My CPU and memory get tapped out and the laptop overheats because of what appears to me to be this updatechecker file. I could be wrong. Here are the txt files:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Alan at 2015-06-13 09:37:43
Running from C:\Users\Alan\OneDrive\Documents
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1032171492-1991652538-4239616834-500 - Administrator - Disabled)
Alan (S-1-5-21-1032171492-1991652538-4239616834-1001 - Administrator - Enabled) => C:\Users\Alan
Guest (S-1-5-21-1032171492-1991652538-4239616834-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1032171492-1991652538-4239616834-1007 - Limited - Enabled)
QBDataServiceUser24 (S-1-5-21-1032171492-1991652538-4239616834-1008 - Limited - Enabled) => C:\Users\QBDataServiceUser24
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.86 - AuthenTec, Inc.) Hidden
Chrome Remote Desktop Host (HKLM-x32\...\{FD6E648E-1378-467F-AD37-2B98B379B0DD}) (Version: 44.0.2403.25 - Google Inc.)
ChromecastApp (HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
CoffeeCup Shopping Cart Creator Pro (HKLM-x32\...\CoffeeCup Shopping Cart Creator Pro 3.9.4355) (Version: 3.9.4355 - CoffeeCup Software, Inc.)
CompanionLink (HKLM-x32\...\{506EA5AF-B1FF-4340-AFC5-7A3EAC61737F}) (Version: 6.00.6000 - CompanionLink Software, Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON WorkForce 610 Series Printer Uninstall (HKLM\...\EPSON WorkForce 610 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
Evernote v. 5.8.4 (HKLM-x32\...\{C15841A6-C20A-11E4-977D-00163E98E7D6}) (Version: 5.8.4.6870 - Evernote Corp.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glary Utilities PRO 5.27 (HKLM-x32\...\Glary Utilities 5) (Version: 5.27.0.47 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToMeeting 7.2.0.2759 (HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\GoToMeeting) (Version: 7.2.0.2759 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Backup (HKLM-x32\...\{6BA5F6E7-6CC1-4117-816D-A549A06CE44E}) (Version: 8.7.0.0 - Autonomy)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{92524C67-A99D-44C6-8995-04F5E76486AF}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.244 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
invoiceASAP Sync Manager for QuickBooks (HKLM-x32\...\{1E023D68-749A-4981-8FCF-7F92FFC16251}) (Version: 4.2.1 - InvoiceASAP)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
MagTek JMSR (HKLM-x32\...\InstallShield_{A2C5F42E-26A4-4733-8EA7-2A2D8320ACD4}) (Version: 2.02.0001 - MagTek)
MagTek JMSR (x32 Version: 2.02.0001 - MagTek) Hidden
MagTek OPOS MSR v1.13 (HKLM-x32\...\{86F8DB58-1026-4829-9840-7C5615184AE6}) (Version: 1.13 - MagTek)
MagTek OPOS MSR v1.13 (x32 Version: 1.13 - MagTek) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOKR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Plaxo Toolbar for Windows (HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Plaxo) (Version: - Plaxo Incorporated)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.226 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickBooks (x32 Version: 24.0.4008.2403 - Intuit Inc.) Hidden
QuickBooks Contact Sync (HKLM-x32\...\{B6069132-BA92-46F5-B3F5-66584DB0801F}) (Version: 1.13.59 - Intuit)
QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4004.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Rapport (x32 Version: 3.5.1412.173 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
Samsung SideSync 3.0 (HKLM-x32\...\Samsung SideSync) (Version: 3.1.4.827 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1412.173 - Trusteer)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
07-06-2015 04:52:14 Scheduled Checkpoint
10-06-2015 05:57:39 Windows Defender Checkpoint
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00BE9060-26D5-41BC-BFA2-CDE8DE7CD2BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {11D202E4-DC16-4BDF-9D19-B186ECE0B640} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {24373831-4D5B-4DB1-8E1E-3393C645E4E5} - System32\Tasks\G2MUploadTask-S-1-5-21-1032171492-1991652538-4239616834-1001 => C:\Users\Alan\AppData\Local\Citrix\GoToMeeting\2759\g2mupload.exe [2015-05-31] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {3492226A-6AAD-4B39-BA21-569F82D3AA95} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {39CB3F6E-42F3-45C4-8C64-D850A94A4080} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-11-20] ()
Task: {3A510BA1-52BE-41B0-B065-E4E3977F4259} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {4F3CB76F-B4DF-4D26-A08B-509A9846CB32} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-25] (Adobe Systems Incorporated)
Task: {4F9F8D02-906C-439E-956A-6D4C6C2C194D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001UA => C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)
Task: {60093BDD-D020-4996-9938-F9BE49E9ADE6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {61079187-946C-4605-9D81-2DB83BB4D2A6} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-06-08] (Glarysoft Ltd)
Task: {6272F4F0-3D4E-4085-8C17-68EC3848409E} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {6335A016-3116-4DB1-A0F3-E195F0FCC67E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {6A2DAF0F-A89D-469D-A756-78C70831D34B} - System32\Tasks\{7D7E78D9-061D-4DEE-BB93-CC68A79D184D} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" -c /modify OUTLOOKR /dll OSETUP.DLL
Task: {6DBED4F0-4DDB-45FA-B08E-3FE348AB1CA3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {77E0F67E-0875-4E91-A32A-C26D90F698B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7B0FB8E0-9A1C-45EE-8483-BC5B25A20CFA} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {7E399FE4-38E3-4319-A2C3-029269EAB86F} - System32\Tasks\HPCeeScheduleForAlan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {8812DF1B-E2B5-409A-A7F2-FFC7A034B799} - System32\Tasks\{E5CF9C92-8DDA-49EA-ADBF-075B438019ED} => pcalua.exe -a "C:\Program Files (x86)\Adobe\GoLive CS Co-Author_ENG\GoLive.exe" -c "C:\Users\Alan\Downloads\wordpress-4.0\wordpress\wp-admin\network.php"
Task: {8D8632F1-16E8-4E52-B0EC-FDA7A32A0C41} - System32\Tasks\ProcessManager => C:\Program Files (x86)\Glary Utilities 5\procmgr.exe [2015-06-08] (Glarysoft Ltd)
Task: {9222067E-B441-4D67-837B-E44FF9926D6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A180DEA3-ABD6-4A3C-9550-4C3DC76ABD90} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {A3CC0C6C-2BB0-46BF-BB26-5F712A566666} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {AB36E310-9B48-42B2-9405-BF5E95307D94} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {AC906631-CE98-4CC0-BBDC-83418737401A} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-11-20] ()
Task: {B6B77272-1EB8-407F-BCDD-E8B4D83796D3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001Core => C:\Users\Alan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-15] (Dropbox, Inc.)
