UpdateChecker.exe issues [Closed]

My CPU and memory get tapped out and the laptop overheats because of what appears to me to be this updatechecker file. I could be wrong. Here are the txt files:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015

Ran by Alan at 2015-06-13 09:37:43

Running from C:\Users\Alan\OneDrive\Documents

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1032171492-1991652538-4239616834-500 - Administrator - Disabled)

Alan (S-1-5-21-1032171492-1991652538-4239616834-1001 - Administrator - Enabled) => C:\Users\Alan

Guest (S-1-5-21-1032171492-1991652538-4239616834-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1032171492-1991652538-4239616834-1007 - Limited - Enabled)

QBDataServiceUser24 (S-1-5-21-1032171492-1991652538-4239616834-1008 - Limited - Enabled) => C:\Users\QBDataServiceUser24

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)

Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)

AuthenTec TrueAPI 64-bit (Version: 1.6.0.86 - AuthenTec, Inc.) Hidden

Chrome Remote Desktop Host (HKLM-x32\...\{FD6E648E-1378-467F-AD37-2B98B379B0DD}) (Version: 44.0.2403.25 - Google Inc.)

ChromecastApp (HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)

Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)

CoffeeCup Shopping Cart Creator Pro (HKLM-x32\...\CoffeeCup Shopping Cart Creator Pro 3.9.4355) (Version: 3.9.4355 - CoffeeCup Software, Inc.)

CompanionLink (HKLM-x32\...\{506EA5AF-B1FF-4340-AFC5-7A3EAC61737F}) (Version: 6.00.6000 - CompanionLink Software, Inc.)

CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)

CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)

CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)

CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)

CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)

CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dropbox (HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)

Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)

Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )

EPSON WorkForce 610 Series Printer Uninstall (HKLM\...\EPSON WorkForce 610 Series) (Version: - SEIKO EPSON Corporation)

EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)

Evernote v. 5.8.4 (HKLM-x32\...\{C15841A6-C20A-11E4-977D-00163E98E7D6}) (Version: 5.8.4.6870 - Evernote Corp.)

GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)

Glary Utilities PRO 5.27 (HKLM-x32\...\Glary Utilities 5) (Version: 5.27.0.47 - Glarysoft Ltd)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden

GoToMeeting 7.2.0.2759 (HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\GoToMeeting) (Version: 7.2.0.2759 - CitrixOnline)

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden

HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)

HP Connected Backup (HKLM-x32\...\{6BA5F6E7-6CC1-4117-816D-A549A06CE44E}) (Version: 8.7.0.0 - Autonomy)

HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)

HP Documentation (HKLM-x32\...\{92524C67-A99D-44C6-8995-04F5E76486AF}) (Version: 1.1.0.0 - Hewlett-Packard)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)

HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)

HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company)

HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)

HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.244 - Hewlett-Packard)

HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)

HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)

HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)

HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)

HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

invoiceASAP Sync Manager for QuickBooks (HKLM-x32\...\{1E023D68-749A-4981-8FCF-7F92FFC16251}) (Version: 4.2.1 - InvoiceASAP)

LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)

MagTek JMSR (HKLM-x32\...\InstallShield_{A2C5F42E-26A4-4733-8EA7-2A2D8320ACD4}) (Version: 2.02.0001 - MagTek)

MagTek JMSR (x32 Version: 2.02.0001 - MagTek) Hidden

MagTek OPOS MSR v1.13 (HKLM-x32\...\{86F8DB58-1026-4829-9840-7C5615184AE6}) (Version: 1.13 - MagTek)

MagTek OPOS MSR v1.13 (x32 Version: 1.13 - MagTek) Hidden

Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)

Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOKR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Plaxo Toolbar for Windows (HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Plaxo) (Version: - Plaxo Incorporated)

Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.226 - Qualcomm Atheros Communications)

Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)

QuickBooks (x32 Version: 24.0.4008.2403 - Intuit Inc.) Hidden

QuickBooks Contact Sync (HKLM-x32\...\{B6069132-BA92-46F5-B3F5-66584DB0801F}) (Version: 1.13.59 - Intuit)

QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4004.2403 - Intuit Inc.)

QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)

Rapport (x32 Version: 3.5.1412.173 - Trusteer) Hidden

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)

Samsung SideSync 3.0 (HKLM-x32\...\Samsung SideSync) (Version: 3.1.4.827 - Samsung Electronics Co., Ltd.)

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)

Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1412.173 - Trusteer)

TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)

Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)

Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

07-06-2015 04:52:14 Scheduled Checkpoint

10-06-2015 05:57:39 Windows Defender Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00BE9060-26D5-41BC-BFA2-CDE8DE7CD2BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)

Task: {11D202E4-DC16-4BDF-9D19-B186ECE0B640} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)

Task: {24373831-4D5B-4DB1-8E1E-3393C645E4E5} - System32\Tasks\G2MUploadTask-S-1-5-21-1032171492-1991652538-4239616834-1001 => C:\Users\Alan\AppData\Local\Citrix\GoToMeeting\2759\g2mupload.exe [2015-05-31] (Citrix Online, a division of Citrix Systems, Inc.)

Task: {3492226A-6AAD-4B39-BA21-569F82D3AA95} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)

Task: {39CB3F6E-42F3-45C4-8C64-D850A94A4080} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-11-20] ()

Task: {3A510BA1-52BE-41B0-B065-E4E3977F4259} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)

Task: {4F3CB76F-B4DF-4D26-A08B-509A9846CB32} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-25] (Adobe Systems Incorporated)

Task: {4F9F8D02-906C-439E-956A-6D4C6C2C194D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001UA => C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)

Task: {60093BDD-D020-4996-9938-F9BE49E9ADE6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)

Task: {61079187-946C-4605-9D81-2DB83BB4D2A6} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-06-08] (Glarysoft Ltd)

Task: {6272F4F0-3D4E-4085-8C17-68EC3848409E} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)

Task: {6335A016-3116-4DB1-A0F3-E195F0FCC67E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)

Task: {6A2DAF0F-A89D-469D-A756-78C70831D34B} - System32\Tasks\{7D7E78D9-061D-4DEE-BB93-CC68A79D184D} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" -c /modify OUTLOOKR /dll OSETUP.DLL

Task: {6DBED4F0-4DDB-45FA-B08E-3FE348AB1CA3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

Task: {77E0F67E-0875-4E91-A32A-C26D90F698B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2013-11-04] (Hewlett-Packard Company)

Task: {7B0FB8E0-9A1C-45EE-8483-BC5B25A20CFA} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)

Task: {7E399FE4-38E3-4319-A2C3-029269EAB86F} - System32\Tasks\HPCeeScheduleForAlan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {8812DF1B-E2B5-409A-A7F2-FFC7A034B799} - System32\Tasks\{E5CF9C92-8DDA-49EA-ADBF-075B438019ED} => pcalua.exe -a "C:\Program Files (x86)\Adobe\GoLive CS Co-Author_ENG\GoLive.exe" -c "C:\Users\Alan\Downloads\wordpress-4.0\wordpress\wp-admin\network.php"

Task: {8D8632F1-16E8-4E52-B0EC-FDA7A32A0C41} - System32\Tasks\ProcessManager => C:\Program Files (x86)\Glary Utilities 5\procmgr.exe [2015-06-08] (Glarysoft Ltd)

Task: {9222067E-B441-4D67-837B-E44FF9926D6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {A180DEA3-ABD6-4A3C-9550-4C3DC76ABD90} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)

Task: {A3CC0C6C-2BB0-46BF-BB26-5F712A566666} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)

Task: {AB36E310-9B48-42B2-9405-BF5E95307D94} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {AC906631-CE98-4CC0-BBDC-83418737401A} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-11-20] ()

Task: {B6B77272-1EB8-407F-BCDD-E8B4D83796D3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001Core => C:\Users\Alan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-15] (Dropbox, Inc.)

