Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

UpdateChecker.exe issues [Closed]


  • This topic is locked This topic is locked

#1
Alan058

Alan058

    New Member

  • Member
  • Pip
  • 1 posts

My CPU and memory get tapped out and the laptop overheats because of what appears to me to be this updatechecker file. I could be wrong. Here are the txt files:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Alan at 2015-06-13 09:37:43
Running from C:\Users\Alan\OneDrive\Documents
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1032171492-1991652538-4239616834-500 - Administrator - Disabled)
Alan (S-1-5-21-1032171492-1991652538-4239616834-1001 - Administrator - Enabled) => C:\Users\Alan
Guest (S-1-5-21-1032171492-1991652538-4239616834-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1032171492-1991652538-4239616834-1007 - Limited - Enabled)
QBDataServiceUser24 (S-1-5-21-1032171492-1991652538-4239616834-1008 - Limited - Enabled) => C:\Users\QBDataServiceUser24
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.86 - AuthenTec, Inc.) Hidden
Chrome Remote Desktop Host (HKLM-x32\...\{FD6E648E-1378-467F-AD37-2B98B379B0DD}) (Version: 44.0.2403.25 - Google Inc.)
ChromecastApp (HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
CoffeeCup Shopping Cart Creator Pro (HKLM-x32\...\CoffeeCup Shopping Cart Creator Pro 3.9.4355) (Version: 3.9.4355 - CoffeeCup Software, Inc.)
CompanionLink (HKLM-x32\...\{506EA5AF-B1FF-4340-AFC5-7A3EAC61737F}) (Version: 6.00.6000 - CompanionLink Software, Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON WorkForce 610 Series Printer Uninstall (HKLM\...\EPSON WorkForce 610 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
Evernote v. 5.8.4 (HKLM-x32\...\{C15841A6-C20A-11E4-977D-00163E98E7D6}) (Version: 5.8.4.6870 - Evernote Corp.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glary Utilities PRO 5.27 (HKLM-x32\...\Glary Utilities 5) (Version: 5.27.0.47 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToMeeting 7.2.0.2759 (HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\GoToMeeting) (Version: 7.2.0.2759 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Backup (HKLM-x32\...\{6BA5F6E7-6CC1-4117-816D-A549A06CE44E}) (Version: 8.7.0.0 - Autonomy)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{92524C67-A99D-44C6-8995-04F5E76486AF}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.244 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
invoiceASAP Sync Manager for QuickBooks (HKLM-x32\...\{1E023D68-749A-4981-8FCF-7F92FFC16251}) (Version: 4.2.1 - InvoiceASAP)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
MagTek JMSR (HKLM-x32\...\InstallShield_{A2C5F42E-26A4-4733-8EA7-2A2D8320ACD4}) (Version: 2.02.0001 - MagTek)
MagTek JMSR (x32 Version: 2.02.0001 - MagTek) Hidden
MagTek OPOS MSR v1.13 (HKLM-x32\...\{86F8DB58-1026-4829-9840-7C5615184AE6}) (Version: 1.13 - MagTek)
MagTek OPOS MSR v1.13 (x32 Version: 1.13 - MagTek) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOKR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Plaxo Toolbar for Windows (HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Plaxo) (Version:  - Plaxo Incorporated)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.226 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickBooks (x32 Version: 24.0.4008.2403 - Intuit Inc.) Hidden
QuickBooks Contact Sync (HKLM-x32\...\{B6069132-BA92-46F5-B3F5-66584DB0801F}) (Version: 1.13.59 - Intuit)
QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4004.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Rapport (x32 Version: 3.5.1412.173 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
Samsung SideSync 3.0 (HKLM-x32\...\Samsung SideSync) (Version: 3.1.4.827 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1412.173 - Trusteer)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
07-06-2015 04:52:14 Scheduled Checkpoint
10-06-2015 05:57:39 Windows Defender Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00BE9060-26D5-41BC-BFA2-CDE8DE7CD2BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {11D202E4-DC16-4BDF-9D19-B186ECE0B640} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {24373831-4D5B-4DB1-8E1E-3393C645E4E5} - System32\Tasks\G2MUploadTask-S-1-5-21-1032171492-1991652538-4239616834-1001 => C:\Users\Alan\AppData\Local\Citrix\GoToMeeting\2759\g2mupload.exe [2015-05-31] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {3492226A-6AAD-4B39-BA21-569F82D3AA95} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {39CB3F6E-42F3-45C4-8C64-D850A94A4080} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-11-20] ()
Task: {3A510BA1-52BE-41B0-B065-E4E3977F4259} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {4F3CB76F-B4DF-4D26-A08B-509A9846CB32} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-25] (Adobe Systems Incorporated)
Task: {4F9F8D02-906C-439E-956A-6D4C6C2C194D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001UA => C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)
Task: {60093BDD-D020-4996-9938-F9BE49E9ADE6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {61079187-946C-4605-9D81-2DB83BB4D2A6} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-06-08] (Glarysoft Ltd)
Task: {6272F4F0-3D4E-4085-8C17-68EC3848409E} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {6335A016-3116-4DB1-A0F3-E195F0FCC67E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {6A2DAF0F-A89D-469D-A756-78C70831D34B} - System32\Tasks\{7D7E78D9-061D-4DEE-BB93-CC68A79D184D} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" -c /modify OUTLOOKR /dll OSETUP.DLL
Task: {6DBED4F0-4DDB-45FA-B08E-3FE348AB1CA3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {77E0F67E-0875-4E91-A32A-C26D90F698B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7B0FB8E0-9A1C-45EE-8483-BC5B25A20CFA} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {7E399FE4-38E3-4319-A2C3-029269EAB86F} - System32\Tasks\HPCeeScheduleForAlan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {8812DF1B-E2B5-409A-A7F2-FFC7A034B799} - System32\Tasks\{E5CF9C92-8DDA-49EA-ADBF-075B438019ED} => pcalua.exe -a "C:\Program Files (x86)\Adobe\GoLive CS Co-Author_ENG\GoLive.exe" -c "C:\Users\Alan\Downloads\wordpress-4.0\wordpress\wp-admin\network.php"
Task: {8D8632F1-16E8-4E52-B0EC-FDA7A32A0C41} - System32\Tasks\ProcessManager => C:\Program Files (x86)\Glary Utilities 5\procmgr.exe [2015-06-08] (Glarysoft Ltd)
Task: {9222067E-B441-4D67-837B-E44FF9926D6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A180DEA3-ABD6-4A3C-9550-4C3DC76ABD90} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {A3CC0C6C-2BB0-46BF-BB26-5F712A566666} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {AB36E310-9B48-42B2-9405-BF5E95307D94} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {AC906631-CE98-4CC0-BBDC-83418737401A} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-11-20] ()
Task: {B6B77272-1EB8-407F-BCDD-E8B4D83796D3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001Core => C:\Users\Alan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-15] (Dropbox, Inc.)
Task: {BA77166A-4378-419E-800E-458E4FBFA3BF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-12] (Microsoft Corporation)
Task: {BE04B40F-E747-4F41-93BC-0B3685034FB8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001UA => C:\Users\Alan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-15] (Dropbox, Inc.)
Task: {C6D7F8C6-5538-4D43-89E5-1A3D9381D894} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {D28B1789-C88E-47A9-8DC8-9EA2F45EDD9A} - System32\Tasks\G2MUpdateTask-S-1-5-21-1032171492-1991652538-4239616834-1001 => C:\Users\Alan\AppData\Local\Citrix\GoToMeeting\2759\g2mupdate.exe [2015-05-31] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {D5C44EEC-AB80-4F04-9FF0-357E870F9D77} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001Core => C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)
Task: {E198DC82-6041-41F0-B077-55A2F179CE93} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {EB44D338-F607-4A48-8640-C6286C0C5545} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {EB63C96E-2578-4126-B7E3-F38B201807AC} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-06-08] (Glarysoft Ltd)
Task: {EFD924D2-1D80-4A4B-9A1B-FC7336030581} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {F794AE44-E3C8-48F0-997C-0C6D2781A723} - System32\Tasks\Bidaily Synchronize Task[pr] => c:\programdata\{18fda745-b02d-add8-18fd-da745b029d16}\adobe creative suite premium.exe [2014-05-23] () <==== ATTENTION
Task: {F99AE52E-CCB6-4F77-B3AF-6F8721BFB720} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job => c:\programdata\{18fda745-b02d-add8-18fd-da745b029d16}\adobe creative suite premium.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001Core.job => C:\Users\Alan\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001UA.job => C:\Users\Alan\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1032171492-1991652538-4239616834-1001.job => C:\Users\Alan\AppData\Local\Citrix\GoToMeeting\2759\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1032171492-1991652538-4239616834-1001.job => C:\Users\Alan\AppData\Local\Citrix\GoToMeeting\2759\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001Core.job => C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001UA.job => C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAlan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => C:\WINDOWS\system32\rundll32.exeGC:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\WINDOWS\Tasks\ProcessManager.job => C:\Program Files (x86)\Glary Utilities 5\procmgr.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-08-10 04:36 - 2012-08-10 04:36 - 04073320 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2014-07-23 12:21 - 2014-07-23 12:21 - 00019968 _____ () c:\program files (x86)\companionlink\DCLHelper\CLDCLHelper.exe