Task: {BA77166A-4378-419E-800E-458E4FBFA3BF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-12] (Microsoft Corporation)
Task: {BE04B40F-E747-4F41-93BC-0B3685034FB8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001UA => C:\Users\Alan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-15] (Dropbox, Inc.)
Task: {C6D7F8C6-5538-4D43-89E5-1A3D9381D894} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {D28B1789-C88E-47A9-8DC8-9EA2F45EDD9A} - System32\Tasks\G2MUpdateTask-S-1-5-21-1032171492-1991652538-4239616834-1001 => C:\Users\Alan\AppData\Local\Citrix\GoToMeeting\2759\g2mupdate.exe [2015-05-31] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {D5C44EEC-AB80-4F04-9FF0-357E870F9D77} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001Core => C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)
Task: {E198DC82-6041-41F0-B077-55A2F179CE93} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {EB44D338-F607-4A48-8640-C6286C0C5545} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {EB63C96E-2578-4126-B7E3-F38B201807AC} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-06-08] (Glarysoft Ltd)
Task: {EFD924D2-1D80-4A4B-9A1B-FC7336030581} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {F794AE44-E3C8-48F0-997C-0C6D2781A723} - System32\Tasks\Bidaily Synchronize Task[pr] => c:\programdata\{18fda745-b02d-add8-18fd-da745b029d16}\adobe creative suite premium.exe [2014-05-23] () <==== ATTENTION
Task: {F99AE52E-CCB6-4F77-B3AF-6F8721BFB720} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job => c:\programdata\{18fda745-b02d-add8-18fd-da745b029d16}\adobe creative suite premium.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001Core.job => C:\Users\Alan\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001UA.job => C:\Users\Alan\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1032171492-1991652538-4239616834-1001.job => C:\Users\Alan\AppData\Local\Citrix\GoToMeeting\2759\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1032171492-1991652538-4239616834-1001.job => C:\Users\Alan\AppData\Local\Citrix\GoToMeeting\2759\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001Core.job => C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001UA.job => C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAlan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => C:\WINDOWS\system32\rundll32.exeGC:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\WINDOWS\Tasks\ProcessManager.job => C:\Program Files (x86)\Glary Utilities 5\procmgr.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (Whitelisted) ==============
2012-08-10 04:36 - 2012-08-10 04:36 - 04073320 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2014-07-23 12:21 - 2014-07-23 12:21 - 00019968 _____ () c:\program files (x86)\companionlink\DCLHelper\CLDCLHelper.exe
2015-05-30 09:37 - 2015-06-12 20:12 - 00053040 _____ () C:\Program Files (x86)\Coupoon\UpdateCheck.exe
2012-09-23 06:25 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2009-03-06 15:24 - 2009-03-06 15:24 - 00057344 _____ () c:\program files (x86)\companionlink\ClxMD5.dll
2014-12-10 07:29 - 2014-12-10 07:29 - 00623432 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_regex-vc100-mt-1_47.dll
2014-12-10 07:29 - 2014-12-10 07:29 - 00582472 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\BackupLib.dll
2014-12-10 07:30 - 2014-12-10 07:30 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBCompressor.dll
2014-12-10 07:30 - 2014-12-10 07:30 - 00142664 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBProActiveCore.dll
2014-12-10 07:29 - 2014-12-10 07:29 - 00623944 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\FtuEngine.dll
2014-12-10 07:30 - 2014-12-10 07:30 - 00149320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBMAPILibrary.dll
2013-12-02 14:27 - 2013-12-02 14:27 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\zlib1.dll
2014-12-10 07:29 - 2014-12-10 07:29 - 00247112 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_serialization-vc100-mt-1_47.dll
2014-12-10 07:29 - 2014-12-10 07:29 - 00791880 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\FeaturesBridge.dll
2014-12-10 07:30 - 2014-12-10 07:30 - 00043848 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\mbpopup.dll
2014-12-10 07:30 - 2014-12-10 07:30 - 00087368 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\IPDWidgetBridge.dll
2014-12-10 07:30 - 2014-12-10 07:30 - 00104264 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\IPDWidgetInterop.dll
2014-12-10 07:31 - 2014-12-10 07:31 - 00501576 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\SyncManagerUtils.dll
2014-12-10 07:30 - 2014-12-10 07:30 - 00129352 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\ReportBridge.dll
2014-12-10 07:30 - 2014-12-10 07:30 - 00113480 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QB2WPFBridge.dll
2014-12-10 07:31 - 2014-12-10 07:31 - 00115016 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\Webification.dll
2014-12-10 07:30 - 2014-12-10 07:30 - 00060232 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\htmlhelper.dll
2014-12-10 07:30 - 2014-12-10 07:30 - 00762696 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\HPD.dll
2015-06-11 08:21 - 2015-06-11 08:21 - 00043008 _____ () c:\users\alan\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbg3lk6.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00750080 _____ () C:\Users\Alan\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00047616 _____ () C:\Users\Alan\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00865280 _____ () C:\Users\Alan\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00200704 _____ () C:\Users\Alan\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00010240 _____ () C:\Users\Alan\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00726016 _____ () C:\Users\Alan\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00010240 _____ () C:\Users\Alan\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2012-09-23 06:00 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-06-08 03:18 - 2015-06-08 03:18 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2015-05-15 23:06 - 2011-10-24 17:34 - 00036864 _____ () C:\Program Files (x86)\Intuit\QuickBooks Contact Sync\XMLManagerClass.dll
2015-02-13 09:34 - 2014-02-20 21:13 - 00111472 _____ () C:\Users\Alan\AppData\Local\Plaxo\3.36.0.29\sml.dll
2015-02-13 09:34 - 2014-02-20 21:05 - 00313344 _____ () C:\Users\Alan\AppData\Local\Plaxo\3.36.0.29\plx_sqlite.dll
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2015-06-11 22:03 - 2015-06-05 14:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-11 22:03 - 2015-06-05 14:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Alan\OneDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\businesstrack.com -> hxxps://businesstrack.com
IE trusted site: HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\ebanking-services.com -> hxxps://berkshirebank.ebanking-services.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alan\AppData\Local\Microsoft\Windows\Themes\AMS Green\DesktopBackground\amsgreen1500logo.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Acrobat Assistant.lnk"
HKLM\...\StartupApproved\Run: => "IntelliPoint"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "AdobeVersionCue"
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\StartupApproved\StartupFolder: => "Adobe Photoshop CS2 Serial numbers plus Keygen Full Download target=.lnk"
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D680612DA51C10A6CF97CCA8BA287D9E"
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\StartupApproved\Run: => "WorkForce 610(Network)"
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\StartupApproved\Run: => "swg"
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\StartupApproved\Run: => "Glary Memory Optimizer"
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\StartupApproved\Run: => "PlaxoSysTray"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{0318E452-EBC5-4A4E-BEF5-90AABD50AB3A}C:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{95C19D7C-0F8F-43AD-ABA5-F0DFC47F38A6}C:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{AC08B28F-CAE3-443E-ADD9-0A0E4ECE30EC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{CF12F730-D537-47FD-9807-0A8492EE7B42}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{0040CC04-EC91-429B-B6DA-54AACE92B58F}] => (Allow) LPort=1900
FirewallRules: [{22BE7F40-953A-44D9-8B56-55B5F7766C52}] => (Allow) LPort=2869