Task: {BA77166A-4378-419E-800E-458E4FBFA3BF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-12] (Microsoft Corporation)

Task: {BE04B40F-E747-4F41-93BC-0B3685034FB8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001UA => C:\Users\Alan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-15] (Dropbox, Inc.)

Task: {C6D7F8C6-5538-4D43-89E5-1A3D9381D894} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)

Task: {D28B1789-C88E-47A9-8DC8-9EA2F45EDD9A} - System32\Tasks\G2MUpdateTask-S-1-5-21-1032171492-1991652538-4239616834-1001 => C:\Users\Alan\AppData\Local\Citrix\GoToMeeting\2759\g2mupdate.exe [2015-05-31] (Citrix Online, a division of Citrix Systems, Inc.)

Task: {D5C44EEC-AB80-4F04-9FF0-357E870F9D77} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001Core => C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)

Task: {E198DC82-6041-41F0-B077-55A2F179CE93} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns

Task: {EB44D338-F607-4A48-8640-C6286C0C5545} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)

Task: {EB63C96E-2578-4126-B7E3-F38B201807AC} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-06-08] (Glarysoft Ltd)

Task: {EFD924D2-1D80-4A4B-9A1B-FC7336030581} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)

Task: {F794AE44-E3C8-48F0-997C-0C6D2781A723} - System32\Tasks\Bidaily Synchronize Task[pr] => c:\programdata\{18fda745-b02d-add8-18fd-da745b029d16}\adobe creative suite premium.exe [2014-05-23] () <==== ATTENTION

Task: {F99AE52E-CCB6-4F77-B3AF-6F8721BFB720} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job => c:\programdata\{18fda745-b02d-add8-18fd-da745b029d16}\adobe creative suite premium.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001Core.job => C:\Users\Alan\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001UA.job => C:\Users\Alan\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1032171492-1991652538-4239616834-1001.job => C:\Users\Alan\AppData\Local\Citrix\GoToMeeting\2759\g2mupdate.exe

Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1032171492-1991652538-4239616834-1001.job => C:\Users\Alan\AppData\Local\Citrix\GoToMeeting\2759\g2mupload.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001Core.job => C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001UA.job => C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\HPCeeScheduleForAlan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => C:\WINDOWS\system32\rundll32.exeGC:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll

Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

Task: C:\WINDOWS\Tasks\ProcessManager.job => C:\Program Files (x86)\Glary Utilities 5\procmgr.exe

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2012-08-10 04:36 - 2012-08-10 04:36 - 04073320 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe

2014-07-23 12:21 - 2014-07-23 12:21 - 00019968 _____ () c:\program files (x86)\companionlink\DCLHelper\CLDCLHelper.exe

2015-05-30 09:37 - 2015-06-12 20:12 - 00053040 _____ () C:\Program Files (x86)\Coupoon\UpdateCheck.exe

2012-09-23 06:25 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

2009-03-06 15:24 - 2009-03-06 15:24 - 00057344 _____ () c:\program files (x86)\companionlink\ClxMD5.dll

2014-12-10 07:29 - 2014-12-10 07:29 - 00623432 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_regex-vc100-mt-1_47.dll

2014-12-10 07:29 - 2014-12-10 07:29 - 00582472 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\BackupLib.dll

2014-12-10 07:30 - 2014-12-10 07:30 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBCompressor.dll

2014-12-10 07:30 - 2014-12-10 07:30 - 00142664 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBProActiveCore.dll

2014-12-10 07:29 - 2014-12-10 07:29 - 00623944 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\FtuEngine.dll

2014-12-10 07:30 - 2014-12-10 07:30 - 00149320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBMAPILibrary.dll

2013-12-02 14:27 - 2013-12-02 14:27 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\zlib1.dll

2014-12-10 07:29 - 2014-12-10 07:29 - 00247112 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_serialization-vc100-mt-1_47.dll

2014-12-10 07:29 - 2014-12-10 07:29 - 00791880 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\FeaturesBridge.dll

2014-12-10 07:30 - 2014-12-10 07:30 - 00043848 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\mbpopup.dll

2014-12-10 07:30 - 2014-12-10 07:30 - 00087368 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\IPDWidgetBridge.dll

2014-12-10 07:30 - 2014-12-10 07:30 - 00104264 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\IPDWidgetInterop.dll

2014-12-10 07:31 - 2014-12-10 07:31 - 00501576 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\SyncManagerUtils.dll

2014-12-10 07:30 - 2014-12-10 07:30 - 00129352 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\ReportBridge.dll

2014-12-10 07:30 - 2014-12-10 07:30 - 00113480 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QB2WPFBridge.dll

2014-12-10 07:31 - 2014-12-10 07:31 - 00115016 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\Webification.dll

2014-12-10 07:30 - 2014-12-10 07:30 - 00060232 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\htmlhelper.dll

2014-12-10 07:30 - 2014-12-10 07:30 - 00762696 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\HPD.dll

2015-06-11 08:21 - 2015-06-11 08:21 - 00043008 _____ () c:\users\alan\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbg3lk6.dll

2015-03-04 17:45 - 2015-03-19 03:15 - 00750080 _____ () C:\Users\Alan\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-03-04 17:45 - 2015-03-19 03:15 - 00047616 _____ () C:\Users\Alan\AppData\Roaming\Dropbox\bin\libEGL.dll

2015-03-04 17:45 - 2015-03-19 03:15 - 00865280 _____ () C:\Users\Alan\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2015-03-04 17:45 - 2015-03-19 03:15 - 00200704 _____ () C:\Users\Alan\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2015-03-04 17:45 - 2015-03-19 03:15 - 00010240 _____ () C:\Users\Alan\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll

2015-03-04 17:45 - 2015-03-19 03:15 - 00726016 _____ () C:\Users\Alan\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll

2015-03-04 17:45 - 2015-03-19 03:15 - 00010240 _____ () C:\Users\Alan\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

2012-09-23 06:00 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2015-06-08 03:18 - 2015-06-08 03:18 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll

2015-05-15 23:06 - 2011-10-24 17:34 - 00036864 _____ () C:\Program Files (x86)\Intuit\QuickBooks Contact Sync\XMLManagerClass.dll

2015-02-13 09:34 - 2014-02-20 21:13 - 00111472 _____ () C:\Users\Alan\AppData\Local\Plaxo\3.36.0.29\sml.dll

2015-02-13 09:34 - 2014-02-20 21:05 - 00313344 _____ () C:\Users\Alan\AppData\Local\Plaxo\3.36.0.29\plx_sqlite.dll

2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

2015-06-11 22:03 - 2015-06-05 14:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll

2015-06-11 22:03 - 2015-06-05 14:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Alan\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\businesstrack.com -> hxxps://businesstrack.com

IE trusted site: HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\ebanking-services.com -> hxxps://berkshirebank.ebanking-services.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alan\AppData\Local\Microsoft\Windows\Themes\AMS Green\DesktopBackground\amsgreen1500logo.jpg

DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"

HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"

HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk"

HKLM\...\StartupApproved\StartupFolder: => "Acrobat Assistant.lnk"

HKLM\...\StartupApproved\Run: => "IntelliPoint"

HKLM\...\StartupApproved\Run32: => "EEventManager"

HKLM\...\StartupApproved\Run32: => "AdobeVersionCue"

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\StartupApproved\StartupFolder: => "Adobe Photoshop CS2 Serial numbers plus Keygen Full Download target=.lnk"

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D680612DA51C10A6CF97CCA8BA287D9E"

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\StartupApproved\Run: => "WorkForce 610(Network)"