2015-05-30 09:37 - 2015-06-12 20:12 - 00053040 _____ () C:\Program Files (x86)\Coupoon\UpdateCheck.exe
2012-09-23 06:25 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2009-03-06 15:24 - 2009-03-06 15:24 - 00057344 _____ () c:\program files (x86)\companionlink\ClxMD5.dll
2014-12-10 07:29 - 2014-12-10 07:29 - 00623432 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_regex-vc100-mt-1_47.dll
2014-12-10 07:29 - 2014-12-10 07:29 - 00582472 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\BackupLib.dll
2014-12-10 07:30 - 2014-12-10 07:30 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBCompressor.dll
2014-12-10 07:30 - 2014-12-10 07:30 - 00142664 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBProActiveCore.dll
2014-12-10 07:29 - 2014-12-10 07:29 - 00623944 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\FtuEngine.dll
2014-12-10 07:30 - 2014-12-10 07:30 - 00149320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBMAPILibrary.dll
2013-12-02 14:27 - 2013-12-02 14:27 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\zlib1.dll
2014-12-10 07:29 - 2014-12-10 07:29 - 00247112 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_serialization-vc100-mt-1_47.dll
2014-12-10 07:29 - 2014-12-10 07:29 - 00791880 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\FeaturesBridge.dll
2014-12-10 07:30 - 2014-12-10 07:30 - 00043848 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\mbpopup.dll
2014-12-10 07:30 - 2014-12-10 07:30 - 00087368 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\IPDWidgetBridge.dll
2014-12-10 07:30 - 2014-12-10 07:30 - 00104264 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\IPDWidgetInterop.dll
2014-12-10 07:31 - 2014-12-10 07:31 - 00501576 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\SyncManagerUtils.dll
2014-12-10 07:30 - 2014-12-10 07:30 - 00129352 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\ReportBridge.dll
2014-12-10 07:30 - 2014-12-10 07:30 - 00113480 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QB2WPFBridge.dll
2014-12-10 07:31 - 2014-12-10 07:31 - 00115016 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\Webification.dll
2014-12-10 07:30 - 2014-12-10 07:30 - 00060232 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\htmlhelper.dll
2014-12-10 07:30 - 2014-12-10 07:30 - 00762696 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\HPD.dll
2015-06-11 08:21 - 2015-06-11 08:21 - 00043008 _____ () c:\users\alan\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbg3lk6.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00750080 _____ () C:\Users\Alan\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00047616 _____ () C:\Users\Alan\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00865280 _____ () C:\Users\Alan\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00200704 _____ () C:\Users\Alan\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00010240 _____ () C:\Users\Alan\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00726016 _____ () C:\Users\Alan\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00010240 _____ () C:\Users\Alan\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2012-09-23 06:00 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-06-08 03:18 - 2015-06-08 03:18 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2015-05-15 23:06 - 2011-10-24 17:34 - 00036864 _____ () C:\Program Files (x86)\Intuit\QuickBooks Contact Sync\XMLManagerClass.dll
2015-02-13 09:34 - 2014-02-20 21:13 - 00111472 _____ () C:\Users\Alan\AppData\Local\Plaxo\3.36.0.29\sml.dll
2015-02-13 09:34 - 2014-02-20 21:05 - 00313344 _____ () C:\Users\Alan\AppData\Local\Plaxo\3.36.0.29\plx_sqlite.dll
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2015-06-11 22:03 - 2015-06-05 14:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-11 22:03 - 2015-06-05 14:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Alan\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\businesstrack.com -> hxxps://businesstrack.com
IE trusted site: HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\ebanking-services.com -> hxxps://berkshirebank.ebanking-services.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alan\AppData\Local\Microsoft\Windows\Themes\AMS Green\DesktopBackground\amsgreen1500logo.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Acrobat Assistant.lnk"
HKLM\...\StartupApproved\Run: => "IntelliPoint"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "AdobeVersionCue"
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\StartupApproved\StartupFolder: => "Adobe Photoshop CS2 Serial numbers plus Keygen Full Download target=.lnk"
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D680612DA51C10A6CF97CCA8BA287D9E"
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\StartupApproved\Run: => "WorkForce 610(Network)"
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\StartupApproved\Run: => "swg"
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\StartupApproved\Run: => "Glary Memory Optimizer"
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\StartupApproved\Run: => "PlaxoSysTray"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{0318E452-EBC5-4A4E-BEF5-90AABD50AB3A}C:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{95C19D7C-0F8F-43AD-ABA5-F0DFC47F38A6}C:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{AC08B28F-CAE3-443E-ADD9-0A0E4ECE30EC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{CF12F730-D537-47FD-9807-0A8492EE7B42}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{0040CC04-EC91-429B-B6DA-54AACE92B58F}] => (Allow) LPort=1900
FirewallRules: [{22BE7F40-953A-44D9-8B56-55B5F7766C52}] => (Allow) LPort=2869
FirewallRules: [{3D3F4044-D6FB-4800-873D-3E5C2A0DA5C3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A3A5C0CF-11DE-4204-A961-46B1FA6DE4EA}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe
FirewallRules: [{679CF038-D6F0-458D-8F89-2819F8ED2D48}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe
FirewallRules: [TCP Query User{B74B81FF-27F3-426C-BBA6-31A4C3F6FEF7}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{A389CDAF-F877-4C2A-9240-9B2C91885020}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{2A5869CC-D9D8-497E-99B9-773AA79B3D2C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [TCP Query User{400B608D-A541-41FC-9E1A-4833B57B6D3C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{31EDCB35-8543-49B8-B4A0-03BFBEC12E20}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{B50AFC1E-41EC-47B8-9293-0F2BC8D75600}] => (Allow) C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B81F4E6F-D0FF-4818-B29D-FBA15792503B}] => (Allow) C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{AD193910-9C45-4EB2-90B6-B94A0614B35D}] => (Allow) C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe
FirewallRules: [{129B6568-9CAD-4333-A199-F75E3CDBF639}] => (Allow) C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe
FirewallRules: [{ACC3A57C-4CA5-481D-8388-B71D7E796ABC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{061998AE-7592-42D7-929A-1801EEAD10EC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{34FCF689-0A61-453C-BBA7-29A6250B1F24}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0D7179A7-7D0B-4E45-A2E0-13EF72E0586A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{057105F0-DF03-4F0B-A194-46369393D0C3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D7BA4D3D-349E-4242-92D0-6483792F12FE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [TCP Query User{51F971D5-9106-45DE-8B01-178855286E86}C:\users\alan\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\alan\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{A5360EB0-ADE0-40BA-956A-A8877C23511D}C:\users\alan\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\alan\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{9123579C-5CFD-4FE6-B0F4-F738E4B72758}C:\users\alan\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe] => (Allow) C:\users\alan\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{7B6A41ED-3EF2-4E42-9229-E0562A496397}C:\users\alan\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe] => (Allow) C:\users\alan\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{421F0D06-B84D-499D-BD18-331494834E5D}C:\users\alan\appdata\local\logmein rescue applet\lmir0004.tmp\lmi_rescue.exe] => (Allow) C:\users\alan\appdata\local\logmein rescue applet\lmir0004.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{346AB993-4CDB-465A-8142-27665A334573}C:\users\alan\appdata\local\logmein rescue applet\lmir0004.tmp\lmi_rescue.exe] => (Allow) C:\users\alan\appdata\local\logmein rescue applet\lmir0004.tmp\lmi_rescue.exe
FirewallRules: [{707667FD-8335-4A32-AA46-E65EE1D16433}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe
FirewallRules: [{8BE496D3-75FA-49C6-9DF1-45A3A576A875}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/13/2015 09:31:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f
Faulting module name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f
Exception code: 0x4000001f
Fault offset: 0x00233f00
Faulting process id: 0x3c6c
Faulting application start time: 0xsndvol.exe0
Faulting application path: sndvol.exe1
Faulting module path: sndvol.exe2
Report Id: sndvol.exe3
Faulting package full name: sndvol.exe4
Faulting package-relative application ID: sndvol.exe5
 
