:40 - 2016-04-11 13:12 - 00000000 ____D C:\Users\brushmore\Desktop\Brushmore
2016-05-31 18:28 - 2013-04-29 23:50 - 00000000 ____D C:\Users\brushmore\Documents\Outlook Files
2016-05-28 10:15 - 2016-05-01 12:59 - 00002117 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-05-28 10:15 - 2016-05-01 12:59 - 00002115 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-05-28 10:15 - 2016-05-01 12:59 - 00002105 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-05-28 10:15 - 2016-05-01 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-26 21:02 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-05-26 20:52 - 2011-01-12 11:08 - 00000000 ____D C:\Users\brushmore\AppData\Local\ElevatedDiagnostics
2016-05-26 20:42 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-26 16:19 - 2016-04-25 10:12 - 00000000 ____D C:\Users\brushmore\AppData\Local\Packages
2016-05-25 08:49 - 2016-04-26 16:35 - 00002418 _____ C:\Users\brushmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-23 12:25 - 2016-04-25 14:55 - 00000000 ____D C:\Users\brushmore\AppData\Roaming\Apple Computer
2016-05-23 12:25 - 2016-04-25 14:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-05-23 10:09 - 2016-04-25 13:58 - 00000000 ____D C:\Users\DefaultAppPool
2016-05-19 22:40 - 2016-02-13 08:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-19 22:32 - 2013-06-26 08:41 - 00000000 ____D C:\Users\brushmore\AppData\Local\Google
2016-05-19 22:32 - 2013-06-26 08:41 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-16 18:18 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-16 10:19 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-12 20:14 - 2013-06-26 08:42 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-12 13:32 - 2016-02-02 13:11 - 00000000 ____D C:\Users\brushmore\Documents\BRUSHMORE FORMS
2016-05-12 03:52 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-12 03:52 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-12 03:51 - 2016-02-13 08:03 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-12 03:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-12 03:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-11 16:40 - 2015-10-30 02:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-11 16:35 - 2013-07-12 14:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 16:19 - 2011-06-02 10:35 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 14:57 - 2015-10-30 02:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 14:57 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-05 17:11 - 2013-04-03 13:54 - 00000000 ___RD C:\Users\brushmore\Documents\Scanned Documents
==================== Files in the root of some directories =======
2016-04-27 14:23 - 2016-04-27 14:23 - 0000003 _____ () C:\Users\brushmore\AppData\Local\aatxtname.txt
2016-04-12 18:38 - 2016-04-12 18:38 - 0006144 _____ () C:\Users\brushmore\AppData\Local\cap.exe
2016-04-12 18:37 - 2016-04-12 18:37 - 0006144 _____ () C:\Users\brushmore\AppData\Local\cap4.exe
2016-04-18 09:02 - 2016-04-18 09:02 - 0005632 _____ () C:\Users\brushmore\AppData\Local\ddnow.exe
2016-04-18 10:49 - 2016-04-18 10:49 - 0005632 _____ () C:\Users\brushmore\AppData\Local\ddnow4.exe
2012-04-12 16:29 - 2012-04-26 11:26 - 0000236 _____ () C:\Users\brushmore\AppData\Local\LaunchHomeCenter.log
2016-04-27 14:21 - 2016-04-27 14:21 - 0035840 _____ () C:\Users\brushmore\AppData\Local\lstrmn.dll
2016-03-18 00:00 - 2016-03-18 00:00 - 0000000 _____ () C:\Users\brushmore\AppData\Local\ok223.txt
2016-04-27 14:23 - 2016-04-27 14:23 - 0546687 _____ () C:\Users\brushmore\AppData\Local\setupone.exe
2016-04-05 07:26 - 2016-04-05 07:26 - 0007680 _____ () C:\Users\brushmore\AppData\Local\tinstall.exe
2016-04-05 07:25 - 2016-04-05 07:25 - 0007680 _____ () C:\Users\brushmore\AppData\Local\tinstall4.exe
2016-04-27 14:23 - 2016-04-27 14:23 - 0000000 _____ () C:\Users\brushmore\AppData\Local\tr5b.txt
2016-04-27 14:21 - 2016-04-27 14:21 - 0002560 _____ () C:\Users\brushmore\AppData\Local\uninstallssl.exe
2016-04-11 10:43 - 2016-04-11 10:43 - 0000000 _____ () C:\Users\brushmore\AppData\Local\{B77F6B91-10D7-4012-9C62-1FFEFF433044}
2011-06-16 13:17 - 2011-06-16 13:17 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2013-06-24 21:41 - 2013-06-24 21:41 - 4325376 _____ () C:\ProgramData\ReadOnlyInstaller.msi
2013-06-26 13:50 - 2013-06-26 13:50 - 0033958 _____ () C:\ProgramData\uninstaller.exe
Files to move or delete:
====================
C:\ProgramData\uninstaller.exe
Some files in TEMP:
====================
C:\Users\brushmore\AppData\Local\Temp\IHU3B10.tmp.exe
C:\Users\brushmore\AppData\Local\Temp\IHUA7BF.tmp.exe
C:\Users\brushmore\AppData\Local\Temp\scp30D2.tmp.exe
C:\Users\brushmore\AppData\Local\Temp\Setup.exe