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\StartupApproved\Run: => "swg"

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\StartupApproved\Run: => "GUDelayStartup"

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\StartupApproved\Run: => "Glary Memory Optimizer"

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\StartupApproved\Run: => "Google Update"

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\StartupApproved\Run: => "PlaxoSysTray"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [UDP Query User{0318E452-EBC5-4A4E-BEF5-90AABD50AB3A}C:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [TCP Query User{95C19D7C-0F8F-43AD-ABA5-F0DFC47F38A6}C:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [{AC08B28F-CAE3-443E-ADD9-0A0E4ECE30EC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE

FirewallRules: [{CF12F730-D537-47FD-9807-0A8492EE7B42}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE

FirewallRules: [{0040CC04-EC91-429B-B6DA-54AACE92B58F}] => (Allow) LPort=1900

FirewallRules: [{22BE7F40-953A-44D9-8B56-55B5F7766C52}] => (Allow) LPort=2869

FirewallRules: [{3D3F4044-D6FB-4800-873D-3E5C2A0DA5C3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{A3A5C0CF-11DE-4204-A961-46B1FA6DE4EA}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe

FirewallRules: [{679CF038-D6F0-458D-8F89-2819F8ED2D48}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe

FirewallRules: [TCP Query User{B74B81FF-27F3-426C-BBA6-31A4C3F6FEF7}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe

FirewallRules: [UDP Query User{A389CDAF-F877-4C2A-9240-9B2C91885020}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe

FirewallRules: [{2A5869CC-D9D8-497E-99B9-773AA79B3D2C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

FirewallRules: [TCP Query User{400B608D-A541-41FC-9E1A-4833B57B6D3C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe

FirewallRules: [UDP Query User{31EDCB35-8543-49B8-B4A0-03BFBEC12E20}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe

FirewallRules: [{B50AFC1E-41EC-47B8-9293-0F2BC8D75600}] => (Allow) C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{B81F4E6F-D0FF-4818-B29D-FBA15792503B}] => (Allow) C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{AD193910-9C45-4EB2-90B6-B94A0614B35D}] => (Allow) C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe

FirewallRules: [{129B6568-9CAD-4333-A199-F75E3CDBF639}] => (Allow) C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe

FirewallRules: [{ACC3A57C-4CA5-481D-8388-B71D7E796ABC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe

FirewallRules: [{061998AE-7592-42D7-929A-1801EEAD10EC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

FirewallRules: [{34FCF689-0A61-453C-BBA7-29A6250B1F24}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

FirewallRules: [{0D7179A7-7D0B-4E45-A2E0-13EF72E0586A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

FirewallRules: [{057105F0-DF03-4F0B-A194-46369393D0C3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

FirewallRules: [{D7BA4D3D-349E-4242-92D0-6483792F12FE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

FirewallRules: [TCP Query User{51F971D5-9106-45DE-8B01-178855286E86}C:\users\alan\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\alan\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe

FirewallRules: [UDP Query User{A5360EB0-ADE0-40BA-956A-A8877C23511D}C:\users\alan\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\alan\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe

FirewallRules: [TCP Query User{9123579C-5CFD-4FE6-B0F4-F738E4B72758}C:\users\alan\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe] => (Allow) C:\users\alan\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe

FirewallRules: [UDP Query User{7B6A41ED-3EF2-4E42-9229-E0562A496397}C:\users\alan\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe] => (Allow) C:\users\alan\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe

FirewallRules: [TCP Query User{421F0D06-B84D-499D-BD18-331494834E5D}C:\users\alan\appdata\local\logmein rescue applet\lmir0004.tmp\lmi_rescue.exe] => (Allow) C:\users\alan\appdata\local\logmein rescue applet\lmir0004.tmp\lmi_rescue.exe

FirewallRules: [UDP Query User{346AB993-4CDB-465A-8142-27665A334573}C:\users\alan\appdata\local\logmein rescue applet\lmir0004.tmp\lmi_rescue.exe] => (Allow) C:\users\alan\appdata\local\logmein rescue applet\lmir0004.tmp\lmi_rescue.exe

FirewallRules: [{707667FD-8335-4A32-AA46-E65EE1D16433}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe

FirewallRules: [{8BE496D3-75FA-49C6-9DF1-45A3A576A875}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth Device (Personal Area Network)

Description: Bluetooth Device (Personal Area Network)

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: BthPan

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (06/13/2015 09:31:26 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f

Faulting module name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f

Exception code: 0x4000001f

Fault offset: 0x00233f00

Faulting process id: 0x3c6c

Faulting application start time: 0xsndvol.exe0

Faulting application path: sndvol.exe1

Faulting module path: sndvol.exe2

Report Id: sndvol.exe3

Faulting package full name: sndvol.exe4

Faulting package-relative application ID: sndvol.exe5

Error: (06/13/2015 09:31:06 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f

Faulting module name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f

Exception code: 0x4000001f

Fault offset: 0x00233f00

Faulting process id: 0x7ac4

Faulting application start time: 0xsndvol.exe0

Faulting application path: sndvol.exe1

Faulting module path: sndvol.exe2

Report Id: sndvol.exe3

Faulting package full name: sndvol.exe4

Faulting package-relative application ID: sndvol.exe5

Error: (06/13/2015 09:30:46 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f

Faulting module name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f

Exception code: 0x4000001f

Fault offset: 0x00233f00

Faulting process id: 0x2840

Faulting application start time: 0xsndvol.exe0

Faulting application path: sndvol.exe1

Faulting module path: sndvol.exe2

Report Id: sndvol.exe3

Faulting package full name: sndvol.exe4

Faulting package-relative application ID: sndvol.exe5

Error: (06/13/2015 09:29:07 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: systray.exe, version: 6.3.9600.16384, time stamp: 0x5579361f

Faulting module name: systray.exe, version: 6.3.9600.16384, time stamp: 0x5579361f

Exception code: 0x4000001f

Fault offset: 0x00233f00

Faulting process id: 0x8020

Faulting application start time: 0xsystray.exe0

Faulting application path: systray.exe1

Faulting module path: systray.exe2

Report Id: systray.exe3

Faulting package full name: systray.exe4

Faulting package-relative application ID: systray.exe5

Error: (06/13/2015 08:32:19 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f

Faulting module name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f

Exception code: 0x4000001f

Fault offset: 0x00233f00

Faulting process id: 0x372c

Faulting application start time: 0xsndvol.exe0

Faulting application path: sndvol.exe1

Faulting module path: sndvol.exe2

Report Id: sndvol.exe3

Faulting package full name: sndvol.exe4

Faulting package-relative application ID: sndvol.exe5

Error: (06/13/2015 07:46:31 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: systray.exe, version: 6.3.9600.16384, time stamp: 0x5579361f

Faulting module name: systray.exe, version: 6.3.9600.16384, time stamp: 0x5579361f

Exception code: 0x4000001f

Fault offset: 0x00233f00

Faulting process id: 0x3dbc

Faulting application start time: 0xsystray.exe0

Faulting application path: systray.exe1

Faulting module path: systray.exe2

Report Id: systray.exe3

Faulting package full name: systray.exe4

Faulting package-relative application ID: systray.exe5

Error: (06/13/2015 07:46:10 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: systray.exe, version: 6.3.9600.16384, time stamp: 0x5579361f

Faulting module name: systray.exe, version: 6.3.9600.16384, time stamp: 0x5579361f

Exception code: 0x4000001f

Fault offset: 0x00233f00

Faulting process id: 0x6544

Faulting application start time: 0xsystray.exe0

Faulting application path: systray.exe1

Faulting module path: systray.exe2

Report Id: systray.exe3

Faulting package full name: systray.exe4

Faulting package-relative application ID: systray.exe5

Error: (06/13/2015 07:36:52 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f