Error: (06/13/2015 09:31:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f
Faulting module name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f
Exception code: 0x4000001f
Fault offset: 0x00233f00
Faulting process id: 0x7ac4
Faulting application start time: 0xsndvol.exe0
Faulting application path: sndvol.exe1
Faulting module path: sndvol.exe2
Report Id: sndvol.exe3
Faulting package full name: sndvol.exe4
Faulting package-relative application ID: sndvol.exe5
 
Error: (06/13/2015 09:30:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f
Faulting module name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f
Exception code: 0x4000001f
Fault offset: 0x00233f00
Faulting process id: 0x2840
Faulting application start time: 0xsndvol.exe0
Faulting application path: sndvol.exe1
Faulting module path: sndvol.exe2
Report Id: sndvol.exe3
Faulting package full name: sndvol.exe4
Faulting package-relative application ID: sndvol.exe5
 
Error: (06/13/2015 09:29:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: systray.exe, version: 6.3.9600.16384, time stamp: 0x5579361f
Faulting module name: systray.exe, version: 6.3.9600.16384, time stamp: 0x5579361f
Exception code: 0x4000001f
Fault offset: 0x00233f00
Faulting process id: 0x8020
Faulting application start time: 0xsystray.exe0
Faulting application path: systray.exe1
Faulting module path: systray.exe2
Report Id: systray.exe3
Faulting package full name: systray.exe4
Faulting package-relative application ID: systray.exe5
 
Error: (06/13/2015 08:32:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f
Faulting module name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f
Exception code: 0x4000001f
Fault offset: 0x00233f00
Faulting process id: 0x372c
Faulting application start time: 0xsndvol.exe0
Faulting application path: sndvol.exe1
Faulting module path: sndvol.exe2
Report Id: sndvol.exe3
Faulting package full name: sndvol.exe4
Faulting package-relative application ID: sndvol.exe5
 
Error: (06/13/2015 07:46:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: systray.exe, version: 6.3.9600.16384, time stamp: 0x5579361f
Faulting module name: systray.exe, version: 6.3.9600.16384, time stamp: 0x5579361f
Exception code: 0x4000001f
Fault offset: 0x00233f00
Faulting process id: 0x3dbc
Faulting application start time: 0xsystray.exe0
Faulting application path: systray.exe1
Faulting module path: systray.exe2
Report Id: systray.exe3
Faulting package full name: systray.exe4
Faulting package-relative application ID: systray.exe5
 
Error: (06/13/2015 07:46:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: systray.exe, version: 6.3.9600.16384, time stamp: 0x5579361f
Faulting module name: systray.exe, version: 6.3.9600.16384, time stamp: 0x5579361f
Exception code: 0x4000001f
Fault offset: 0x00233f00
Faulting process id: 0x6544
Faulting application start time: 0xsystray.exe0
Faulting application path: systray.exe1
Faulting module path: systray.exe2
Report Id: systray.exe3
Faulting package full name: systray.exe4
Faulting package-relative application ID: systray.exe5
 
Error: (06/13/2015 07:36:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f
Faulting module name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f
Exception code: 0x4000001f
Fault offset: 0x00233f00
Faulting process id: 0x625c
Faulting application start time: 0xsndvol.exe0
Faulting application path: sndvol.exe1
Faulting module path: sndvol.exe2
Report Id: sndvol.exe3
Faulting package full name: sndvol.exe4
Faulting package-relative application ID: sndvol.exe5
 