C:\Users\brushmore\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-29 17:15
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-06-2016
Ran by brushmore (2016-06-02 12:49:53)
Running from C:\Users\brushmore\Downloads
Windows 10 Home Version 1511 (X64) (2016-04-25 15:12:14)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2503263900-158799546-2591639019-500 - Administrator - Disabled)
brushmore (S-1-5-21-2503263900-158799546-2591639019-1000 - Administrator - Enabled) => C:\Users\brushmore
DefaultAccount (S-1-5-21-2503263900-158799546-2591639019-503 - Limited - Disabled)
Guest (S-1-5-21-2503263900-158799546-2591639019-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2503263900-158799546-2591639019-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton 360 (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Reader X (10.1.7) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Ancient Hearts (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Azteca (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bob the Builder Can-Do-Zoo (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.95 - WildTangent) Hidden
Buttons & OSDs control application gen3 (HKLM-x32\...\{79ECA886-C6EF-4BB3-9920-CB7906C01589}) (Version: 1.0.5.0 - Hewlett-Packard)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Corel Paint it! touch - IPM (x32 Version: 1.1 - Corel Corporation) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.0.4030 - Hewlett-Packard)
DVD Menu Pack for HP TouchSmart Video (x32 Version: 4.0.4030 - Hewlett-Packard) Hidden
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.51.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
EPSON WF-2630 Series Printer Uninstall (HKLM\...\EPSON WF-2630 Series) (Version: - SEIKO EPSON Corporation)
Epson WF-2630 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-2630 User’s Guide_is1) (Version: 1.0 - )
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{F983229B-587E-4322-BCB9-D7A49734E5CD}) (Version: 3.0.0.0 - SEIKO EPSON CORPORATION)
Facebook for HP TouchSmart (HKLM-x32\...\{DE665CEA-0968-4211-B0B0-2A917CE9EC7E}) (Version: 1.0.0019 - Hewlett-Packard)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
Gem Shop (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP AppsCenter 1.00 (HKLM-x32\...\HP AppsCenter 1.00) (Version: - )
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BDDA1E1E-204E-4368-B0C2-737F16B76307}) (Version: 1.0.3.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.14.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.2.8.25 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.4.18.7 - Hewlett-Packard Company)
HP TouchSmart (HKLM-x32\...\{32A2B967-279F-457D-B767-76352DA2F108}) (Version: 4.0.32.0 - Hewlett-Packard)
HP TouchSmart Calendar (HKLM-x32\...\{22CD5AA1-C28D-458A-AC3D-FB30F74111F9}) (Version: 4.0.3845.32287 - Hewlett-Packard)
HP TouchSmart Canvas (HKLM-x32\...\{157A2E65-1D59-4BE2-BBD4-D16A14EEF959}) (Version: 2.0.3832.30169 - Hewlett-Packard)
HP TouchSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.0.4229 - Hewlett-Packard)
HP TouchSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.3.3017 - Hewlett-Packard)
HP TouchSmart Notes (HKLM-x32\...\{5A9DADC3-6C03-4C83-8622-60405126D1E0}) (Version: 4.0.3845.23935 - Hewlett-Packard)
HP TouchSmart Paint it! by Corel (HKLM-x32\...\_{6807F13C-A925-4DD8-80C0-24D93A6FFE83}) (Version: 1.5.0.100 - Hewlett-Packard)
HP TouchSmart Photo (HKLM-x32\...\InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}) (Version: 4.0.4215 - Hewlett-Packard)
HP TouchSmart Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 3.2.0.2 - Hewlett-Packard)
HP TouchSmart Twitter (HKLM-x32\...\{29F19C52-0B82-4741-8015-8D46E28638EC}) (Version: 3.0.3833.22527 - Hewlett-Packard)
HP TouchSmart Video (HKLM-x32\...\InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}) (Version: 4.0.4211 - Hewlett-Packard)
HP TouchSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.0.3107 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.4.0 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 7 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Movie Theme Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.0.4030 - Hewlett-Packard)
Movie Theme Pack for HP TouchSmart Video (x32 Version: 4.0.4030 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NetStream 1.0 (HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\NetStream 1.0) (Version: - )
Norton 360 (HKLM-x32\...\N360) (Version: 22.6.0.142 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.28 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
PreReq (x32 Version: 6.2.3.0 - Eastman Kodak Company) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 - NewspaperDirect Inc.)