Faulting module name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f

Exception code: 0x4000001f

Fault offset: 0x00233f00

Faulting process id: 0x625c

Faulting application start time: 0xsndvol.exe0

Faulting application path: sndvol.exe1

Faulting module path: sndvol.exe2

Report Id: sndvol.exe3

Faulting package full name: sndvol.exe4

Faulting package-relative application ID: sndvol.exe5

Error: (06/13/2015 06:32:24 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f

Faulting module name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f

Exception code: 0x4000001f

Fault offset: 0x00233f00

Faulting process id: 0x8490

Faulting application start time: 0xsndvol.exe0

Faulting application path: sndvol.exe1

Faulting module path: sndvol.exe2

Report Id: sndvol.exe3

Faulting package full name: sndvol.exe4

Faulting package-relative application ID: sndvol.exe5

Error: (06/13/2015 06:29:21 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: systray.exe, version: 6.3.9600.16384, time stamp: 0x5579361f

Faulting module name: systray.exe, version: 6.3.9600.16384, time stamp: 0x5579361f

Exception code: 0x4000001f

Fault offset: 0x00233f00

Faulting process id: 0x645c

Faulting application start time: 0xsystray.exe0

Faulting application path: systray.exe1

Faulting module path: systray.exe2

Report Id: systray.exe3

Faulting package full name: systray.exe4

Faulting package-relative application ID: systray.exe5

System errors:

=============

Error: (06/13/2015 09:47:22 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Error: (06/13/2015 04:05:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Defender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

Error: (06/12/2015 08:12:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The UpdateCheck service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 600000 milliseconds: Restart the service.

Error: (06/12/2015 00:01:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The UpdateCheck service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (06/12/2015 06:53:08 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Error: (06/11/2015 11:27:51 AM) (Source: disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (06/11/2015 08:19:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The CoupoonService64 service terminated unexpectedly. It has done this 1 time(s).

Error: (06/11/2015 08:18:12 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)

Description: The system watchdog timer was triggered.

Error: (06/11/2015 08:18:51 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 8:12:12 AM on ‎6/‎11/‎2015 was unexpected.

Error: (06/11/2015 07:54:23 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Microsoft Office:

=========================

Error: (06/13/2015 09:31:26 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: sndvol.exe6.3.9600.172385579361fsndvol.exe6.3.9600.172385579361f4000001f00233f003c6c01d0a5dd37c29948C:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exeC:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exe7ce1d9c3-11d0-11e5-bef8-a0b3cc47db5e

Error: (06/13/2015 09:31:06 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: sndvol.exe6.3.9600.172385579361fsndvol.exe6.3.9600.172385579361f4000001f00233f007ac401d0a5dd2bc0f629C:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exeC:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exe7110c159-11d0-11e5-bef8-a0b3cc47db5e

Error: (06/13/2015 09:30:46 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: sndvol.exe6.3.9600.172385579361fsndvol.exe6.3.9600.172385579361f4000001f00233f00284001d0a5dd1fbddbb5C:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exeC:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exe650ff9e8-11d0-11e5-bef8-a0b3cc47db5e

Error: (06/13/2015 09:29:07 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: systray.exe6.3.9600.163845579361fsystray.exe6.3.9600.163845579361f4000001f00233f00802001d0a5dce34faab5C:\WINDOWS\SysWOW64\config\systemprofile\systray.exeC:\WINDOWS\SysWOW64\config\systemprofile\systray.exe2a3136b6-11d0-11e5-bef8-a0b3cc47db5e

Error: (06/13/2015 08:32:19 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: sndvol.exe6.3.9600.172385579361fsndvol.exe6.3.9600.172385579361f4000001f00233f00372c01d0a5d4f53531fdC:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exeC:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exe3aebb0e5-11c8-11e5-bef8-a0b3cc47db5e

Error: (06/13/2015 07:46:31 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: systray.exe6.3.9600.163845579361fsystray.exe6.3.9600.163845579361f4000001f00233f003dbc01d0a5ce8ff521b1C:\WINDOWS\SysWOW64\config\systemprofile\systray.exeC:\WINDOWS\SysWOW64\config\systemprofile\systray.exed4ec1b4e-11c1-11e5-bef8-a0b3cc47db5e

Error: (06/13/2015 07:46:10 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: systray.exe6.3.9600.163845579361fsystray.exe6.3.9600.163845579361f4000001f00233f00654401d0a5ce838002edC:\WINDOWS\SysWOW64\config\systemprofile\systray.exeC:\WINDOWS\SysWOW64\config\systemprofile\systray.exec877501e-11c1-11e5-bef8-a0b3cc47db5e

Error: (06/13/2015 07:36:52 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: sndvol.exe6.3.9600.172385579361fsndvol.exe6.3.9600.172385579361f4000001f00233f00625c01d0a5cd36c57141C:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exeC:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exe7bc862c2-11c0-11e5-bef8-a0b3cc47db5e

Error: (06/13/2015 06:32:24 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: sndvol.exe6.3.9600.172385579361fsndvol.exe6.3.9600.172385579361f4000001f00233f00849001d0a5c43525e9beC:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exeC:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exe7a1d70e8-11b7-11e5-bef8-a0b3cc47db5e

Error: (06/13/2015 06:29:21 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: systray.exe6.3.9600.163845579361fsystray.exe6.3.9600.163845579361f4000001f00233f00645c01d0a5c3c818f2e5C:\WINDOWS\SysWOW64\config\systemprofile\systray.exeC:\WINDOWS\SysWOW64\config\systemprofile\systray.exe0d11eca8-11b7-11e5-bef8-a0b3cc47db5e

CodeIntegrity Errors:

===================================

Date: 2015-06-11 09:08:51.720

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-10 08:11:12.602

Date: 2015-06-10 06:04:33.282

Date: 2015-06-06 07:59:18.746

Date: 2015-06-02 09:21:35.673

Date: 2015-06-02 08:25:24.316

Date: 2015-05-30 11:06:55.355

Date: 2015-05-27 04:52:03.801

Date: 2015-05-25 08:54:16.323

Date: 2015-05-24 05:20:09.152

==================== Memory info ===========================

Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz

Percentage of memory in use: 76%

Total physical RAM: 6033.27 MB

Available physical RAM: 1436.28 MB

Total Pagefile: 8854.97 MB

Available Pagefile: 1525.29 MB

Total Virtual: 131072 MB

Available Virtual: 131071.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:567.69 GB) (Free:446.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:26.92 GB) (Free:3.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive f: (MEMORY 8000) (Removable) (Total:0.95 GB) (Free:0.13 GB) FAT

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 596.2 GB) (Disk ID: A50E1C7D)

Partition: GPT Partition Type.

========================================================

Disk: 1 (Size: 968 MB) (Disk ID: 6F20736B)

No partition Table on disk 1.

Disk 1 is a removable device.

==================== End of log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015

Ran by Alan (administrator) on AMS-LT on 13-06-2015 09:29:02

Running from C:\Users\Alan\OneDrive\Documents

Loaded Profiles: Alan & QBDataServiceUser24 (Available Profiles: Alan & QBDataServiceUser24)

Platform: Windows 7 Ultimate (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe

(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe

(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBDBMgrN.exe

(CompanionLink Software, Inc.) C:\Program Files (x86)\CompanionLink\CompanionLink.exe

(Plaxo, Inc.) C:\Users\Alan\AppData\Local\Plaxo\3.36.0.29\PlaxoHelper_en.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIFJA.EXE

(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE

(Dropbox, Inc.) C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe

(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\MemfilesService.exe

(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\x64\Win64ShellLink.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\dbextclr11.exe

() C:\Program Files (x86)\Coupoon\UpdateCheck.exe

() C:\Program Files (x86)\CompanionLink\DCLHelper\CLDCLHelper.exe

(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

() C:\Program Files (x86)\Coupoon\UpdateCheck.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

() C:\Program Files (x86)\Coupoon\UpdateCheck.exe

(Microsoft Corporation) C:\Users\Alan\AppData\Local\Temp\mpam-899529ea.exe

(Microsoft Corporation) C:\7d1c5ed6e6610fa07f1b0f9e4de8\MPSigStub.exe

() C:\Program Files (x86)\Coupoon\UpdateCheck.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2014-09-07] (IDT, Inc.)

HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)

HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)

HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-01-28] (Hewlett-Packard)

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [CompanionLink] => c:\program files (x86)\companionlink\companionlink.exe [23796368 2015-02-05] (CompanionLink Software, Inc.)

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [WorkForce 610(Network)] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-06-08] (Glarysoft Ltd)

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [Google Update] => C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-05] (Google Inc.)

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-11-07] (Google Inc.)

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [PlaxoUpdate] => C:\Users\Alan\AppData\Local\Plaxo\3.36.0.29\PlaxoHelper_en.exe [2080624 2014-02-20] (Plaxo, Inc.)

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [PlaxoSysTray] => C:\Users\Alan\AppData\Local\Plaxo\3.36.0.29\PlaxoSysTray.exe [16752 2014-02-20] (Plaxo, Inc.)

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [Glary Memory Optimizer] => C:\Program Files (x86)\Glary Utilities 5\memdefrag.exe [122656 2015-06-08] (Glarysoft Ltd)

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [Dropbox Update] => C:\Users\Alan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-05-15] (Dropbox, Inc.)

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [823EADEA75B0A1548DF70B57581868B7B9A1F293._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-05] (Google Inc.)

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [EPSON] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe [610296 2015-05-05] (Adobe Systems Incorporated)

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\MountPoints2: {37420eee-ad36-11e4-bec7-20689d0d300a} - "E:\VZW_Software_upgrade_assistant.exe"

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\MountPoints2: {b857c929-05e0-11e5-bef1-a0b3cc47db5e} - "E:\VZW_Software_upgrade_assistant.exe"

Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-11-08]

ShortcutTarget: Dropbox.lnk -> C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-01-07]

ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-09-06]

ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-09-06]

ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-09-06]

ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File

BootExecute: autocheck autochk *

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1

HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

URLSearchHook: [S-1-5-21-1032171492-1991652538-4239616834-1008] ATTENTION ==> Default URLSearchHook is missing

SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/...=MSSEDF&pc=MSE1

SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF

SearchScopes: HKLM -> {33F72BAB-8389-4A5D-B6BC-66D3586FCFE2} URL = http://www.amazon.co...s={searchTerms}

SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/...=MSSEDF&pc=MSE1

SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF

SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =

SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF

SearchScopes: HKLM-x32 -> {33F72BAB-8389-4A5D-B6BC-66D3586FCFE2} URL = http://www.amazon.co...s={searchTerms}

SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF

SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =

SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKU\S-1-5-21-1032171492-1991652538-4239616834-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/...=MSSEDF&pc=MSE1

SearchScopes: HKU\S-1-5-21-1032171492-1991652538-4239616834-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF

SearchScopes: HKU\S-1-5-21-1032171492-1991652538-4239616834-1001 -> {33F72BAB-8389-4A5D-B6BC-66D3586FCFE2} URL = http://www.amazon.co...s={searchTerms}

SearchScopes: HKU\S-1-5-21-1032171492-1991652538-4239616834-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/...=MSSEDF&pc=MSE1

SearchScopes: HKU\S-1-5-21-1032171492-1991652538-4239616834-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF

SearchScopes: HKU\S-1-5-21-1032171492-1991652538-4239616834-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =

SearchScopes: HKU\S-1-5-21-1032171492-1991652538-4239616834-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-01-07] (LastPass)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)

Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-01-07] (LastPass)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-07] (Google Inc.)

Toolbar: HKU\S-1-5-21-1032171492-1991652538-4239616834-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)

DPF: HKLM-x32 {0AD584EB-F10F-46F7-BCB8-1085C386BEAE} https://merchantacco...rPayCom2009.cab

DPF: HKLM-x32 {5C709EEC-DDE1-4738-8E57-7564E2637891} https://merchantacco...ncCom1_2009.cab

DPF: HKLM-x32 {788539E8-002D-4E59-9089-40B694A99C9A} https://merchantacco...ncCom2_2008.cab

Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2014-12-10] (Intuit, Inc.)

Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-01-07] (LastPass)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)

FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2012-08-10] ( HP)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-01-07] (LastPass)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1032171492-1991652538-4239616834-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Alan\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-12-11] (Citrix Online)

FF Plugin HKU\S-1-5-21-1032171492-1991652538-4239616834-1001: @client.dropbox.com/Dropbox Update;version=3 -> C:\Users\Alan\AppData\Local\Dropbox\Update\1.3.27.15\npDropboxUpdate3.dll [2015-05-15] (Dropbox, Inc.)

FF Plugin HKU\S-1-5-21-1032171492-1991652538-4239616834-1001: @client.dropbox.com/Dropbox Update;version=9 -> C:\Users\Alan\AppData\Local\Dropbox\Update\1.3.27.15\npDropboxUpdate3.dll [2015-05-15] (Dropbox, Inc.)

FF Plugin HKU\S-1-5-21-1032171492-1991652538-4239616834-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Alan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)

FF Plugin HKU\S-1-5-21-1032171492-1991652538-4239616834-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Alan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)

FF Plugin HKU\S-1-5-21-1032171492-1991652538-4239616834-1001: hp.com/HPDetect -> C:\Users\Alan\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)

Chrome:

=======

CHR Profile: C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-30]

CHR Extension: (The Fractulator) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmiaedkpcndfgiicpfbmdffpkpkjgdpl [2015-05-30]

CHR Extension: (Email this page (by Google)) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2015-05-30]

CHR Extension: (Google Tasks (by Google)) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd [2015-05-30]

CHR Extension: (MailChimp) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\einnfnfpkbbebamphappjlmbedgjbnoe [2015-05-30]

CHR Extension: (Google Calendar) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-05-30]

CHR Extension: (Website Logon) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2015-05-30]

CHR Extension: (Full Screen Weather) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-05-30]

CHR Extension: (Print Selection) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkdpdnociibpkkpjgmcmdlnjlebpajk [2015-05-30]

CHR Extension: (Share on Google Plus) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfkobenbpcjmmejiokpopekegkpogbdn [2015-05-30]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-01-07]

CHR Extension: (Fast Search for eBay) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjajclaocdighkjplbekkofpmdbcjghf [2015-05-30]

CHR Extension: (Google Play) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-05-30]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-11]

CHR Extension: (Google Maps) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-05-30]

CHR Extension: (Print) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiefodmmloajakmcfnpnjpkldellhlj [2015-05-30]

CHR Extension: (QR Code Generator) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nanmadekhdoofgmhichkcjlgiofmofbl [2015-05-30]

CHR Extension: (QR Image from URL) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce [2015-05-30]

CHR Extension: (Google Wallet) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-06]

CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-05-30]

CHR Extension: (My Chrome Theme) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-05-30]

CHR Extension: (Floor Plan Creator) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogbnemfckmdpkeeccieeahplnemmbcfg [2015-05-30]

CHR Extension: (Sửa lỗi \) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\plkplgmhfkkhokgkdkblfcnfeccpippe [2015-06-11]

CHR Profile: C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1

CHR Extension: (Google Slides) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-20]

CHR Extension: (CacheList) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\amhhdbdhoghppijbjfdkiaconkmfbbpa [2015-06-06]

CHR Extension: (Google Docs) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-20]

CHR Extension: (Google Drive) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-20]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20]

CHR Extension: (YouTube) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-20]

CHR Extension: (Google Search) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-20]

CHR Extension: (multiNotifier for multiple Gmail accounts) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dcdpjakjgmgklajndnlekpojkelnibfp [2015-06-02]

CHR Extension: (Website Logon) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2014-10-20]

CHR Extension: (Google Sheets) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-20]

CHR Extension: (Dictionary Bubble Instant Dictionary) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfembjnmeainjncdflaoclcjadfhpoim [2015-05-01]

CHR Extension: (Google Wallet) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-20]

CHR Extension: (Gmail) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-20]

CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.goog...ice/update2/crx

CHR HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - https://clients2.goo...ice/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12]

CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.goog...ice/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [310912 2013-05-16] (Windows ® Win 7 DDK provider) [File not signed]

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)

R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe [69448 2015-05-28] (Google Inc.)