FirewallRules: [{3D3F4044-D6FB-4800-873D-3E5C2A0DA5C3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A3A5C0CF-11DE-4204-A961-46B1FA6DE4EA}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe
FirewallRules: [{679CF038-D6F0-458D-8F89-2819F8ED2D48}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe
FirewallRules: [TCP Query User{B74B81FF-27F3-426C-BBA6-31A4C3F6FEF7}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{A389CDAF-F877-4C2A-9240-9B2C91885020}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{2A5869CC-D9D8-497E-99B9-773AA79B3D2C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [TCP Query User{400B608D-A541-41FC-9E1A-4833B57B6D3C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{31EDCB35-8543-49B8-B4A0-03BFBEC12E20}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{B50AFC1E-41EC-47B8-9293-0F2BC8D75600}] => (Allow) C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B81F4E6F-D0FF-4818-B29D-FBA15792503B}] => (Allow) C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{AD193910-9C45-4EB2-90B6-B94A0614B35D}] => (Allow) C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe
FirewallRules: [{129B6568-9CAD-4333-A199-F75E3CDBF639}] => (Allow) C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe
FirewallRules: [{ACC3A57C-4CA5-481D-8388-B71D7E796ABC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{061998AE-7592-42D7-929A-1801EEAD10EC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{34FCF689-0A61-453C-BBA7-29A6250B1F24}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0D7179A7-7D0B-4E45-A2E0-13EF72E0586A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{057105F0-DF03-4F0B-A194-46369393D0C3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D7BA4D3D-349E-4242-92D0-6483792F12FE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [TCP Query User{51F971D5-9106-45DE-8B01-178855286E86}C:\users\alan\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\alan\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{A5360EB0-ADE0-40BA-956A-A8877C23511D}C:\users\alan\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\alan\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{9123579C-5CFD-4FE6-B0F4-F738E4B72758}C:\users\alan\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe] => (Allow) C:\users\alan\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{7B6A41ED-3EF2-4E42-9229-E0562A496397}C:\users\alan\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe] => (Allow) C:\users\alan\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{421F0D06-B84D-499D-BD18-331494834E5D}C:\users\alan\appdata\local\logmein rescue applet\lmir0004.tmp\lmi_rescue.exe] => (Allow) C:\users\alan\appdata\local\logmein rescue applet\lmir0004.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{346AB993-4CDB-465A-8142-27665A334573}C:\users\alan\appdata\local\logmein rescue applet\lmir0004.tmp\lmi_rescue.exe] => (Allow) C:\users\alan\appdata\local\logmein rescue applet\lmir0004.tmp\lmi_rescue.exe
FirewallRules: [{707667FD-8335-4A32-AA46-E65EE1D16433}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe
FirewallRules: [{8BE496D3-75FA-49C6-9DF1-45A3A576A875}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/13/2015 09:31:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f
Faulting module name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f
Exception code: 0x4000001f
Fault offset: 0x00233f00
Faulting process id: 0x3c6c
Faulting application start time: 0xsndvol.exe0
Faulting application path: sndvol.exe1
Faulting module path: sndvol.exe2
Report Id: sndvol.exe3
Faulting package full name: sndvol.exe4
Faulting package-relative application ID: sndvol.exe5
Error: (06/13/2015 09:31:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f
Faulting module name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f
Exception code: 0x4000001f
Fault offset: 0x00233f00
Faulting process id: 0x7ac4
Faulting application start time: 0xsndvol.exe0
Faulting application path: sndvol.exe1
Faulting module path: sndvol.exe2
Report Id: sndvol.exe3
Faulting package full name: sndvol.exe4
Faulting package-relative application ID: sndvol.exe5
Error: (06/13/2015 09:30:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f
Faulting module name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f
Exception code: 0x4000001f
Fault offset: 0x00233f00
Faulting process id: 0x2840
Faulting application start time: 0xsndvol.exe0
Faulting application path: sndvol.exe1
Faulting module path: sndvol.exe2
Report Id: sndvol.exe3
Faulting package full name: sndvol.exe4
Faulting package-relative application ID: sndvol.exe5
Error: (06/13/2015 09:29:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: systray.exe, version: 6.3.9600.16384, time stamp: 0x5579361f
Faulting module name: systray.exe, version: 6.3.9600.16384, time stamp: 0x5579361f
Exception code: 0x4000001f
Fault offset: 0x00233f00
Faulting process id: 0x8020
Faulting application start time: 0xsystray.exe0
Faulting application path: systray.exe1
Faulting module path: systray.exe2
Report Id: systray.exe3
Faulting package full name: systray.exe4
Faulting package-relative application ID: systray.exe5
Error: (06/13/2015 08:32:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f
Faulting module name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f
Exception code: 0x4000001f
Fault offset: 0x00233f00
Faulting process id: 0x372c
Faulting application start time: 0xsndvol.exe0
Faulting application path: sndvol.exe1
Faulting module path: sndvol.exe2
Report Id: sndvol.exe3
Faulting package full name: sndvol.exe4
Faulting package-relative application ID: sndvol.exe5
Error: (06/13/2015 07:46:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: systray.exe, version: 6.3.9600.16384, time stamp: 0x5579361f
Faulting module name: systray.exe, version: 6.3.9600.16384, time stamp: 0x5579361f
Exception code: 0x4000001f
Fault offset: 0x00233f00
Faulting process id: 0x3dbc
Faulting application start time: 0xsystray.exe0
Faulting application path: systray.exe1
Faulting module path: systray.exe2
Report Id: systray.exe3
Faulting package full name: systray.exe4
Faulting package-relative application ID: systray.exe5
Error: (06/13/2015 07:46:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: systray.exe, version: 6.3.9600.16384, time stamp: 0x5579361f
Faulting module name: systray.exe, version: 6.3.9600.16384, time stamp: 0x5579361f
Exception code: 0x4000001f
Fault offset: 0x00233f00
Faulting process id: 0x6544
Faulting application start time: 0xsystray.exe0
Faulting application path: systray.exe1
Faulting module path: systray.exe2
Report Id: systray.exe3
Faulting package full name: systray.exe4
Faulting package-relative application ID: systray.exe5
Error: (06/13/2015 07:36:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f
Faulting module name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f
Exception code: 0x4000001f
Fault offset: 0x00233f00
Faulting process id: 0x625c
Faulting application start time: 0xsndvol.exe0
Faulting application path: sndvol.exe1
Faulting module path: sndvol.exe2
Report Id: sndvol.exe3
Faulting package full name: sndvol.exe4
Faulting package-relative application ID: sndvol.exe5
Error: (06/13/2015 06:32:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f
Faulting module name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f
Exception code: 0x4000001f
Fault offset: 0x00233f00
Faulting process id: 0x8490
Faulting application start time: 0xsndvol.exe0
Faulting application path: sndvol.exe1
Faulting module path: sndvol.exe2
Report Id: sndvol.exe3
Faulting package full name: sndvol.exe4
Faulting package-relative application ID: sndvol.exe5
Error: (06/13/2015 06:29:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: systray.exe, version: 6.3.9600.16384, time stamp: 0x5579361f
Faulting module name: systray.exe, version: 6.3.9600.16384, time stamp: 0x5579361f
Exception code: 0x4000001f
Fault offset: 0x00233f00
Faulting process id: 0x645c
Faulting application start time: 0xsystray.exe0
Faulting application path: systray.exe1
Faulting module path: systray.exe2
Report Id: systray.exe3
Faulting package full name: systray.exe4
Faulting package-relative application ID: systray.exe5
System errors:
=============
Error: (06/13/2015 09:47:22 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
Error: (06/13/2015 04:05:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
Error: (06/12/2015 08:12:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The UpdateCheck service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 600000 milliseconds: Restart the service.