Error: (06/13/2015 06:32:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f
Faulting module name: sndvol.exe, version: 6.3.9600.17238, time stamp: 0x5579361f
Exception code: 0x4000001f
Fault offset: 0x00233f00
Faulting process id: 0x8490
Faulting application start time: 0xsndvol.exe0
Faulting application path: sndvol.exe1
Faulting module path: sndvol.exe2
Report Id: sndvol.exe3
Faulting package full name: sndvol.exe4
Faulting package-relative application ID: sndvol.exe5
 
Error: (06/13/2015 06:29:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: systray.exe, version: 6.3.9600.16384, time stamp: 0x5579361f
Faulting module name: systray.exe, version: 6.3.9600.16384, time stamp: 0x5579361f
Exception code: 0x4000001f
Fault offset: 0x00233f00
Faulting process id: 0x645c
Faulting application start time: 0xsystray.exe0
Faulting application path: systray.exe1
Faulting module path: systray.exe2
Report Id: systray.exe3
Faulting package full name: systray.exe4
Faulting package-relative application ID: systray.exe5
 
 
System errors:
=============
Error: (06/13/2015 09:47:22 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
 
Error: (06/13/2015 04:05:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (06/12/2015 08:12:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The UpdateCheck service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 600000 milliseconds: Restart the service.
 
Error: (06/12/2015 00:01:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The UpdateCheck service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (06/12/2015 06:53:08 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
 
Error: (06/11/2015 11:27:51 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (06/11/2015 08:19:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CoupoonService64 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/11/2015 08:18:12 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.
 
Error: (06/11/2015 08:18:51 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:12:12 AM on ‎6/‎11/‎2015 was unexpected.
 
Error: (06/11/2015 07:54:23 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
 
 
Microsoft Office:
=========================
Error: (06/13/2015 09:31:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: sndvol.exe6.3.9600.172385579361fsndvol.exe6.3.9600.172385579361f4000001f00233f003c6c01d0a5dd37c29948C:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exeC:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exe7ce1d9c3-11d0-11e5-bef8-a0b3cc47db5e
 
Error: (06/13/2015 09:31:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: sndvol.exe6.3.9600.172385579361fsndvol.exe6.3.9600.172385579361f4000001f00233f007ac401d0a5dd2bc0f629C:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exeC:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exe7110c159-11d0-11e5-bef8-a0b3cc47db5e
 
Error: (06/13/2015 09:30:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: sndvol.exe6.3.9600.172385579361fsndvol.exe6.3.9600.172385579361f4000001f00233f00284001d0a5dd1fbddbb5C:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exeC:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exe650ff9e8-11d0-11e5-bef8-a0b3cc47db5e
 
Error: (06/13/2015 09:29:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: systray.exe6.3.9600.163845579361fsystray.exe6.3.9600.163845579361f4000001f00233f00802001d0a5dce34faab5C:\WINDOWS\SysWOW64\config\systemprofile\systray.exeC:\WINDOWS\SysWOW64\config\systemprofile\systray.exe2a3136b6-11d0-11e5-bef8-a0b3cc47db5e
 
Error: (06/13/2015 08:32:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: sndvol.exe6.3.9600.172385579361fsndvol.exe6.3.9600.172385579361f4000001f00233f00372c01d0a5d4f53531fdC:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exeC:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exe3aebb0e5-11c8-11e5-bef8-a0b3cc47db5e
 
Error: (06/13/2015 07:46:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: systray.exe6.3.9600.163845579361fsystray.exe6.3.9600.163845579361f4000001f00233f003dbc01d0a5ce8ff521b1C:\WINDOWS\SysWOW64\config\systemprofile\systray.exeC:\WINDOWS\SysWOW64\config\systemprofile\systray.exed4ec1b4e-11c1-11e5-bef8-a0b3cc47db5e
 
Error: (06/13/2015 07:46:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: systray.exe6.3.9600.163845579361fsystray.exe6.3.9600.163845579361f4000001f00233f00654401d0a5ce838002edC:\WINDOWS\SysWOW64\config\systemprofile\systray.exeC:\WINDOWS\SysWOW64\config\systemprofile\systray.exec877501e-11c1-11e5-bef8-a0b3cc47db5e
 
Error: (06/13/2015 07:36:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: sndvol.exe6.3.9600.172385579361fsndvol.exe6.3.9600.172385579361f4000001f00233f00625c01d0a5cd36c57141C:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exeC:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exe7bc862c2-11c0-11e5-bef8-a0b3cc47db5e
 
Error: (06/13/2015 06:32:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: sndvol.exe6.3.9600.172385579361fsndvol.exe6.3.9600.172385579361f4000001f00233f00849001d0a5c43525e9beC:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exeC:\WINDOWS\SysWOW64\config\systemprofile\sndvol.exe7a1d70e8-11b7-11e5-bef8-a0b3cc47db5e
 
Error: (06/13/2015 06:29:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: systray.exe6.3.9600.163845579361fsystray.exe6.3.9600.163845579361f4000001f00233f00645c01d0a5c3c818f2e5C:\WINDOWS\SysWOW64\config\systemprofile\systray.exeC:\WINDOWS\SysWOW64\config\systemprofile\systray.exe0d11eca8-11b7-11e5-bef8-a0b3cc47db5e
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-06-11 09:08:51.720
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-10 08:11:12.602
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-10 06:04:33.282
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-06 07:59:18.746
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-02 09:21:35.673
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-02 08:25:24.316
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-30 11:06:55.355
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-27 04:52:03.801
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-25 08:54:16.323
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-24 05:20:09.152
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 76%
Total physical RAM: 6033.27 MB
Available physical RAM: 1436.28 MB
Total Pagefile: 8854.97 MB
Available Pagefile: 1525.29 MB
Total Virtual: 131072 MB
Available Virtual: 131071.74 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:567.69 GB) (Free:446.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:26.92 GB) (Free:3.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (MEMORY 8000) (Removable) (Total:0.95 GB) (Free:0.13 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: A50E1C7D)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 968 MB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.
 