S2 CoupoonService64; C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe [172344 2015-04-02] ()

R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]

R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-10] (Intuit) [File not signed]

S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-12-02] (Intuit Inc.) [File not signed]

R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-12-02] (Intuit Inc.) [File not signed]

R3 QuickBooksDB24; C:\Program Files (x86)\Intuit\QuickBooks 2014\QBDBMgrN.exe [679936 2013-12-02] (Intuit, Inc.) [File not signed]

R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2222360 2015-05-28] (IBM Corp.)

R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)

R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)

R2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe [53040 2015-06-12] ()

R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-30] (Validity Sensors, Inc.)

S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-09-08] (Microsoft Corporation)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2015-05-03] (Glarysoft Ltd)

S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-08-20] (Atheros)

R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2015-04-02] (NetFilterSDK.com)

R1 RapportCerberus_1412108; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1412108.sys [910872 2015-06-10] (IBM Corp.)

R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [484088 2015-05-28] (IBM Corp.)

R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [121208 2015-05-28] (IBM Corp.)

R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [375128 2015-05-28] (IBM Corp.)

R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [479320 2015-05-28] (IBM Corp.)

S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)

S4 Wpdesrer; No ImagePath

S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]

S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-13 09:28 - 2015-06-13 09:28 - 00000000 ____D C:\7d1c5ed6e6610fa07f1b0f9e4de8

2015-06-13 08:57 - 2015-06-13 09:29 - 00000000 ____D C:\FRST

2015-06-13 08:45 - 2015-06-13 08:45 - 00000000 ____D C:\ProgramData\bba09a2600004a37

2015-06-13 08:43 - 2015-06-13 08:43 - 00000000 ____D C:\ProgramData\252c331400007422

2015-06-13 08:31 - 2015-06-13 08:31 - 00003122 _____ C:\WINDOWS\System32\Tasks\ParetoLogic Registration3

2015-06-13 08:31 - 2015-06-13 08:31 - 00000480 _____ C:\WINDOWS\Tasks\ParetoLogic Registration3.job

2015-06-13 08:30 - 2015-06-13 08:30 - 00002910 _____ C:\WINDOWS\System32\Tasks\ParetoLogic Update Version3 Startup Task

2015-06-13 08:30 - 2015-06-13 08:30 - 00000506 _____ C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job

2015-06-13 08:30 - 2015-06-13 08:30 - 00000000 ____D C:\Users\Alan\AppData\Roaming\ParetoLogic

2015-06-13 08:30 - 2015-06-13 08:30 - 00000000 ____D C:\Users\Alan\AppData\Roaming\DriverCure

2015-06-13 08:29 - 2015-06-13 08:44 - 00000000 ____D C:\ProgramData\ParetoLogic

2015-06-13 08:29 - 2015-06-13 08:30 - 00003242 _____ C:\WINDOWS\System32\Tasks\ParetoLogic Update Version3

2015-06-13 08:29 - 2015-06-13 08:30 - 00000454 _____ C:\WINDOWS\Tasks\ParetoLogic Update Version3.job

2015-06-11 22:03 - 2015-06-11 22:03 - 00002279 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-06-11 22:03 - 2015-06-11 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-06-10 18:11 - 2015-06-10 18:11 - 00000000 ____D C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2015-06-06 07:19 - 2015-06-12 21:59 - 00000000 ____D C:\ProgramData\85f278110000749d

2015-06-06 00:59 - 2015-06-06 00:59 - 00000000 ____D C:\Program Files (x86)\ExsttraSAvIngs

2015-06-06 00:59 - 2015-06-06 00:59 - 00000000 ____D C:\Program Files (x86)\ExsTraSavings

2015-06-06 00:57 - 2015-06-06 00:57 - 00000000 ____D C:\ProgramData\bdfodbplkhnfjeaidmhkkonllbpjboho

2015-06-06 00:57 - 2015-06-06 00:57 - 00000000 ____D C:\Program Files (x86)\CacheList

2015-06-06 00:55 - 2015-06-10 08:29 - 00000000 ____D C:\Program Files (x86)\ExsstRaSavings

2015-06-05 18:14 - 2015-06-05 18:14 - 00749963 _____ C:\Users\Alan\Downloads\AvaTax_Pro_Toolkit.zip

2015-06-05 18:12 - 2015-06-05 18:12 - 00002714 _____ C:\Users\Alan\Downloads\bulk-edit-product-import-template.csv

2015-06-05 17:16 - 2015-06-05 17:16 - 01532224 _____ (LogMeIn, Inc.) C:\Users\Alan\Downloads\Support-LogMeInRescue (4).exe

2015-06-05 09:26 - 2015-06-05 09:26 - 01532224 _____ (LogMeIn, Inc.) C:\Users\Alan\Downloads\Support-LogMeInRescue (3).exe

2015-06-03 11:34 - 2015-06-03 11:34 - 01532224 _____ (LogMeIn, Inc.) C:\Users\Alan\Downloads\Support-LogMeInRescue (2).exe

2015-06-02 09:07 - 2015-06-02 09:07 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Alan\Downloads\SpyHunter-Installer.exe

2015-06-02 08:29 - 2015-06-12 17:47 - 00000000 ____D C:\ProgramData\5ca5a4280000224c

2015-05-31 09:44 - 2015-06-13 09:26 - 00000666 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1032171492-1991652538-4239616834-1001.job

2015-05-31 09:44 - 2015-05-31 09:44 - 00003660 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-1032171492-1991652538-4239616834-1001

2015-05-30 09:48 - 2015-06-13 04:45 - 00000112 _____ C:\ProgramData\s73Bt3.dat

2015-05-30 09:38 - 2015-06-13 09:35 - 00000000 ____D C:\ProgramData\abc

2015-05-30 09:38 - 2015-06-02 23:34 - 00000000 ____D C:\ProgramData\e3e80d5e000064f2

2015-05-30 09:38 - 2015-05-30 09:38 - 00000005 _____ C:\end

2015-05-30 09:38 - 2015-05-30 09:38 - 00000000 ____D C:\Program Files\Coupoon

2015-05-30 09:37 - 2015-06-02 07:58 - 00000000 ____D C:\Program Files (x86)\Coupoon

2015-05-30 09:37 - 2015-05-30 09:37 - 00000000 _____ C:\LIL6F35.tmp

2015-05-30 09:36 - 2015-05-30 09:36 - 00421888 _____ C:\Users\Alan\Downloads\Setup (1).exe

2015-05-30 09:34 - 2015-05-30 09:38 - 00000000 ____D C:\Users\Alan\AppData\Local\Chromium

2015-05-30 09:33 - 2015-05-30 09:33 - 00000000 _____ C:\LILE7C4.tmp

2015-05-30 09:32 - 2015-05-30 09:32 - 00421888 _____ C:\Users\Alan\Downloads\Setup.exe