Error: (06/12/2015 00:01:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The UpdateCheck service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
Error: (06/12/2015 06:53:08 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
Error: (06/11/2015 11:27:51 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (06/11/2015 08:19:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CoupoonService64 service terminated unexpectedly. It has done this 1 time(s).
Error: (06/11/2015 08:18:12 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.
Error: (06/11/2015 08:18:51 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:12:12 AM on 6/11/2015 was unexpected.
Error: (06/11/2015 07:54:23 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
Microsoft Office:
=========================
Error: (06/13/2015 09:31:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: sndvol.exe6.3.9600.172385579361fsndvol.exe6.3.9600.172385579361f4000001f00233f003c6c01d0a5dd37c29948C:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exeC:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exe7ce1d9c3-11d0-11e5-bef8-a0b3cc47db5e
Error: (06/13/2015 09:31:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: sndvol.exe6.3.9600.172385579361fsndvol.exe6.3.9600.172385579361f4000001f00233f007ac401d0a5dd2bc0f629C:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exeC:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exe7110c159-11d0-11e5-bef8-a0b3cc47db5e
Error: (06/13/2015 09:30:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: sndvol.exe6.3.9600.172385579361fsndvol.exe6.3.9600.172385579361f4000001f00233f00284001d0a5dd1fbddbb5C:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exeC:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exe650ff9e8-11d0-11e5-bef8-a0b3cc47db5e
Error: (06/13/2015 09:29:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: systray.exe6.3.9600.163845579361fsystray.exe6.3.9600.163845579361f4000001f00233f00802001d0a5dce34faab5C:\WINDOWS\SysWOW64\config\systemprofile\systray.exeC:\WINDOWS\SysWOW64\config\systemprofile\systray.exe2a3136b6-11d0-11e5-bef8-a0b3cc47db5e
Error: (06/13/2015 08:32:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: sndvol.exe6.3.9600.172385579361fsndvol.exe6.3.9600.172385579361f4000001f00233f00372c01d0a5d4f53531fdC:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exeC:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exe3aebb0e5-11c8-11e5-bef8-a0b3cc47db5e
Error: (06/13/2015 07:46:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: systray.exe6.3.9600.163845579361fsystray.exe6.3.9600.163845579361f4000001f00233f003dbc01d0a5ce8ff521b1C:\WINDOWS\SysWOW64\config\systemprofile\systray.exeC:\WINDOWS\SysWOW64\config\systemprofile\systray.exed4ec1b4e-11c1-11e5-bef8-a0b3cc47db5e
Error: (06/13/2015 07:46:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: systray.exe6.3.9600.163845579361fsystray.exe6.3.9600.163845579361f4000001f00233f00654401d0a5ce838002edC:\WINDOWS\SysWOW64\config\systemprofile\systray.exeC:\WINDOWS\SysWOW64\config\systemprofile\systray.exec877501e-11c1-11e5-bef8-a0b3cc47db5e
Error: (06/13/2015 07:36:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: sndvol.exe6.3.9600.172385579361fsndvol.exe6.3.9600.172385579361f4000001f00233f00625c01d0a5cd36c57141C:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exeC:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exe7bc862c2-11c0-11e5-bef8-a0b3cc47db5e
Error: (06/13/2015 06:32:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: sndvol.exe6.3.9600.172385579361fsndvol.exe6.3.9600.172385579361f4000001f00233f00849001d0a5c43525e9beC:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exeC:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exe7a1d70e8-11b7-11e5-bef8-a0b3cc47db5e
Error: (06/13/2015 06:29:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: systray.exe6.3.9600.163845579361fsystray.exe6.3.9600.163845579361f4000001f00233f00645c01d0a5c3c818f2e5C:\WINDOWS\SysWOW64\config\systemprofile\systray.exeC:\WINDOWS\SysWOW64\config\systemprofile\systray.exe0d11eca8-11b7-11e5-bef8-a0b3cc47db5e
CodeIntegrity Errors:
===================================
Date: 2015-06-11 09:08:51.720
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-10 08:11:12.602
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-10 06:04:33.282
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-06 07:59:18.746
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-02 09:21:35.673
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-02 08:25:24.316
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-30 11:06:55.355
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-27 04:52:03.801
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-25 08:54:16.323
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-24 05:20:09.152
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 76%
Total physical RAM: 6033.27 MB
Available physical RAM: 1436.28 MB
Total Pagefile: 8854.97 MB
Available Pagefile: 1525.29 MB
Total Virtual: 131072 MB
Available Virtual: 131071.74 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:567.69 GB) (Free:446.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:26.92 GB) (Free:3.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (MEMORY 8000) (Removable) (Total:0.95 GB) (Free:0.13 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: A50E1C7D)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 968 MB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.