==================== End of log ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Alan (administrator) on AMS-LT on 13-06-2015 09:29:02
Running from C:\Users\Alan\OneDrive\Documents
Loaded Profiles: Alan & QBDataServiceUser24 (Available Profiles: Alan & QBDataServiceUser24)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBDBMgrN.exe
(CompanionLink Software, Inc.) C:\Program Files (x86)\CompanionLink\CompanionLink.exe
(Plaxo, Inc.) C:\Users\Alan\AppData\Local\Plaxo\3.36.0.29\PlaxoHelper_en.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIFJA.EXE
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
(Dropbox, Inc.) C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intuit Inc. All rights reserved.) C:\Users\Alan\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\MemfilesService.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\x64\Win64ShellLink.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\dbextclr11.exe
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
() C:\Program Files (x86)\CompanionLink\DCLHelper\CLDCLHelper.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
(Microsoft Corporation) C:\Users\Alan\AppData\Local\Temp\mpam-899529ea.exe
(Microsoft Corporation) C:\7d1c5ed6e6610fa07f1b0f9e4de8\MPSigStub.exe
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2014-09-07] (IDT, Inc.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-01-28] (Hewlett-Packard)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [CompanionLink] => c:\program files (x86)\companionlink\companionlink.exe [23796368 2015-02-05] (CompanionLink Software, Inc.)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [WorkForce 610(Network)] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-06-08] (Glarysoft Ltd)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [Google Update] => C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-05] (Google Inc.)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-11-07] (Google Inc.)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [PlaxoUpdate] => C:\Users\Alan\AppData\Local\Plaxo\3.36.0.29\PlaxoHelper_en.exe [2080624 2014-02-20] (Plaxo, Inc.)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [PlaxoSysTray] => C:\Users\Alan\AppData\Local\Plaxo\3.36.0.29\PlaxoSysTray.exe [16752 2014-02-20] (Plaxo, Inc.)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [Glary Memory Optimizer] => C:\Program Files (x86)\Glary Utilities 5\memdefrag.exe [122656 2015-06-08] (Glarysoft Ltd)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [Dropbox Update] => C:\Users\Alan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-05-15] (Dropbox, Inc.)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [823EADEA75B0A1548DF70B57581868B7B9A1F293._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-05] (Google Inc.)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\Run: [EPSON] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe [610296 2015-05-05] (Adobe Systems Incorporated)
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\MountPoints2: {37420eee-ad36-11e4-bec7-20689d0d300a} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\...\MountPoints2: {b857c929-05e0-11e5-bef1-a0b3cc47db5e} - "E:\VZW_Software_upgrade_assistant.exe" 
Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-11-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-01-07]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-09-06]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-09-06]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-09-06]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk *  
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
URLSearchHook: [S-1-5-21-1032171492-1991652538-4239616834-1008] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/...=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM -> {33F72BAB-8389-4A5D-B6BC-66D3586FCFE2} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/...=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = 
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {33F72BAB-8389-4A5D-B6BC-66D3586FCFE2} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = 
SearchScopes: HKU\S-1-5-21-1032171492-1991652538-4239616834-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/...=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1032171492-1991652538-4239616834-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-1032171492-1991652538-4239616834-1001 -> {33F72BAB-8389-4A5D-B6BC-66D3586FCFE2} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\S-1-5-21-1032171492-1991652538-4239616834-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/...=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1032171492-1991652538-4239616834-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1032171492-1991652538-4239616834-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = 
SearchScopes: HKU\S-1-5-21-1032171492-1991652538-4239616834-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-01-07] (LastPass)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-01-07] (LastPass)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-07] (Google Inc.)
Toolbar: HKU\S-1-5-21-1032171492-1991652538-4239616834-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)
DPF: HKLM-x32 {0AD584EB-F10F-46F7-BCB8-1085C386BEAE} https://merchantacco...rPayCom2009.cab
DPF: HKLM-x32 {5C709EEC-DDE1-4738-8E57-7564E2637891} https://merchantacco...ncCom1_2009.cab
DPF: HKLM-x32 {788539E8-002D-4E59-9089-40B694A99C9A} https://merchantacco...ncCom2_2008.cab
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2014-12-10] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-01-07] (LastPass)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2012-08-10] ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-01-07] (LastPass)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1032171492-1991652538-4239616834-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Alan\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-12-11] (Citrix Online)
FF Plugin HKU\S-1-5-21-1032171492-1991652538-4239616834-1001: @client.dropbox.com/Dropbox Update;version=3 -> C:\Users\Alan\AppData\Local\Dropbox\Update\1.3.27.15\npDropboxUpdate3.dll [2015-05-15] (Dropbox, Inc.)
FF Plugin HKU\S-1-5-21-1032171492-1991652538-4239616834-1001: @client.dropbox.com/Dropbox Update;version=9 -> C:\Users\Alan\AppData\Local\Dropbox\Update\1.3.27.15\npDropboxUpdate3.dll [2015-05-15] (Dropbox, Inc.)
FF Plugin HKU\S-1-5-21-1032171492-1991652538-4239616834-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Alan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1032171492-1991652538-4239616834-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Alan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1032171492-1991652538-4239616834-1001: hp.com/HPDetect -> C:\Users\Alan\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
 