2015-05-30 09:32 - 2015-05-30 09:32 - 00000000 ____D C:\0a08af96-aa2b-423d-a3f9-4531f2ee5a39

2015-05-30 09:23 - 2015-05-30 09:23 - 01532224 _____ (LogMeIn, Inc.) C:\Users\Alan\Downloads\Support-LogMeInRescue (1).exe

2015-05-29 07:15 - 2015-05-29 07:15 - 02211783 _____ C:\Users\Alan\Downloads\certified-light-bulbs-2015-05-29.csv

2015-05-28 21:44 - 2015-05-28 21:44 - 01532224 _____ (LogMeIn, Inc.) C:\Users\Alan\Downloads\Support-LogMeInRescue.exe

2015-05-28 21:22 - 2015-06-09 11:07 - 00000024 _____ C:\Users\Alan\AppData\Roaming\appdataFr25.bin

2015-05-28 08:23 - 2015-05-28 08:23 - 24226894 _____ C:\Users\Alan\Downloads\mobirise-free-win.zip

2015-05-25 09:23 - 2015-05-25 09:23 - 00016050 _____ C:\Users\Alan\AppData\Local\recently-used.xbel

2015-05-25 07:37 - 2015-06-13 09:23 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-05-25 07:37 - 2015-05-25 07:37 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2015-05-24 14:55 - 2015-05-24 14:55 - 00000000 ____D C:\Users\Alan\AppData\Local\webkit

2015-05-24 14:15 - 2015-05-24 14:15 - 00000910 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk

2015-05-24 14:15 - 2015-05-24 14:15 - 00000898 _____ C:\Users\Public\Desktop\GIMP 2.lnk

2015-05-24 14:14 - 2015-05-24 14:15 - 00000000 ____D C:\Program Files\GIMP 2

2015-05-24 14:11 - 2015-05-24 14:11 - 00009127 _____ C:\Users\Alan\Downloads\gimp-2.8.14-setup-1.exe (1).torrent

2015-05-24 09:44 - 2015-05-25 08:17 - 00000000 ____D C:\Program Files\paint.net

2015-05-24 09:43 - 2015-05-24 09:47 - 00000000 ____D C:\Users\Alan\AppData\Local\paint.net

2015-05-24 09:26 - 2015-05-24 09:26 - 06528454 _____ C:\Users\Alan\Downloads\paint.net.4.0.5.install.zip

2015-05-23 21:55 - 2007-02-20 16:04 - 02463976 _____ C:\WINDOWS\SysWOW64\NPSWF32.dll

2015-05-23 21:55 - 2007-02-20 16:04 - 00190696 _____ (Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\NPSWF32_FlashUtil.exe

2015-05-23 20:50 - 2015-05-23 20:50 - 00000000 ____D C:\ProgramData\gllllkgjemfihkfieabciiffngcjielp

2015-05-23 20:43 - 2015-05-23 20:43 - 00000000 _____ C:\Users\Alan\AppData\Local\Temp.dat

2015-05-23 20:42 - 2015-06-02 02:44 - 00000000 ____D C:\ProgramData\b495037800002fba

2015-05-23 20:05 - 2015-05-23 20:05 - 05982989 _____ C:\Users\Alan\Downloads\AdobeCreativeCloudCleanerTool.zip

2015-05-23 09:43 - 2015-05-23 09:43 - 00000000 ____D C:\ProgramData\jpkegfmhmddijdajkiejgofpfkhcccec

2015-05-23 09:38 - 2015-06-12 21:38 - 00000382 _____ C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job

2015-05-23 09:38 - 2015-05-23 21:38 - 00000000 ____D C:\ProgramData\{18fda745-b02d-add8-18fd-da745b029d16}

2015-05-23 09:38 - 2015-05-23 09:38 - 02051584 _____ C:\Users\Alan\Downloads\adobe creative suite premium.exe

2015-05-23 09:38 - 2015-05-23 09:38 - 00003268 _____ C:\WINDOWS\System32\Tasks\Bidaily Synchronize Task[pr]

2015-05-22 00:14 - 2015-05-23 10:12 - 00000000 ____D C:\ProgramData\FLEXnet

2015-05-21 23:59 - 2015-05-21 23:59 - 00000000 ____D C:\WINDOWS\SysWOW64\spool

2015-05-21 23:41 - 2015-05-21 23:46 - 486108144 _____ (Adobe Systems Incorporated) C:\Users\Alan\Downloads\ADBEPHSPCS3_WWE.exe

2015-05-21 23:39 - 2015-05-22 00:15 - 963021411 _____ C:\Users\Alan\Downloads\ADBESTVDCS3.7z

2015-05-21 23:39 - 2015-05-21 23:41 - 215001904 _____ (Adobe Systems Incorporated) C:\Users\Alan\Downloads\STVDCS3_Cont.exe

2015-05-21 23:39 - 2015-05-21 23:39 - 01085768 _____ (Adobe Systems Incorporated) C:\Users\Alan\Downloads\ADBESTVDCS3.exe

2015-05-21 22:12 - 2015-05-21 23:27 - 00000779 _____ C:\temp.log

2015-05-21 20:50 - 2015-05-21 20:50 - 00002523 _____ C:\Users\Public\Desktop\Evernote.lnk

2015-05-21 20:50 - 2015-05-21 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote

2015-05-21 20:49 - 2015-05-21 20:49 - 00000000 ____D C:\Program Files (x86)\Evernote

2015-05-21 20:46 - 2015-05-21 20:46 - 99237384 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Alan\Downloads\Evernote_5.8.4.6870.exe

2015-05-19 08:59 - 2015-05-19 08:59 - 02145673 _____ C:\Users\Alan\Downloads\certified-light-bulbs-2015-05-19.csv

2015-05-15 23:06 - 2008-04-13 11:54 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdaf58a.rra

2015-05-15 23:06 - 2005-04-03 18:31 - 00089360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VB5DB.DLL

2015-05-15 23:06 - 1998-06-17 23:00 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSRDO20.DLL

2015-05-15 23:06 - 1998-06-17 23:00 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RDOCURS.DLL

2015-05-15 14:15 - 2015-05-15 14:15 - 00065560 _____ C:\Users\Alan\Downloads\NETGEAR_WNDR3400v3.cfg

2015-05-15 12:13 - 2015-05-15 12:14 - 393912120 _____ (Intuit Inc.) C:\Users\Alan\Downloads\qbwebpatch.exe

2015-05-15 03:30 - 2015-06-13 09:35 - 00000928 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001UA.job

2015-05-15 03:30 - 2015-06-13 03:35 - 00000876 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001Core.job

2015-05-15 03:30 - 2015-05-15 03:30 - 00003872 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001UA

2015-05-15 03:30 - 2015-05-15 03:30 - 00003492 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001Core

2015-05-15 03:30 - 2015-05-15 03:30 - 00000000 ____D C:\Users\Alan\AppData\Local\Dropbox

2015-05-15 03:30 - 2015-05-15 03:30 - 00000000 ____D C:\ProgramData\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-13 09:28 - 2014-09-08 11:19 - 01053983 _____ C:\WINDOWS\WindowsUpdate.log

2015-06-13 09:18 - 2014-12-11 10:19 - 00000570 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1032171492-1991652538-4239616834-1001.job

2015-06-13 09:03 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru

2015-06-13 08:50 - 2014-09-06 13:05 - 00003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8F12032E-C313-4BFD-8DA8-BE49B2D571E8}

2015-06-13 08:49 - 2014-09-06 13:13 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1032171492-1991652538-4239616834-1001