QuickBooks (x32 Version: 21.0.4013.904 - Intuit Inc.) Hidden
QuickBooks Pro 2011 (HKLM-x32\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4013.904 - Intuit Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6675 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3025 - CyberLink Corp.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skip-Bo - Castaway Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
SpongeBob Diner Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VZAccess Manager (HKLM-x32\...\{7641FD7D-E94E-424E-A95C-0593C84DC0C0}) (Version: 7.0.1.8 - Smith Micro Software Inc.)
Where's Waldo The Fantastic Journey (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App for HP (x32 Version: 4.1.1.8 - WildTangent) Hidden
Window Drive Manager (HKLM-x32\...\Window Drive Manager) (Version: 1.56 - Slideway Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2503263900-158799546-2591639019-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\brushmore\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03B88F19-8294-4DD0-8CA7-3D815BD06881} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {03FCE5F1-C0D3-42D7-B94C-B2CA9B653DD3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {0614E216-9586-4DC9-9417-9663E71FFA81} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {09DD22EA-249F-4834-94E9-2F324E944E0D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0E8551ED-005D-40C6-90E3-80D5843F8DBB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {1402BFE4-9979-488A-A325-C97978CE0D9D} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION
Task: {14E0C08B-D561-4490-A4A9-1126B538650F} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2016-02-25] (Symantec Corporation)
Task: {1BBD3D17-2BC2-48DE-B4CB-AC2D92933E25} - \RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION
Task: {26F2D476-6820-448C-8A42-22E4756D5D83} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {27A9FEE3-79DB-43B0-956D-3904E869F385} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {27C411B7-E322-486B-938E-48EF225CFC07} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2E9C0122-657E-42BD-A7DE-AD32C362C017} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2F0B2903-9F5B-4E96-8394-51698C1980DD} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {30EA2984-223F-4FED-BEEE-526451528BD4} - System32\Tasks\IHUninstallTrackingTASK => /C DEL C:\Users\BRUSHM~1\AppData\Local\Temp\IHU3989.tmp.exe
Task: {345E76C7-1FF6-4567-B74C-29C7CE00E20C} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {3691FF85-D708-409B-BE7A-284ADA2BCFB2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {38C2B106-E6CC-4C34-B21B-609D1C392CDE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-20] (Google Inc.)