==================== End of log ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Alan (administrator) on AMS-LT on 13-06-2015 09:29:02
Running from C:\Users\Alan\OneDrive\Documents
Loaded Profiles: Alan & QBDataServiceUser24 (Available Profiles: Alan & QBDataServiceUser24)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBDBMgrN.exe
(CompanionLink Software, Inc.) C:\Program Files (x86)\CompanionLink\CompanionLink.exe
(Plaxo, Inc.) C:\Users\Alan\AppData\Local\Plaxo\3.36.0.29\PlaxoHelper_en.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIFJA.EXE
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
(Dropbox, Inc.) C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intuit Inc. All rights reserved.) C:\Users\Alan\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\MemfilesService.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\x64\Win64ShellLink.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\dbextclr11.exe
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
() C:\Program Files (x86)\CompanionLink\DCLHelper\CLDCLHelper.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
(Microsoft Corporation) C:\Users\Alan\AppData\Local\Temp\mpam-899529ea.exe
(Microsoft Corporation) C:\7d1c5ed6e6610fa07f1b0f9e4de8\MPSigStub.exe
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2014-09-07] (IDT, Inc.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-01-28] (Hewlett-Packard)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [CompanionLink] => c:\program files (x86)\companionlink\companionlink.exe [23796368 2015-02-05] (CompanionLink Software, Inc.)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [WorkForce 610(Network)] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-06-08] (Glarysoft Ltd)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [Google Update] => C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-05] (Google Inc.)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-11-07] (Google Inc.)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [PlaxoUpdate] => C:\Users\Alan\AppData\Local\Plaxo\3.36.0.29\PlaxoHelper_en.exe [2080624 2014-02-20] (Plaxo, Inc.)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [PlaxoSysTray] => C:\Users\Alan\AppData\Local\Plaxo\3.36.0.29\PlaxoSysTray.exe [16752 2014-02-20] (Plaxo, Inc.)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [Glary Memory Optimizer] => C:\Program Files (x86)\Glary Utilities 5\memdefrag.exe [122656 2015-06-08] (Glarysoft Ltd)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [Dropbox Update] => C:\Users\Alan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-05-15] (Dropbox, Inc.)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [823EADEA75B0A1548DF70B57581868B7B9A1F293._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-05] (Google Inc.)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [EPSON] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe [610296 2015-05-05] (Adobe Systems Incorporated)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\MountPoints2: {37420eee-ad36-11e4-bec7-20689d0d300a} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\MountPoints2: {b857c929-05e0-11e5-bef1-a0b3cc47db5e} - "E:\VZW_Software_upgrade_assistant.exe"
Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-11-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-01-07]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-09-06]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-09-06]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-09-06]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
BootExecute: autocheck autochk *
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.msn.com/HPNOT13/1
URLSearchHook: [S-1-5-21-1032171492-1991652538-4239616834-1008] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKU\S-1-5-21-1032171492-1991652538-4239616834-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-01-07] (LastPass)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-01-07] (LastPass)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-07] (Google Inc.)
Toolbar: HKU\S-1-5-21-1032171492-1991652538-4239616834-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2014-12-10] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-01-07] (LastPass)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2012-08-10] ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-01-07] (LastPass)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1032171492-1991652538-4239616834-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Alan\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-12-11] (Citrix Online)
FF Plugin HKU\S-1-5-21-1032171492-1991652538-4239616834-1001: @client.dropbox.com/Dropbox Update;version=3 -> C:\Users\Alan\AppData\Local\Dropbox\Update\1.3.27.15\npDropboxUpdate3.dll [2015-05-15] (Dropbox, Inc.)
FF Plugin HKU\S-1-5-21-1032171492-1991652538-4239616834-1001: @client.dropbox.com/Dropbox Update;version=9 -> C:\Users\Alan\AppData\Local\Dropbox\Update\1.3.27.15\npDropboxUpdate3.dll [2015-05-15] (Dropbox, Inc.)
FF Plugin HKU\S-1-5-21-1032171492-1991652538-4239616834-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Alan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1032171492-1991652538-4239616834-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Alan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1032171492-1991652538-4239616834-1001: hp.com/HPDetect -> C:\Users\Alan\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
Chrome:
=======
CHR Profile: C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-30]
CHR Extension: (The Fractulator) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmiaedkpcndfgiicpfbmdffpkpkjgdpl [2015-05-30]
CHR Extension: (Email this page (by Google)) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2015-05-30]
CHR Extension: (Google Tasks (by Google)) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd [2015-05-30]
CHR Extension: (MailChimp) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\einnfnfpkbbebamphappjlmbedgjbnoe [2015-05-30]
CHR Extension: (Google Calendar) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-05-30]
CHR Extension: (Website Logon) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2015-05-30]
CHR Extension: (Full Screen Weather) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-05-30]
CHR Extension: (Print Selection) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkdpdnociibpkkpjgmcmdlnjlebpajk [2015-05-30]
CHR Extension: (Share on Google Plus) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfkobenbpcjmmejiokpopekegkpogbdn [2015-05-30]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-01-07]
CHR Extension: (Fast Search for eBay) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjajclaocdighkjplbekkofpmdbcjghf [2015-05-30]
CHR Extension: (Google Play) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-05-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-11]
CHR Extension: (Google Maps) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-05-30]
CHR Extension: (Print) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiefodmmloajakmcfnpnjpkldellhlj [2015-05-30]
CHR Extension: (QR Code Generator) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nanmadekhdoofgmhichkcjlgiofmofbl [2015-05-30]
CHR Extension: (QR Image from URL) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce [2015-05-30]
CHR Extension: (Google Wallet) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-06]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-05-30]
CHR Extension: (My Chrome Theme) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-05-30]
CHR Extension: (Floor Plan Creator) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogbnemfckmdpkeeccieeahplnemmbcfg [2015-05-30]
CHR Extension: (Sửa lỗi \) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\plkplgmhfkkhokgkdkblfcnfeccpippe [2015-06-11]
CHR Profile: C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-20]
CHR Extension: (CacheList) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\amhhdbdhoghppijbjfdkiaconkmfbbpa [2015-06-06]
CHR Extension: (Google Docs) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-20]
CHR Extension: (Google Drive) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20]
CHR Extension: (YouTube) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-20]
CHR Extension: (Google Search) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-20]
CHR Extension: (multiNotifier for multiple Gmail accounts) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dcdpjakjgmgklajndnlekpojkelnibfp [2015-06-02]
CHR Extension: (Website Logon) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2014-10-20]
CHR Extension: (Google Sheets) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-20]
CHR Extension: (Dictionary Bubble Instant Dictionary) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfembjnmeainjncdflaoclcjadfhpoim [2015-05-01]
CHR Extension: (Google Wallet) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-20]
CHR Extension: (Gmail) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-20]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [310912 2013-05-16] (Windows ® Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe [69448 2015-05-28] (Google Inc.)