Chrome: 
=======
CHR Profile: C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-30]
CHR Extension: (The Fractulator) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmiaedkpcndfgiicpfbmdffpkpkjgdpl [2015-05-30]
CHR Extension: (Email this page (by Google)) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2015-05-30]
CHR Extension: (Google Tasks (by Google)) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd [2015-05-30]
CHR Extension: (MailChimp) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\einnfnfpkbbebamphappjlmbedgjbnoe [2015-05-30]
CHR Extension: (Google Calendar) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-05-30]
CHR Extension: (Website Logon) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2015-05-30]
CHR Extension: (Full Screen Weather) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-05-30]
CHR Extension: (Print Selection) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkdpdnociibpkkpjgmcmdlnjlebpajk [2015-05-30]
CHR Extension: (Share on Google Plus) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfkobenbpcjmmejiokpopekegkpogbdn [2015-05-30]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-01-07]
CHR Extension: (Fast Search for eBay) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjajclaocdighkjplbekkofpmdbcjghf [2015-05-30]
CHR Extension: (Google Play) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-05-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-11]
CHR Extension: (Google Maps) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-05-30]
CHR Extension: (Print) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiefodmmloajakmcfnpnjpkldellhlj [2015-05-30]
CHR Extension: (QR Code Generator) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nanmadekhdoofgmhichkcjlgiofmofbl [2015-05-30]
CHR Extension: (QR Image from URL) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce [2015-05-30]
CHR Extension: (Google Wallet) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-06]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-05-30]
CHR Extension: (My Chrome Theme) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-05-30]
CHR Extension: (Floor Plan Creator) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogbnemfckmdpkeeccieeahplnemmbcfg [2015-05-30]
CHR Extension: (Sửa lỗi \) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\plkplgmhfkkhokgkdkblfcnfeccpippe [2015-06-11]
CHR Profile: C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-20]
CHR Extension: (CacheList) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\amhhdbdhoghppijbjfdkiaconkmfbbpa [2015-06-06]
CHR Extension: (Google Docs) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-20]
CHR Extension: (Google Drive) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20]
CHR Extension: (YouTube) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-20]
CHR Extension: (Google Search) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-20]
CHR Extension: (multiNotifier for multiple Gmail accounts) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dcdpjakjgmgklajndnlekpojkelnibfp [2015-06-02]
CHR Extension: (Website Logon) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2014-10-20]
CHR Extension: (Google Sheets) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-20]
CHR Extension: (Dictionary Bubble Instant Dictionary) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfembjnmeainjncdflaoclcjadfhpoim [2015-05-01]
CHR Extension: (Google Wallet) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-20]
CHR Extension: (Gmail) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-20]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.goog...ice/update2/crx
CHR HKU\S-1-5-21-1032171492-1991652538-4239616834-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.goog...ice/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [310912 2013-05-16] (Windows ® Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe [69448 2015-05-28] (Google Inc.)
S2 CoupoonService64; C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe [172344 2015-04-02] ()
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-10] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-12-02] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-12-02] (Intuit Inc.) [File not signed]
R3 QuickBooksDB24; C:\Program Files (x86)\Intuit\QuickBooks 2014\QBDBMgrN.exe [679936 2013-12-02] (Intuit, Inc.) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2222360 2015-05-28] (IBM Corp.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe [53040 2015-06-12] ()
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-30] (Validity Sensors, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-09-08] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2015-05-03] (Glarysoft Ltd)
S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-08-20] (Atheros)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2015-04-02] (NetFilterSDK.com)
R1 RapportCerberus_1412108; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1412108.sys [910872 2015-06-10] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [484088 2015-05-28] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [121208 2015-05-28] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [375128 2015-05-28] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [479320 2015-05-28] (IBM Corp.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
S4 Wpdesrer; No ImagePath
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-13 09:28 - 2015-06-13 09:28 - 00000000 ____D C:\7d1c5ed6e6610fa07f1b0f9e4de8
2015-06-13 08:57 - 2015-06-13 09:29 - 00000000 ____D C:\FRST
2015-06-13 08:45 - 2015-06-13 08:45 - 00000000 ____D C:\ProgramData\bba09a2600004a37
2015-06-13 08:43 - 2015-06-13 08:43 - 00000000 ____D C:\ProgramData\252c331400007422
2015-06-13 08:31 - 2015-06-13 08:31 - 00003122 _____ C:\WINDOWS\System32\Tasks\ParetoLogic Registration3
2015-06-13 08:31 - 2015-06-13 08:31 - 00000480 _____ C:\WINDOWS\Tasks\ParetoLogic Registration3.job
2015-06-13 08:30 - 2015-06-13 08:30 - 00002910 _____ C:\WINDOWS\System32\Tasks\ParetoLogic Update Version3 Startup Task
2015-06-13 08:30 - 2015-06-13 08:30 - 00000506 _____ C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-06-13 08:30 - 2015-06-13 08:30 - 00000000 ____D C:\Users\Alan\AppData\Roaming\ParetoLogic
2015-06-13 08:30 - 2015-06-13 08:30 - 00000000 ____D C:\Users\Alan\AppData\Roaming\DriverCure
2015-06-13 08:29 - 2015-06-13 08:44 - 00000000 ____D C:\ProgramData\ParetoLogic
2015-06-13 08:29 - 2015-06-13 08:30 - 00003242 _____ C:\WINDOWS\System32\Tasks\ParetoLogic Update Version3
2015-06-13 08:29 - 2015-06-13 08:30 - 00000454 _____ C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
2015-06-11 22:03 - 2015-06-11 22:03 - 00002279 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-11 22:03 - 2015-06-11 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-10 18:11 - 2015-06-10 18:11 - 00000000 ____D C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-06 07:19 - 2015-06-12 21:59 - 00000000 ____D C:\ProgramData\85f278110000749d
2015-06-06 00:59 - 2015-06-06 00:59 - 00000000 ____D C:\Program Files (x86)\ExsttraSAvIngs
2015-06-06 00:59 - 2015-06-06 00:59 - 00000000 ____D C:\Program Files (x86)\ExsTraSavings
2015-06-06 00:57 - 2015-06-06 00:57 - 00000000 ____D C:\ProgramData\bdfodbplkhnfjeaidmhkkonllbpjboho
2015-06-06 00:57 - 2015-06-06 00:57 - 00000000 ____D C:\Program Files (x86)\CacheList
2015-06-06 00:55 - 2015-06-10 08:29 - 00000000 ____D C:\Program Files (x86)\ExsstRaSavings
2015-06-05 18:14 - 2015-06-05 18:14 - 00749963 _____ C:\Users\Alan\Downloads\AvaTax_Pro_Toolkit.zip
2015-06-05 18:12 - 2015-06-05 18:12 - 00002714 _____ C:\Users\Alan\Downloads\bulk-edit-product-import-template.csv
2015-06-05 17:16 - 2015-06-05 17:16 - 01532224 _____ (LogMeIn, Inc.) C:\Users\Alan\Downloads\Support-LogMeInRescue (4).exe
2015-06-05 09:26 - 2015-06-05 09:26 - 01532224 _____ (LogMeIn, Inc.) C:\Users\Alan\Downloads\Support-LogMeInRescue (3).exe
2015-06-03 11:34 - 2015-06-03 11:34 - 01532224 _____ (LogMeIn, Inc.) C:\Users\Alan\Downloads\Support-LogMeInRescue (2).exe
2015-06-02 09:07 - 2015-06-02 09:07 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Alan\Downloads\SpyHunter-Installer.exe
2015-06-02 08:29 - 2015-06-12 17:47 - 00000000 ____D C:\ProgramData\5ca5a4280000224c
2015-05-31 09:44 - 2015-06-13 09:26 - 00000666 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1032171492-1991652538-4239616834-1001.job
2015-05-31 09:44 - 2015-05-31 09:44 - 00003660 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-1032171492-1991652538-4239616834-1001
2015-05-30 09:48 - 2015-06-13 04:45 - 00000112 _____ C:\ProgramData\s73Bt3.dat
2015-05-30 09:38 - 2015-06-13 09:35 - 00000000 ____D C:\ProgramData\abc
2015-05-30 09:38 - 2015-06-02 23:34 - 00000000 ____D C:\ProgramData\e3e80d5e000064f2
2015-05-30 09:38 - 2015-05-30 09:38 - 00000005 _____ C:\end
2015-05-30 09:38 - 2015-05-30 09:38 - 00000000 ____D C:\Program Files\Coupoon
2015-05-30 09:37 - 2015-06-02 07:58 - 00000000 ____D C:\Program Files (x86)\Coupoon
2015-05-30 09:37 - 2015-05-30 09:37 - 00000000 _____ C:\LIL6F35.tmp
2015-05-30 09:36 - 2015-05-30 09:36 - 00421888 _____ C:\Users\Alan\Downloads\Setup (1).exe
2015-05-30 09:34 - 2015-05-30 09:38 - 00000000 ____D C:\Users\Alan\AppData\Local\Chromium
2015-05-30 09:33 - 2015-05-30 09:33 - 00000000 _____ C:\LILE7C4.tmp
2015-05-30 09:32 - 2015-05-30 09:32 - 00421888 _____ C:\Users\Alan\Downloads\Setup.exe
2015-05-30 09:32 - 2015-05-30 09:32 - 00000000 ____D C:\0a08af96-aa2b-423d-a3f9-4531f2ee5a39
2015-05-30 09:23 - 2015-05-30 09:23 - 01532224 _____ (LogMeIn, Inc.) C:\Users\Alan\Downloads\Support-LogMeInRescue (1).exe
2015-05-29 07:15 - 2015-05-29 07:15 - 02211783 _____ C:\Users\Alan\Downloads\certified-light-bulbs-2015-05-29.csv
2015-05-28 21:44 - 2015-05-28 21:44 - 01532224 _____ (LogMeIn, Inc.) C:\Users\Alan\Downloads\Support-LogMeInRescue.exe