Task: {392AAB2B-15F7-48B1-B07E-0BE480D834F6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {3A084DD6-42F0-4D4E-953E-137161098BD3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4174D0B1-D662-4442-BE05-E74FDA7AB687} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {46A90551-1549-4FC0-A381-534F27A3C5B2} - \EPSON WF-2630 Series Update {E683BAEF-6334-4E5B-9AE6-D83069EB7356} -> No File <==== ATTENTION
Task: {4FAD8A7F-ED7A-4521-A259-C1D9C9F07BF5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5C00F876-FA68-4444-AD7D-0B29D4B26E6A} - System32\Tasks\Pa5160215551602155 => C:\Program Files (x86)\freaky\glenlivet.exe [2016-04-27] ()
Task: {5F3EFF12-D237-431D-8C71-922D5380A040} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {6202B778-C475-42DB-A385-9573AA89BCE7} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION
Task: {7441741C-BF46-4BC6-A5E4-AF4D29C17A66} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {75E207A5-0575-446A-974A-D178024369F1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {7B0DFFF0-6088-41CF-A75A-878BA845C91F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {82F3522A-25EC-4879-BED4-DDF8EBA59DF4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {845FAD93-5797-4D02-B3E5-376C0D5C828D} - \CapSchedInst -> No File <==== ATTENTION
Task: {8465E2C1-36AD-4EA3-8ECA-5C561635B621} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {87885476-5820-48E3-8DF4-175CB40C18AF} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {8AE259D7-56CC-4182-9A1A-7698C13D1C63} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {92888A73-DB66-4D3F-B505-9925B0295D56} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {979AD95D-DE14-47CF-9E40-C7ED861E462E} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION
Task: {9C76EAFA-128D-49FE-8A1C-A8656F9EAE80} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {9D68AD1A-3850-45B6-BC03-009D74EB709E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {A1D35F98-7D4F-4EC2-9239-00601DC46FCE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {A489B528-91C6-4184-A0AF-723508AC6495} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {A894259E-D7D0-41BB-AED3-1D8F66401E39} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {B10439E1-E185-4DB2-807B-DD6AC98B530E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {B27BE36A-CD54-4594-8583-C64EE66B29E7} - System32\Tasks\51602155 => C:\Program Files (x86)\freaky\glenlivet.exe [2016-04-27] () <==== ATTENTION
Task: {B33CD610-AEEF-44D6-8FF0-91A65203D26C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {B7821461-1211-40B5-A4A8-4A597686C2DF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B92A5C1F-2083-497F-B44F-60F380623673} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {BEBF0A65-E669-4669-B267-AC4E55114387} - \FreeFileViewerUpdateChecker -> No File <==== ATTENTION
Task: {C4BD6749-3FE4-44F1-B34E-C813DE89904F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {C4D5D3CC-58F8-43D2-AC4F-FA91F4439F57} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C74BD26D-6DAB-4882-A334-3613ADBFE4D0} - \Norton WSC Integration -> No File <==== ATTENTION
Task: {C825BD0B-531F-4E81-9382-74BD63255423} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-20] (Google Inc.)
Task: {CE7D2DED-4416-4126-B1BC-41E59AC191D5} - \CapSvcInst -> No File <==== ATTENTION
Task: {D1B8B535-132C-4D95-8DE9-E7775B741AA1} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {D2B881D1-2B2A-4B6E-B055-762C08CE059A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {D49D884C-0ACC-40F0-B548-9A0F18802FF7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D71FA8DB-5EFF-4692-9F18-FC282EBC1891} - \RecoveryCDWin7 -> No File <==== ATTENTION
Task: {D86CCDED-181F-4C62-B8F5-309FC9AEF0B6} - \MirageAgent -> No File <==== ATTENTION
Task: {DFD2645C-AEDE-44A1-B76E-D0C2DF751F4E} - \EPSON WF-2630 Series Update {30680B54-C78D-4B9C-B451-91E537BD9C1A} -> No File <==== ATTENTION
Task: {E23D38B1-836A-4E07-9A00-351F4FD1BB54} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {E3CD75FC-5FCA-4B24-BBC3-9DB40041949E} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {E4BA447B-930E-42DE-BB0B-39F156EAF821} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {E8FA7856-F1C0-48C9-88EE-4613503C97E8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {EA4C1747-E334-423A-A66C-7E5574F6E37B} - \CapUninst -> No File <==== ATTENTION
Task: {ECFFABC4-9447-4464-9E4D-44B979FEB852} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {F809B3DB-23B7-4759-B88C-17638039582F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {F84AB4AB-D859-44EC-AFD6-7BC01D92E892} - \TVAgent -> No File <==== ATTENTION
Task: {F8E90029-AA5B-4AFD-9ACC-EE303E75AA4F} - \RealDownloaderRealUpgradeLogonTaskS-1-5-21-2503263900-158799546-2591639019-1000 -> No File <==== ATTENTION