S2 CoupoonService64; C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe [172344 2015-04-02] ()
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-10] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-12-02] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-12-02] (Intuit Inc.) [File not signed]
R3 QuickBooksDB24; C:\Program Files (x86)\Intuit\QuickBooks 2014\QBDBMgrN.exe [679936 2013-12-02] (Intuit, Inc.) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2222360 2015-05-28] (IBM Corp.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe [53040 2015-06-12] ()
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-30] (Validity Sensors, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-09-08] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2015-05-03] (Glarysoft Ltd)
S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-08-20] (Atheros)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2015-04-02] (NetFilterSDK.com)
R1 RapportCerberus_1412108; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1412108.sys [910872 2015-06-10] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [484088 2015-05-28] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [121208 2015-05-28] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [375128 2015-05-28] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [479320 2015-05-28] (IBM Corp.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
S4 Wpdesrer; No ImagePath
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-13 09:28 - 2015-06-13 09:28 - 00000000 ____D C:\7d1c5ed6e6610fa07f1b0f9e4de8
2015-06-13 08:57 - 2015-06-13 09:29 - 00000000 ____D C:\FRST
2015-06-13 08:45 - 2015-06-13 08:45 - 00000000 ____D C:\ProgramData\bba09a2600004a37
2015-06-13 08:43 - 2015-06-13 08:43 - 00000000 ____D C:\ProgramData\252c331400007422
2015-06-13 08:31 - 2015-06-13 08:31 - 00003122 _____ C:\WINDOWS\System32\Tasks\ParetoLogic Registration3
2015-06-13 08:31 - 2015-06-13 08:31 - 00000480 _____ C:\WINDOWS\Tasks\ParetoLogic Registration3.job
2015-06-13 08:30 - 2015-06-13 08:30 - 00002910 _____ C:\WINDOWS\System32\Tasks\ParetoLogic Update Version3 Startup Task
2015-06-13 08:30 - 2015-06-13 08:30 - 00000506 _____ C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-06-13 08:30 - 2015-06-13 08:30 - 00000000 ____D C:\Users\Alan\AppData\Roaming\ParetoLogic
2015-06-13 08:30 - 2015-06-13 08:30 - 00000000 ____D C:\Users\Alan\AppData\Roaming\DriverCure
2015-06-13 08:29 - 2015-06-13 08:44 - 00000000 ____D C:\ProgramData\ParetoLogic
2015-06-13 08:29 - 2015-06-13 08:30 - 00003242 _____ C:\WINDOWS\System32\Tasks\ParetoLogic Update Version3
2015-06-13 08:29 - 2015-06-13 08:30 - 00000454 _____ C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
2015-06-11 22:03 - 2015-06-11 22:03 - 00002279 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-11 22:03 - 2015-06-11 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-10 18:11 - 2015-06-10 18:11 - 00000000 ____D C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-06 07:19 - 2015-06-12 21:59 - 00000000 ____D C:\ProgramData\85f278110000749d
2015-06-06 00:59 - 2015-06-06 00:59 - 00000000 ____D C:\Program Files (x86)\ExsttraSAvIngs
2015-06-06 00:59 - 2015-06-06 00:59 - 00000000 ____D C:\Program Files (x86)\ExsTraSavings
2015-06-06 00:57 - 2015-06-06 00:57 - 00000000 ____D C:\ProgramData\bdfodbplkhnfjeaidmhkkonllbpjboho
2015-06-06 00:57 - 2015-06-06 00:57 - 00000000 ____D C:\Program Files (x86)\CacheList
2015-06-06 00:55 - 2015-06-10 08:29 - 00000000 ____D C:\Program Files (x86)\ExsstRaSavings
2015-06-05 18:14 - 2015-06-05 18:14 - 00749963 _____ C:\Users\Alan\Downloads\AvaTax_Pro_Toolkit.zip
2015-06-05 18:12 - 2015-06-05 18:12 - 00002714 _____ C:\Users\Alan\Downloads\bulk-edit-product-import-template.csv
2015-06-05 17:16 - 2015-06-05 17:16 - 01532224 _____ (LogMeIn, Inc.) C:\Users\Alan\Downloads\Support-LogMeInRescue (4).exe
2015-06-05 09:26 - 2015-06-05 09:26 - 01532224 _____ (LogMeIn, Inc.) C:\Users\Alan\Downloads\Support-LogMeInRescue (3).exe
2015-06-03 11:34 - 2015-06-03 11:34 - 01532224 _____ (LogMeIn, Inc.) C:\Users\Alan\Downloads\Support-LogMeInRescue (2).exe
2015-06-02 09:07 - 2015-06-02 09:07 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Alan\Downloads\SpyHunter-Installer.exe
2015-06-02 08:29 - 2015-06-12 17:47 - 00000000 ____D C:\ProgramData\5ca5a4280000224c
2015-05-31 09:44 - 2015-06-13 09:26 - 00000666 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1032171492-1991652538-4239616834-1001.job
2015-05-31 09:44 - 2015-05-31 09:44 - 00003660 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-1032171492-1991652538-4239616834-1001
2015-05-30 09:48 - 2015-06-13 04:45 - 00000112 _____ C:\ProgramData\s73Bt3.dat
2015-05-30 09:38 - 2015-06-13 09:35 - 00000000 ____D C:\ProgramData\abc
2015-05-30 09:38 - 2015-06-02 23:34 - 00000000 ____D C:\ProgramData\e3e80d5e000064f2
2015-05-30 09:38 - 2015-05-30 09:38 - 00000005 _____ C:\end
2015-05-30 09:38 - 2015-05-30 09:38 - 00000000 ____D C:\Program Files\Coupoon
2015-05-30 09:37 - 2015-06-02 07:58 - 00000000 ____D C:\Program Files (x86)\Coupoon
2015-05-30 09:37 - 2015-05-30 09:37 - 00000000 _____ C:\LIL6F35.tmp
2015-05-30 09:36 - 2015-05-30 09:36 - 00421888 _____ C:\Users\Alan\Downloads\Setup (1).exe
2015-05-30 09:34 - 2015-05-30 09:38 - 00000000 ____D C:\Users\Alan\AppData\Local\Chromium
2015-05-30 09:33 - 2015-05-30 09:33 - 00000000 _____ C:\LILE7C4.tmp
2015-05-30 09:32 - 2015-05-30 09:32 - 00421888 _____ C:\Users\Alan\Downloads\Setup.exe
2015-05-30 09:32 - 2015-05-30 09:32 - 00000000 ____D C:\0a08af96-aa2b-423d-a3f9-4531f2ee5a39
2015-05-30 09:23 - 2015-05-30 09:23 - 01532224 _____ (LogMeIn, Inc.) C:\Users\Alan\Downloads\Support-LogMeInRescue (1).exe
2015-05-29 07:15 - 2015-05-29 07:15 - 02211783 _____ C:\Users\Alan\Downloads\certified-light-bulbs-2015-05-29.csv