2015-05-28 21:22 - 2015-06-09 11:07 - 00000024 _____ C:\Users\Alan\AppData\Roaming\appdataFr25.bin
2015-05-28 08:23 - 2015-05-28 08:23 - 24226894 _____ C:\Users\Alan\Downloads\mobirise-free-win.zip
2015-05-25 09:23 - 2015-05-25 09:23 - 00016050 _____ C:\Users\Alan\AppData\Local\recently-used.xbel
2015-05-25 07:37 - 2015-06-13 09:23 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-25 07:37 - 2015-05-25 07:37 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-05-24 14:55 - 2015-05-24 14:55 - 00000000 ____D C:\Users\Alan\AppData\Local\webkit
2015-05-24 14:15 - 2015-05-24 14:15 - 00000910 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-05-24 14:15 - 2015-05-24 14:15 - 00000898 _____ C:\Users\Public\Desktop\GIMP 2.lnk
2015-05-24 14:14 - 2015-05-24 14:15 - 00000000 ____D C:\Program Files\GIMP 2
2015-05-24 14:11 - 2015-05-24 14:11 - 00009127 _____ C:\Users\Alan\Downloads\gimp-2.8.14-setup-1.exe (1).torrent
2015-05-24 09:44 - 2015-05-25 08:17 - 00000000 ____D C:\Program Files\paint.net
2015-05-24 09:43 - 2015-05-24 09:47 - 00000000 ____D C:\Users\Alan\AppData\Local\paint.net
2015-05-24 09:26 - 2015-05-24 09:26 - 06528454 _____ C:\Users\Alan\Downloads\paint.net.4.0.5.install.zip
2015-05-23 21:55 - 2007-02-20 16:04 - 02463976 _____ C:\WINDOWS\SysWOW64\NPSWF32.dll
2015-05-23 21:55 - 2007-02-20 16:04 - 00190696 _____ (Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\NPSWF32_FlashUtil.exe
2015-05-23 20:50 - 2015-05-23 20:50 - 00000000 ____D C:\ProgramData\gllllkgjemfihkfieabciiffngcjielp
2015-05-23 20:43 - 2015-05-23 20:43 - 00000000 _____ C:\Users\Alan\AppData\Local\Temp.dat
2015-05-23 20:42 - 2015-06-02 02:44 - 00000000 ____D C:\ProgramData\b495037800002fba
2015-05-23 20:05 - 2015-05-23 20:05 - 05982989 _____ C:\Users\Alan\Downloads\AdobeCreativeCloudCleanerTool.zip
2015-05-23 09:43 - 2015-05-23 09:43 - 00000000 ____D C:\ProgramData\jpkegfmhmddijdajkiejgofpfkhcccec
2015-05-23 09:38 - 2015-06-12 21:38 - 00000382 _____ C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job
2015-05-23 09:38 - 2015-05-23 21:38 - 00000000 ____D C:\ProgramData\{18fda745-b02d-add8-18fd-da745b029d16}
2015-05-23 09:38 - 2015-05-23 09:38 - 02051584 _____ C:\Users\Alan\Downloads\adobe creative suite premium.exe
2015-05-23 09:38 - 2015-05-23 09:38 - 00003268 _____ C:\WINDOWS\System32\Tasks\Bidaily Synchronize Task[pr]
2015-05-22 00:14 - 2015-05-23 10:12 - 00000000 ____D C:\ProgramData\FLEXnet
2015-05-21 23:59 - 2015-05-21 23:59 - 00000000 ____D C:\WINDOWS\SysWOW64\spool
2015-05-21 23:41 - 2015-05-21 23:46 - 486108144 _____ (Adobe Systems Incorporated) C:\Users\Alan\Downloads\ADBEPHSPCS3_WWE.exe
2015-05-21 23:39 - 2015-05-22 00:15 - 963021411 _____ C:\Users\Alan\Downloads\ADBESTVDCS3.7z
2015-05-21 23:39 - 2015-05-21 23:41 - 215001904 _____ (Adobe Systems Incorporated) C:\Users\Alan\Downloads\STVDCS3_Cont.exe
2015-05-21 23:39 - 2015-05-21 23:39 - 01085768 _____ (Adobe Systems Incorporated) C:\Users\Alan\Downloads\ADBESTVDCS3.exe
2015-05-21 22:12 - 2015-05-21 23:27 - 00000779 _____ C:\temp.log
2015-05-21 20:50 - 2015-05-21 20:50 - 00002523 _____ C:\Users\Public\Desktop\Evernote.lnk
2015-05-21 20:50 - 2015-05-21 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-05-21 20:49 - 2015-05-21 20:49 - 00000000 ____D C:\Program Files (x86)\Evernote
2015-05-21 20:46 - 2015-05-21 20:46 - 99237384 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Alan\Downloads\Evernote_5.8.4.6870.exe
2015-05-19 08:59 - 2015-05-19 08:59 - 02145673 _____ C:\Users\Alan\Downloads\certified-light-bulbs-2015-05-19.csv
2015-05-15 23:06 - 2008-04-13 11:54 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdaf58a.rra
2015-05-15 23:06 - 2005-04-03 18:31 - 00089360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VB5DB.DLL
2015-05-15 23:06 - 1998-06-17 23:00 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSRDO20.DLL
2015-05-15 23:06 - 1998-06-17 23:00 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RDOCURS.DLL
2015-05-15 14:15 - 2015-05-15 14:15 - 00065560 _____ C:\Users\Alan\Downloads\NETGEAR_WNDR3400v3.cfg
2015-05-15 12:13 - 2015-05-15 12:14 - 393912120 _____ (Intuit Inc.) C:\Users\Alan\Downloads\qbwebpatch.exe
2015-05-15 03:30 - 2015-06-13 09:35 - 00000928 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001UA.job
2015-05-15 03:30 - 2015-06-13 03:35 - 00000876 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001Core.job
2015-05-15 03:30 - 2015-05-15 03:30 - 00003872 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001UA
2015-05-15 03:30 - 2015-05-15 03:30 - 00003492 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001Core
2015-05-15 03:30 - 2015-05-15 03:30 - 00000000 ____D C:\Users\Alan\AppData\Local\Dropbox
2015-05-15 03:30 - 2015-05-15 03:30 - 00000000 ____D C:\ProgramData\Dropbox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-13 09:28 - 2014-09-08 11:19 - 01053983 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-13 09:18 - 2014-12-11 10:19 - 00000570 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1032171492-1991652538-4239616834-1001.job
2015-06-13 09:03 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-13 08:50 - 2014-09-06 13:05 - 00003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8F12032E-C313-4BFD-8DA8-BE49B2D571E8}
2015-06-13 08:49 - 2014-09-06 13:13 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1032171492-1991652538-4239616834-1001
2015-06-13 08:45 - 2014-10-28 10:25 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-13 08:44 - 2015-01-05 14:29 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001UA.job
2015-06-13 08:41 - 2014-09-06 18:19 - 00000000 ____D C:\Users\Alan\Documents\Outlook Files
2015-06-13 07:59 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-13 02:45 - 2014-10-28 10:25 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-13 01:44 - 2015-01-05 14:29 - 00000866 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001Core.job
2015-06-11 22:03 - 2014-09-06 17:42 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-11 08:25 - 2015-02-16 10:07 - 00002966 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC
2015-06-11 08:25 - 2014-10-28 17:35 - 00003306 _____ C:\WINDOWS\System32\Tasks\GlaryInitialize 5
2015-06-11 08:25 - 2014-10-28 17:35 - 00001108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-06-11 08:25 - 2014-10-28 17:35 - 00001096 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-06-11 08:25 - 2014-10-28 17:34 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-06-11 08:24 - 2015-03-20 21:02 - 00000354 _____ C:\WINDOWS\Tasks\ProcessManager.job
2015-06-11 08:22 - 2014-09-08 17:10 - 00000000 ____D C:\Users\Alan\OneDrive
2015-06-11 08:22 - 2014-09-06 18:13 - 00000000 ____D C:\Users\Alan\Dropbox
2015-06-11 08:22 - 2014-09-06 18:10 - 00000000 ____D C:\Users\Alan\AppData\Roaming\Dropbox
2015-06-11 08:21 - 2015-02-13 09:34 - 00000000 ____D C:\Users\Alan\AppData\Local\Plaxo
2015-06-11 08:19 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-11 08:18 - 2014-10-16 18:23 - 00000000 ____D C:\Users\QBDataServiceUser24
2015-06-11 08:18 - 2014-09-08 11:02 - 00000000 ____D C:\Users\Alan
2015-06-10 22:08 - 2014-09-28 20:59 - 00003154 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAlan
2015-06-10 22:08 - 2014-09-28 20:59 - 00000342 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAlan.job
2015-06-10 07:34 - 2014-09-11 10:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-06-10 07:31 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-06-06 01:00 - 2015-05-01 23:48 - 00000000 ____D C:\ProgramData\13140839548693954216
2015-06-05 23:56 - 2014-09-08 09:22 - 00000000 ____D C:\Users\Alan\AppData\Local\LogMeIn Rescue Applet
2015-06-02 08:47 - 2014-09-06 13:05 - 00000000 ____D C:\Users\Alan\AppData\Roaming\Adobe
2015-06-02 08:46 - 2014-09-07 09:25 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-02 08:36 - 2014-09-07 09:25 - 00000000 ____D C:\ProgramData\Adobe
2015-05-31 10:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-05-31 09:44 - 2014-12-11 10:19 - 00003564 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-1032171492-1991652538-4239616834-1001
2015-05-31 07:34 - 2015-04-08 09:34 - 00088064 ___SH C:\Users\Alan\Downloads\Thumbs.db
2015-05-30 09:44 - 2015-02-06 12:13 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-28 15:16 - 2014-09-11 10:44 - 00375128 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2015-05-28 15:16 - 2014-09-11 10:44 - 00121208 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2015-05-26 19:41 - 2014-03-18 06:03 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-25 11:26 - 2014-12-10 08:48 - 00000000 ____D C:\Users\Alan\.gimp-2.8
2015-05-25 09:23 - 2014-12-10 08:58 - 00000000 ____D C:\Users\Alan\AppData\Local\gtk-2.0
2015-05-25 07:37 - 2014-11-12 09:47 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-25 07:37 - 2014-11-12 09:47 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-25 07:30 - 2015-01-05 14:29 - 00003862 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001UA
2015-05-23 20:19 - 2013-08-22 10:44 - 02368280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-23 10:30 - 2014-09-07 09:33 - 00000000 ____D C:\Users\Alan\AppData\Local\Adobe
2015-05-21 22:24 - 2012-08-17 15:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-05-18 10:31 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\tracing
2015-05-16 02:40 - 2014-10-28 10:25 - 00003892 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 02:40 - 2014-10-28 10:25 - 00003656 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 01:39 - 2015-01-05 14:29 - 00003482 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1032171492-1991652538-4239616834-1001Core
2015-05-15 23:06 - 2014-09-06 20:04 - 00000000 ____D C:\Program Files (x86)\Intuit
2015-05-15 23:06 - 2014-09-06 20:02 - 00000000 ____D C:\ProgramData\INTUIT
2015-05-15 23:06 - 2012-08-17 15:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
 