Task: {FACCCF4E-B0E0-4268-8267-AFF50525E92D} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {FAF531E4-4FD2-436B-97DD-0B2129CB708F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FC168DBD-8327-4CC8-BEBE-28B294DC8806} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {30680B54-C78D-4B9C-B451-91E537BD9C1A}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE:/EXE:{30680B54-C78D-4B9C-B451-91E537BD9C1A} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {E683BAEF-6334-4E5B-9AE6-D83069EB7356}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE:/EXE:{E683BAEF-6334-4E5B-9AE6-D83069EB7356} /F:UpdateWORKGROUP\BRUSHMORE-HP$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForbrushmore.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\brushmore\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Liz - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 02:17 - 2015-10-30 02:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-25 01:29 - 2016-04-25 01:29 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-25 01:29 - 2016-04-25 01:29 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-25 08:49 - 2016-05-25 08:49 - 00959168 _____ () C:\Users\brushmore\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-02-13 07:54 - 2016-02-13 07:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 22:51 - 2016-04-22 23:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-10 22:53 - 2016-04-22 23:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-10 22:53 - 2016-04-22 22:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-10 22:53 - 2016-04-22 22:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-10 22:53 - 2016-04-22 23:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-04-27 13:05 - 2016-04-27 13:05 - 00036732 _____ () C:\Program Files (x86)\indexes\tenths.exe
2016-04-27 13:05 - 2016-04-27 13:05 - 00010752 _____ () C:\Program Files (x86)\freaky\glenlivet.exe
2016-04-27 13:05 - 2016-04-27 13:05 - 00006144 _____ () C:\Program Files (x86)\freaky\settings.dll
2010-08-16 19:26 - 2009-07-02 16:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
2016-04-26 10:52 - 2016-04-26 10:52 - 00011776 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleApp.exe
2016-04-26 10:52 - 2016-04-26 10:52 - 09355776 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleApp.dll
2016-04-26 10:52 - 2016-04-26 10:52 - 00123904 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll
2016-04-26 10:52 - 2016-04-26 10:52 - 03691520 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleShared.dll
2016-04-26 10:52 - 2016-04-26 10:52 - 01506304 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2016-04-26 10:52 - 2016-04-26 10:52 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-04-26 10:52 - 2016-04-26 10:52 - 00334848 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PersonPicture.UAP.dll
2016-04-30 06:17 - 2016-04-30 06:17 - 10256384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2016-05-25 08:48 - 2016-05-25 08:48 - 00679624 _____ () C:\Users\brushmore\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-04-27 14:21 - 2016-04-27 14:21 - 00035840 _____ () C:\Users\brushmore\AppData\Local\lstrmn.dll
2016-06-02 11:24 - 2016-06-02 11:24 - 00098816 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32api.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00110080 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\pywintypes27.dll
2016-06-02 11:24 - 2016-06-02 11:24 - 00364544 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\pythoncom27.dll
2016-06-02 11:24 - 2016-06-02 11:24 - 00320512 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32com.shell.shell.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00776704 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\_hashlib.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 01176576 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\wx._core_.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00806400 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\wx._gdi_.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00816128 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\wx._windows_.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 01067008 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\wx._controls_.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00733184 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\wx._misc_.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00682496 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\pysqlite2._sqlite.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00088064 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\_ctypes.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00119808 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32file.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00108544 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32security.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00007168 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\hashobjs_ext.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00017920 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\thumbnails_ext.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00088064 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\usb_ext.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00012288 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\common.time34.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00018432 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32event.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00167936 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32gui.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00046080 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\_socket.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 01208320 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\_ssl.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00128512 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\_elementtree.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00127488 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\pyexpat.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00038912 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32inet.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00036864 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\_psutil_windows.