2015-05-28 21:44 - 2015-05-28 21:44 - 01532224 _____ (LogMeIn, Inc.) C:\Users\Alan\Downloads\Support-LogMeInRescue.exe
2015-05-28 21:22 - 2015-06-09 11:07 - 00000024 _____ C:\Users\Alan\AppData\Roaming\appdataFr25.bin
2015-05-28 08:23 - 2015-05-28 08:23 - 24226894 _____ C:\Users\Alan\Downloads\mobirise-free-win.zip
2015-05-25 09:23 - 2015-05-25 09:23 - 00016050 _____ C:\Users\Alan\AppData\Local\recently-used.xbel
2015-05-25 07:37 - 2015-06-13 09:23 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-25 07:37 - 2015-05-25 07:37 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-05-24 14:55 - 2015-05-24 14:55 - 00000000 ____D C:\Users\Alan\AppData\Local\webkit
2015-05-24 14:15 - 2015-05-24 14:15 - 00000910 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-05-24 14:15 - 2015-05-24 14:15 - 00000898 _____ C:\Users\Public\Desktop\GIMP 2.lnk
2015-05-24 14:14 - 2015-05-24 14:15 - 00000000 ____D C:\Program Files\GIMP 2
2015-05-24 14:11 - 2015-05-24 14:11 - 00009127 _____ C:\Users\Alan\Downloads\gimp-2.8.14-setup-1.exe (1).torrent
2015-05-24 09:44 - 2015-05-25 08:17 - 00000000 ____D C:\Program Files\paint.net
2015-05-24 09:43 - 2015-05-24 09:47 - 00000000 ____D C:\Users\Alan\AppData\Local\paint.net
2015-05-24 09:26 - 2015-05-24 09:26 - 06528454 _____ C:\Users\Alan\Downloads\paint.net.4.0.5.install.zip
2015-05-23 21:55 - 2007-02-20 16:04 - 02463976 _____ C:\WINDOWS\SysWOW64\NPSWF32.dll
2015-05-23 21:55 - 2007-02-20 16:04 - 00190696 _____ (Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\NPSWF32_FlashUtil.exe
2015-05-23 20:50 - 2015-05-23 20:50 - 00000000 ____D C:\ProgramData\gllllkgjemfihkfieabciiffngcjielp
2015-05-23 20:43 - 2015-05-23 20:43 - 00000000 _____ C:\Users\Alan\AppData\Local\Temp.dat
2015-05-23 20:42 - 2015-06-02 02:44 - 00000000 ____D C:\ProgramData\b495037800002fba
2015-05-23 20:05 - 2015-05-23 20:05 - 05982989 _____ C:\Users\Alan\Downloads\AdobeCreativeCloudCleanerTool.zip
2015-05-23 09:43 - 2015-05-23 09:43 - 00000000 ____D C:\ProgramData\jpkegfmhmddijdajkiejgofpfkhcccec
2015-05-23 09:38 - 2015-06-12 21:38 - 00000382 _____ C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job
2015-05-23 09:38 - 2015-05-23 21:38 - 00000000 ____D C:\ProgramData\{18fda745-b02d-add8-18fd-da745b029d16}
2015-05-23 09:38 - 2015-05-23 09:38 - 02051584 _____ C:\Users\Alan\Downloads\adobe creative suite premium.exe
2015-05-23 09:38 - 2015-05-23 09:38 - 00003268 _____ C:\WINDOWS\System32\Tasks\Bidaily Synchronize Task[pr]
2015-05-22 00:14 - 2015-05-23 10:12 - 00000000 ____D C:\ProgramData\FLEXnet
2015-05-21 23:59 - 2015-05-21 23:59 - 00000000 ____D C:\WINDOWS\SysWOW64\spool
2015-05-21 23:41 - 2015-05-21 23:46 - 486108144 _____ (Adobe Systems Incorporated) C:\Users\Alan\Downloads\ADBEPHSPCS3_WWE.exe
2015-05-21 23:39 - 2015-05-22 00:15 - 963021411 _____ C:\Users\Alan\Downloads\ADBESTVDCS3.7z
2015-05-21 23:39 - 2015-05-21 23:41 - 215001904 _____ (Adobe Systems Incorporated) C:\Users\Alan\Downloads\STVDCS3_Cont.exe
2015-05-21 23:39 - 2015-05-21 23:39 - 01085768 _____ (Adobe Systems Incorporated) C:\Users\Alan\Downloads\ADBESTVDCS3.exe
2015-05-21 22:12 - 2015-05-21 23:27 - 00000779 _____ C:\temp.log
2015-05-21 20:50 - 2015-05-21 20:50 - 00002523 _____ C:\Users\Public\Desktop\Evernote.lnk
2015-05-21 20:50 - 2015-05-21 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-05-21 20:49 - 2015-05-21 20:49 - 00000000 ____D C:\Program Files (x86)\Evernote
2015-05-21 20:46 - 2015-05-21 20:46 - 99237384 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Alan\Downloads\Evernote_5.8.4.6870.exe
2015-05-19 08:59 - 2015-05-19 08:59 - 02145673 _____ C:\Users\Alan\Downloads\certified-light-bulbs-2015-05-19.csv
2015-05-15 23:06 - 2008-04-13 11:54 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdaf58a.rra
2015-05-15 23:06 - 2005-04-03 18:31 - 00089360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VB5DB.DLL
2015-05-15 23:06 - 1998-06-17 23:00 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSRDO20.DLL
2015-05-15 23:06 - 1998-06-17 23:00 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RDOCURS.DLL
2015-05-15 14:15 - 2015-05-15 14:15 - 00065560 _____ C:\Users\Alan\Downloads\NETGEAR_WNDR3400v3.cfg
2015-05-15 12:13 - 2015-05-15 12:14 - 393912120 _____ (Intuit Inc.) C:\Users\Alan\Downloads\qbwebpatch.exe
2015-05-15 03:30 - 2015-06-13 09:35 - 00000928 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001UA.job
2015-05-15 03:30 - 2015-06-13 03:35 - 00000876 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001Core.job
2015-05-15 03:30 - 2015-05-15 03:30 - 00003872 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001UA
2015-05-15 03:30 - 2015-05-15 03:30 - 00003492 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001Core
2015-05-15 03:30 - 2015-05-15 03:30 - 00000000 ____D C:\Users\Alan\AppData\Local\Dropbox
2015-05-15 03:30 - 2015-05-15 03:30 - 00000000 ____D C:\ProgramData\Dropbox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-13 09:28 - 2014-09-08 11:19 - 01053983 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-13 09:18 - 2014-12-11 10:19 - 00000570 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1032171492-1991652538-4239616834-1001.job
2015-06-13 09:03 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-13 08:50 - 2014-09-06 13:05 - 00003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8F12032E-C313-4BFD-8DA8-BE49B2D571E8}
2015-06-13 08:49 - 2014-09-06 13:13 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1032171492-1991652538-4239616834-1001
2015-06-13 08:45 - 2014-10-28 10:25 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-13 08:44 - 2015-01-05 14:29 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001UA.job
2015-06-13 08:41 - 2014-09-06 18:19 - 00000000 ____D C:\Users\Alan\Documents\Outlook Files