2015-06-13 08:45 - 2014-10-28 10:25 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-06-13 08:44 - 2015-01-05 14:29 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001UA.job

2015-06-13 08:41 - 2014-09-06 18:19 - 00000000 ____D C:\Users\Alan\Documents\Outlook Files

2015-06-13 07:59 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp

2015-06-13 02:45 - 2014-10-28 10:25 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-06-13 01:44 - 2015-01-05 14:29 - 00000866 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001Core.job

2015-06-11 22:03 - 2014-09-06 17:42 - 00000000 ____D C:\Program Files (x86)\Google

2015-06-11 08:25 - 2015-02-16 10:07 - 00002966 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC

2015-06-11 08:25 - 2014-10-28 17:35 - 00003306 _____ C:\WINDOWS\System32\Tasks\GlaryInitialize 5

2015-06-11 08:25 - 2014-10-28 17:35 - 00001108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk

2015-06-11 08:25 - 2014-10-28 17:35 - 00001096 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk

2015-06-11 08:25 - 2014-10-28 17:34 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5

2015-06-11 08:24 - 2015-03-20 21:02 - 00000354 _____ C:\WINDOWS\Tasks\ProcessManager.job

2015-06-11 08:22 - 2014-09-08 17:10 - 00000000 ____D C:\Users\Alan\OneDrive

2015-06-11 08:22 - 2014-09-06 18:13 - 00000000 ____D C:\Users\Alan\Dropbox

2015-06-11 08:22 - 2014-09-06 18:10 - 00000000 ____D C:\Users\Alan\AppData\Roaming\Dropbox

2015-06-11 08:21 - 2015-02-13 09:34 - 00000000 ____D C:\Users\Alan\AppData\Local\Plaxo

2015-06-11 08:19 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2015-06-11 08:18 - 2014-10-16 18:23 - 00000000 ____D C:\Users\QBDataServiceUser24

2015-06-11 08:18 - 2014-09-08 11:02 - 00000000 ____D C:\Users\Alan

2015-06-10 22:08 - 2014-09-28 20:59 - 00003154 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAlan

2015-06-10 22:08 - 2014-09-28 20:59 - 00000342 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAlan.job

2015-06-10 07:34 - 2014-09-11 10:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection

2015-06-10 07:31 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI

2015-06-06 01:00 - 2015-05-01 23:48 - 00000000 ____D C:\ProgramData\13140839548693954216

2015-06-05 23:56 - 2014-09-08 09:22 - 00000000 ____D C:\Users\Alan\AppData\Local\LogMeIn Rescue Applet

2015-06-02 08:47 - 2014-09-06 13:05 - 00000000 ____D C:\Users\Alan\AppData\Roaming\Adobe

2015-06-02 08:46 - 2014-09-07 09:25 - 00000000 ____D C:\Program Files (x86)\Adobe

2015-06-02 08:36 - 2014-09-07 09:25 - 00000000 ____D C:\ProgramData\Adobe

2015-05-31 10:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF

2015-05-31 09:44 - 2014-12-11 10:19 - 00003564 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-1032171492-1991652538-4239616834-1001

2015-05-31 07:34 - 2015-04-08 09:34 - 00088064 ___SH C:\Users\Alan\Downloads\Thumbs.db

2015-05-30 09:44 - 2015-02-06 12:13 - 00000000 ____D C:\ProgramData\Package Cache

2015-05-28 15:16 - 2014-09-11 10:44 - 00375128 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys

2015-05-28 15:16 - 2014-09-11 10:44 - 00121208 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys

2015-05-26 19:41 - 2014-03-18 06:03 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2015-05-25 11:26 - 2014-12-10 08:48 - 00000000 ____D C:\Users\Alan\.gimp-2.8

2015-05-25 09:23 - 2014-12-10 08:58 - 00000000 ____D C:\Users\Alan\AppData\Local\gtk-2.0

2015-05-25 07:37 - 2014-11-12 09:47 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-05-25 07:37 - 2014-11-12 09:47 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-05-25 07:30 - 2015-01-05 14:29 - 00003862 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001UA

2015-05-23 20:19 - 2013-08-22 10:44 - 02368280 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2015-05-23 10:30 - 2014-09-07 09:33 - 00000000 ____D C:\Users\Alan\AppData\Local\Adobe

2015-05-21 22:24 - 2012-08-17 15:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2015-05-18 10:31 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\tracing

2015-05-16 02:40 - 2014-10-28 10:25 - 00003892 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2015-05-16 02:40 - 2014-10-28 10:25 - 00003656 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2015-05-16 01:39 - 2015-01-05 14:29 - 00003482 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001Core

2015-05-15 23:06 - 2014-09-06 20:04 - 00000000 ____D C:\Program Files (x86)\Intuit

2015-05-15 23:06 - 2014-09-06 20:02 - 00000000 ____D C:\ProgramData\INTUIT

2015-05-15 23:06 - 2012-08-17 15:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

==================== Files in the root of some directories =======

2015-01-07 10:22 - 2015-01-07 11:48 - 14147584 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe

2015-05-28 21:22 - 2015-06-09 11:07 - 0000024 _____ () C:\Users\Alan\AppData\Roaming\appdataFr25.bin

2015-03-09 07:41 - 2015-03-09 07:41 - 0038436 _____ () C:\Users\Alan\AppData\Roaming\Comma Separated Values (Windows).ADR

2015-04-28 21:29 - 2015-04-30 18:46 - 0039936 _____ () C:\Users\Alan\AppData\Roaming\SharedSettings.ccs

2015-03-16 18:44 - 2015-03-16 18:44 - 0000000 ____H () C:\Users\Alan\AppData\Local\BITEC4B.tmp

2015-04-10 16:47 - 2015-04-10 16:47 - 0004096 ____H () C:\Users\Alan\AppData\Local\keyfile3.drm

2015-05-25 09:23 - 2015-05-25 09:23 - 0016050 _____ () C:\Users\Alan\AppData\Local\recently-used.xbel

2014-09-06 16:52 - 2014-09-06 16:54 - 0007603 _____ () C:\Users\Alan\AppData\Local\resmon.resmoncfg

2015-05-04 12:02 - 2015-05-04 12:02 - 0000798 _____ () C:\Users\Alan\AppData\Local\Temp-log.txt

2015-05-23 20:43 - 2015-05-23 20:43 - 0000000 _____ () C:\Users\Alan\AppData\Local\Temp.dat

2015-03-16 18:40 - 2015-03-16 18:40 - 0000000 _____ () C:\Users\Alan\AppData\Local\{5A56A850-0445-4E88-9056-6CEE642EAFDE}

2015-04-12 08:05 - 2015-04-12 13:03 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

2015-05-30 09:48 - 2015-06-13 04:45 - 0000112 _____ () C:\ProgramData\s73Bt3.dat

Files to move or delete:

====================

C:\ProgramData\s73Bt3.dat

Some files in TEMP:

====================

C:\Users\Alan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbg3lk6.dll

C:\Users\Alan\AppData\Local\Temp\mpam-899529ea.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-11 05:27

==================== End of log ============================

#1
Alan058

Posted 13 June 2015 - 08:23 AM

Advertisements

#2
dbreeze

Posted 18 June 2015 - 02:57 PM

#3
dbreeze

Posted 24 June 2015 - 01:54 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

UpdateChecker.exe issues [Closed]

#1 Alan058 Posted 13 June 2015 - 08:23 AM

Advertisements

#2 dbreeze Posted 18 June 2015 - 02:57 PM

#3 dbreeze Posted 24 June 2015 - 01:54 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#1
Alan058

Posted 13 June 2015 - 08:23 AM

#2
dbreeze

Posted 18 June 2015 - 02:57 PM

#3
dbreeze

Posted 24 June 2015 - 01:54 PM