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00525208 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\windows._lib_cacheinvalidation.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00011264 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32crypt.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00077312 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\wx._html2.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00027136 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\_multiprocessing.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00020480 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\_yappi.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00035840 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32process.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00686080 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\unicodedata.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00078848 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\wx._animate.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00123392 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\wx._wizard.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00024064 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32pipe.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00010240 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\select.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00025600 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32pdh.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00017408 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32profile.pyd
2016-06-02 11:24 - 2016-06-02 11:24 - 00022528 ____R () C:\Users\brushmore\AppData\Local\Temp\_MEI56162\win32ts.pyd
2013-05-17 18:16 - 2013-05-17 18:16 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
2013-05-17 18:16 - 2013-05-17 18:16 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.dll
2013-05-17 18:16 - 2013-05-17 18:16 - 00348488 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll
2013-05-17 18:16 - 2013-05-17 18:16 - 00126792 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll
2005-07-20 00:18 - 2005-07-20 00:18 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll
2013-05-17 18:16 - 2013-05-17 18:16 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
2013-05-17 18:16 - 2013-05-17 18:16 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll
2011-01-06 09:57 - 2010-06-17 19:00 - 12286520 _____ () C:\Users\brushmore\AppData\Roaming\PictureMover\Bin\Core.dll
2011-01-06 09:57 - 2010-06-17 19:11 - 01699384 _____ () C:\Users\brushmore\AppData\Roaming\PictureMover\EN-US\Presentation.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2016-05-12 20:14 - 2016-05-11 06:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-12 20:14 - 2016-05-11 06:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
2016-05-12 20:14 - 2016-05-11 06:48 - 17565848 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll
2016-03-13 22:47 - 2016-03-13 22:47 - 48933888 _____ () C:\Program Files (x86)\WinDriveUse\libcef.dll
2015-01-14 05:55 - 2015-01-14 05:55 - 00386560 _____ () C:\Program Files (x86)\WinDriveUse\log4cplusU.dll
2016-03-13 22:47 - 2016-03-13 22:47 - 01665536 _____ () C:\Program Files (x86)\WinDriveUse\libglesv2.dll
2016-03-13 22:47 - 2016-03-13 22:47 - 00075264 _____ () C:\Program Files (x86)\WinDriveUse\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\$talisma_url$ -> hxxps://$talisma_url$
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\Control Panel\Desktop\\Wallpaper -> c:\users\brushmore\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{d5c9cceb-fc52-4a02-8ba5-dfe431759187}.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "ATT-SST_McciTrayApp"
HKLM\...\StartupApproved\Run32: => "Conime"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\StartupApproved\StartupFolder: => "FacebookGamesNotifier.exe.lnk"
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\StartupApproved\Run: => "Buzzing Dhol.exe"
HKU\S-1-5-21-2503263900-158799546-2591639019-1000\...\StartupApproved\Run: => "lstrmn"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{CDBA7D61-772E-4EFA-BA0C-F79EDD52E092}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{1C73E30A-F15B-4764-B0F2-7181189584AA}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{D3656AFC-74D2-4FD1-BF4C-9D7E93C41F66}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{B52B5131-2D44-4B48-A2EE-D3225B2D39FF}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{D1B5CBE2-6EB7-414C-B931-C4EBC6BF0DBA}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{C16ADEEE-3970-47C9-991C-C786D902E133}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{5E5A8E41-5253-4A6E-81F3-4BBC2C01BE10}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
FirewallRules: [{1561E933-44D9-4888-843D-97C9EFD5E90F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{87AB5FF3-6187-4F21-AC5E-836A0E9A94F9}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{9D28829D-BA6A-4CFA-9DD8-7E30A64F6036}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{9CE9095F-B25F-4E46-A28F-46E07F255F93}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{55DE461C-D4C8-4421-84D3-984CDA177DA4}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{0FAB022E-604C-4BF6-838D-EE403D6358E2}] => (Allow) LPort=5353
FirewallRules: [{00DDD65D-C8CA-46D8-9316-9090A848A781}] => (Allow) LPort=9322
FirewallRules: [{6F743299-1982-47F5-AA08-4E03C5AA3102}] => (Allow) LPort=5353