2015-06-13 07:59 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-13 02:45 - 2014-10-28 10:25 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-13 01:44 - 2015-01-05 14:29 - 00000866 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001Core.job
2015-06-11 22:03 - 2014-09-06 17:42 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-11 08:25 - 2015-02-16 10:07 - 00002966 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC
2015-06-11 08:25 - 2014-10-28 17:35 - 00003306 _____ C:\WINDOWS\System32\Tasks\GlaryInitialize 5
2015-06-11 08:25 - 2014-10-28 17:35 - 00001108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-06-11 08:25 - 2014-10-28 17:35 - 00001096 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-06-11 08:25 - 2014-10-28 17:34 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-06-11 08:24 - 2015-03-20 21:02 - 00000354 _____ C:\WINDOWS\Tasks\ProcessManager.job
2015-06-11 08:22 - 2014-09-08 17:10 - 00000000 ____D C:\Users\Alan\OneDrive
2015-06-11 08:22 - 2014-09-06 18:13 - 00000000 ____D C:\Users\Alan\Dropbox
2015-06-11 08:22 - 2014-09-06 18:10 - 00000000 ____D C:\Users\Alan\AppData\Roaming\Dropbox
2015-06-11 08:21 - 2015-02-13 09:34 - 00000000 ____D C:\Users\Alan\AppData\Local\Plaxo
2015-06-11 08:19 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-11 08:18 - 2014-10-16 18:23 - 00000000 ____D C:\Users\QBDataServiceUser24
2015-06-11 08:18 - 2014-09-08 11:02 - 00000000 ____D C:\Users\Alan
2015-06-10 22:08 - 2014-09-28 20:59 - 00003154 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAlan
2015-06-10 22:08 - 2014-09-28 20:59 - 00000342 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAlan.job
2015-06-10 07:34 - 2014-09-11 10:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-06-10 07:31 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-06-06 01:00 - 2015-05-01 23:48 - 00000000 ____D C:\ProgramData\13140839548693954216
2015-06-05 23:56 - 2014-09-08 09:22 - 00000000 ____D C:\Users\Alan\AppData\Local\LogMeIn Rescue Applet
2015-06-02 08:47 - 2014-09-06 13:05 - 00000000 ____D C:\Users\Alan\AppData\Roaming\Adobe
2015-06-02 08:46 - 2014-09-07 09:25 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-02 08:36 - 2014-09-07 09:25 - 00000000 ____D C:\ProgramData\Adobe
2015-05-31 10:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-05-31 09:44 - 2014-12-11 10:19 - 00003564 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-1032171492-1991652538-4239616834-1001
2015-05-31 07:34 - 2015-04-08 09:34 - 00088064 ___SH C:\Users\Alan\Downloads\Thumbs.db
2015-05-30 09:44 - 2015-02-06 12:13 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-28 15:16 - 2014-09-11 10:44 - 00375128 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2015-05-28 15:16 - 2014-09-11 10:44 - 00121208 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2015-05-26 19:41 - 2014-03-18 06:03 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-25 11:26 - 2014-12-10 08:48 - 00000000 ____D C:\Users\Alan\.gimp-2.8
2015-05-25 09:23 - 2014-12-10 08:58 - 00000000 ____D C:\Users\Alan\AppData\Local\gtk-2.0
2015-05-25 07:37 - 2014-11-12 09:47 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-25 07:37 - 2014-11-12 09:47 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-25 07:30 - 2015-01-05 14:29 - 00003862 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001UA
2015-05-23 20:19 - 2013-08-22 10:44 - 02368280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-23 10:30 - 2014-09-07 09:33 - 00000000 ____D C:\Users\Alan\AppData\Local\Adobe
2015-05-21 22:24 - 2012-08-17 15:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-05-18 10:31 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\tracing
2015-05-16 02:40 - 2014-10-28 10:25 - 00003892 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 02:40 - 2014-10-28 10:25 - 00003656 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 01:39 - 2015-01-05 14:29 - 00003482 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001Core
2015-05-15 23:06 - 2014-09-06 20:04 - 00000000 ____D C:\Program Files (x86)\Intuit
2015-05-15 23:06 - 2014-09-06 20:02 - 00000000 ____D C:\ProgramData\INTUIT
2015-05-15 23:06 - 2012-08-17 15:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
==================== Files in the root of some directories =======
2015-01-07 10:22 - 2015-01-07 11:48 - 14147584 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-05-28 21:22 - 2015-06-09 11:07 - 0000024 _____ () C:\Users\Alan\AppData\Roaming\appdataFr25.bin
2015-03-09 07:41 - 2015-03-09 07:41 - 0038436 _____ () C:\Users\Alan\AppData\Roaming\Comma Separated Values (Windows).ADR
2015-04-28 21:29 - 2015-04-30 18:46 - 0039936 _____ () C:\Users\Alan\AppData\Roaming\SharedSettings.ccs
2015-03-16 18:44 - 2015-03-16 18:44 - 0000000 ____H () C:\Users\Alan\AppData\Local\BITEC4B.tmp
2015-04-10 16:47 - 2015-04-10 16:47 - 0004096 ____H () C:\Users\Alan\AppData\Local\keyfile3.drm
2015-05-25 09:23 - 2015-05-25 09:23 - 0016050 _____ () C:\Users\Alan\AppData\Local\recently-used.xbel
2014-09-06 16:52 - 2014-09-06 16:54 - 0007603 _____ () C:\Users\Alan\AppData\Local\resmon.resmoncfg
2015-05-04 12:02 - 2015-05-04 12:02 - 0000798 _____ () C:\Users\Alan\AppData\Local\Temp-log.txt
2015-05-23 20:43 - 2015-05-23 20:43 - 0000000 _____ () C:\Users\Alan\AppData\Local\Temp.dat
2015-03-16 18:40 - 2015-03-16 18:40 - 0000000 _____ () C:\Users\Alan\AppData\Local\{5A56A850-0445-4E88-9056-6CEE642EAFDE}
2015-04-12 08:05 - 2015-04-12 13:03 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-05-30 09:48 - 2015-06-13 04:45 - 0000112 _____ () C:\ProgramData\s73Bt3.dat
Files to move or delete:
====================
C:\ProgramData\s73Bt3.dat
Some files in TEMP:
====================
C:\Users\Alan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbg3lk6.dll
C:\Users\Alan\AppData\Local\Temp\mpam-899529ea.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-11 05:27
==================== End of log ============================