FirewallRules: [{978CC816-ADB8-4566-A1F0-9D4C5FA0E4A0}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{95B39356-1FCC-400E-BFDC-58E09D572C08}] => (Allow) LPort=1900
FirewallRules: [{DDEAF765-CB95-4818-944C-CDA9D60A22E1}] => (Allow) LPort=2869
FirewallRules: [{A6BE83AA-6BF3-4FD8-91E9-6B2B6D60DD41}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0F9CCD52-DBBE-40E1-B773-3506DA1723B2}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{893E36A8-922C-4AEF-BE2E-5F3BBDFCA66A}] => (Allow) svchost.exe
FirewallRules: [{CEAEDAB5-35EF-41EC-A930-7D093192F770}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5E6E6DC0-1DFB-48C4-A7A7-E7298D8923A6}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\QPService.exe
FirewallRules: [{A70951F5-DF73-4309-997D-338EC8ED315A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\QP.exe
FirewallRules: [{88BADD9F-FC37-4840-90BB-C03EA699E27A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{BE9DB4BC-CD94-4304-9182-3E6D3E46F84F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{9CBA46AA-3550-4B66-AE0C-7671E4736B23}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{2E1E126B-2E37-4095-BDB8-D973B809BFE5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{9B19C332-0176-489D-B38A-FB6243FCFD4F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{BA297109-7E92-42CC-B140-86E2DD5B8AE4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{A031A384-F475-49E3-84CC-46A4AE721ED5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{513D3901-555B-47C7-8CBC-236E28B63644}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{316E4BE8-6E1A-4FB0-A877-B99A374F1CFF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\TSMAgent.exe
FirewallRules: [{4EBF2E20-9590-4836-B04E-F00034664CA8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartVideo.exe
FirewallRules: [{217B518C-5954-4BEF-A878-D0B260B6ED95}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartPhoto.exe
FirewallRules: [{B6639966-048C-40D3-9DD3-D0CAE705E377}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartMusic.exe
FirewallRules: [{C1A71A21-B5EF-49EB-AD9E-BB86BA9ED739}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Photo\PhotoAgent.exe
FirewallRules: [{66190683-B6D9-4FF6-9F8A-0AADEF772109}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Photo\HPTouchSmartPhoto.exe
FirewallRules: [{8E2B3339-CA3E-439E-887E-7AAE5C6D3C44}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{074B874A-060A-4577-8D8B-5FE66820A865}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{751D3DEB-8CF4-4BC0-A87F-8FBDEA790BAF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{7E81C6A9-AAE9-40E8-9271-0FF2CA94AB2A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{08D73478-0277-4303-BC43-609FE53D7B03}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{79DB8D72-B5F4-455B-91E8-5761577E41E6}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩牤癩略敳睜湩牤癩略敳攮數
FirewallRules: [{0469A839-C950-4939-B32C-57B59BC1CA2E}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩牤癩略敳睜湩牤癩略敳硥e
FirewallRules: [{C9467CDB-DBD0-4FEC-81D6-A2256E9C41B4}] => (Allow) C:\Users\brushmore\AppData\Local\ddnowyes.exe
FirewallRules: [{B5BE0333-1CD5-4205-8709-31D9BFDB2472}] => (Allow) C:\Users\brushmore\AppData\Local\77240979.exe
FirewallRules: [{F97464B8-87BD-493F-A792-ECAE9406DD48}] => (Allow) C:\Users\brushmore\AppData\Local\tinstall.exe
FirewallRules: [{958384B8-3519-49A5-A1B9-4A4816D77EB3}] => (Allow) C:\Users\brushmore\AppData\Local\cap.exe
FirewallRules: [{45C2364D-6C47-46A8-A34A-2575D3D02744}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{E658D117-9F49-4D2C-AB8B-317BA37A0E7A}] => (Allow) C:\Program Files (x86)\freaky\glenlivet.exe
FirewallRules: [{FC368896-477C-4F42-BCAF-0720CF1B5769}] => (Allow) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
FirewallRules: [{2AA0D376-F2CA-4158-A190-EE22C9C4BF96}] => (Allow) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
FirewallRules: [{6F6CC42A-843A-42A9-801E-CD9302648D17}] => (Allow) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
FirewallRules: [{860209F8-6534-4672-8087-B2E32192D995}] => (Allow) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
FirewallRules: [{F3218C8B-8B16-4150-BC32-76E7D03C7E2B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A1B84356-B335-4D3E-B1A2-89BDFC747905}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2150D9E5-5688-45D6-ADE7-F245914261F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8B7EB3AB-C52D-4E0B-A2CE-81131B7A1165}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F53DC981-D367-416B-A87D-B80B31100039}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
16-05-2016 10:14:39 Windows Update
23-05-2016 10:40:04 Scheduled Checkpoint
25-05-2016 15:23:07 Removed DriverUpdate
02-06-2016 10:43:19 Removed Facebook Games Arcade 0.5.0.0
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/02/2016 12:40:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x2e58
Faulting application start time: 0xwindrivetask_.exe0
Faulting application path: windrivetask_.exe1
Faulting module path: windrivetask_.exe2
Report Id: windrivetask_.exe3
Faulting package full name: windrivetask_.exe4
Faulting package-relative application ID: windrivetask_.exe5
Error: (06/02/2016 12:40:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x31f4
Faulting application start time: 0xwindrivetask_.exe0
Faulting application path: windrivetask_.exe1
Faulting module path: windrivetask_.exe2
Report Id: windrivetask_.exe3
Faulting package full name: windrivetask_.exe4
Faulting package-relative application ID: windrivetask_.exe5
Error: (06/02/2016 12:39:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x321c
Faulting application start time: 0xwindrivetask_.exe0
Faulting application path: windrivetask_.exe1
Faulting module path: windrivetask_.exe2
Report Id: windrivetask_.exe3
Faulting package full name: windrivetask_.exe4
Faulting package-relative application ID: windrivetask_.exe5
Error: (06/02/2016 12:39:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x33cc
Faulting application start time: 0xwindrivetask_.exe0
Faulting application path: windrivetask_.exe1
Faulting module path: windrivetask_.exe2
Report Id: windrivetask_.exe3
Faulting package full name: windrivetask_.exe4
Faulting package-relative application ID: windrivetask_.exe5
Error: (06/02/2016 12:37:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x74c
Faulting application start time: 0xwindrivetask_.exe0
Faulting application path: windrivetask_.exe1
Faulting module path: windrivetask_.exe2
Report Id: windrivetask_.exe3
Faulting package full name: windrivetask_.exe4
Faulting package-relative application ID: windrivetask_.exe5
Error: (06/02/2016 12:37:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x30f0
Faulting application start time: 0xwindrivetask_.exe0
Faulting application path: windrivetask_.exe1
Faulting module path: windrivetask_.exe2
Report Id: windrivetask_.exe3
Faulting package full name: windrivetask_.exe4
Faulting package-relative application ID: windrivetask_.exe5
Error: (06/02/2016 12:37:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x2cc4
Faulting application start time: 0xwindrivetask_.exe0
Faulting application path: windrivetask_.exe1
Faulting module path: windrivetask_.exe2
Report Id: windrivetask_.exe3
Faulting package full name: windrivetask_.exe4
Faulting package-relative application ID: windrivetask_.exe5
Error: (06/02/2016 12:29:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x1c98
Faulting application start time: 0xwindrivetask_.exe0
Faulting application path: windrivetask_.exe1
Faulting module path: windrivetask_.exe2
Report Id: windrivetask_.exe3
Faulting package full name: windrivetask_.exe4
Faulting package-relative application ID: windrivetask_.exe5
Error: (06/02/2016 12:29:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x27bc
Faulting application start time: 0xwindrivetask_.exe0
Faulting application path: windrivetask_.exe1
Faulting module path: windrivetask_.exe2
Report Id: windrivetask_.exe3
Faulting package full name: windrivetask_.exe4
Faulting package-relative application ID: windrivetask_.exe5
Error: (06/02/2016 12:28:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Faulting module name: windrivetask_.exe, version: 1.3.4.3, time stamp: 0x56faaf85
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x1770
Faulting application start time: 0xwindrivetask_.exe0
Faulting application path: windrivetask_.exe1
Faulting module path: windrivetask_.exe2
Report Id: windrivetask_.exe3
Faulting package full name: windrivetask_.exe4
Faulting package-relative application ID: windrivetask_.exe5
System errors:
=============
Error: (06/02/2016 11:22:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058
Error: (06/02/2016 11:21:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_4d16c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (06/02/2016 11:21:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_4d16c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (06/02/2016 11:21:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_4d16c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (06/02/2016 11:21:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4d16c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (06/02/2016 10:53:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058
Error: (06/02/2016 10:52:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_c7ac4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (06/02/2016 10:52:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_c7ac4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (06/02/2016 10:52:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_c7ac4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (06/02/2016 10:52:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_c7ac4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
CodeIntegrity:
===================================
Date: 2016-05-17 11:04:28.903
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-16 10:46:18.230
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-12 18:35:33.357
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-12 12:13:54.148
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2016-05-12 12:13:54.107
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
Date: 2016-05-12 12:13:54.059
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
Date: 2016-05-12 12:13:53.975
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2016-05-12 12:13:53.917
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
Date: 2016-05-12 12:13:53.883
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
Date: 2016-05-12 12:13:52.048
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 80%
Total physical RAM: 3831.11 MB
Available physical RAM: 728.23 MB
Total Virtual: 15607.11 MB
Available Virtual: 10723.68 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:916.34 GB) (Free:840.39 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:14.63 GB) (Free:1.72 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 596BACF9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=916.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================