==================== Files in the root of some directories =======
 
2015-01-07 10:22 - 2015-01-07 11:48 - 14147584 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-05-28 21:22 - 2015-06-09 11:07 - 0000024 _____ () C:\Users\Alan\AppData\Roaming\appdataFr25.bin
2015-03-09 07:41 - 2015-03-09 07:41 - 0038436 _____ () C:\Users\Alan\AppData\Roaming\Comma Separated Values (Windows).ADR
2015-04-28 21:29 - 2015-04-30 18:46 - 0039936 _____ () C:\Users\Alan\AppData\Roaming\SharedSettings.ccs
2015-03-16 18:44 - 2015-03-16 18:44 - 0000000 ____H () C:\Users\Alan\AppData\Local\BITEC4B.tmp
2015-04-10 16:47 - 2015-04-10 16:47 - 0004096 ____H () C:\Users\Alan\AppData\Local\keyfile3.drm
2015-05-25 09:23 - 2015-05-25 09:23 - 0016050 _____ () C:\Users\Alan\AppData\Local\recently-used.xbel
2014-09-06 16:52 - 2014-09-06 16:54 - 0007603 _____ () C:\Users\Alan\AppData\Local\resmon.resmoncfg
2015-05-04 12:02 - 2015-05-04 12:02 - 0000798 _____ () C:\Users\Alan\AppData\Local\Temp-log.txt
2015-05-23 20:43 - 2015-05-23 20:43 - 0000000 _____ () C:\Users\Alan\AppData\Local\Temp.dat
2015-03-16 18:40 - 2015-03-16 18:40 - 0000000 _____ () C:\Users\Alan\AppData\Local\{5A56A850-0445-4E88-9056-6CEE642EAFDE}
2015-04-12 08:05 - 2015-04-12 13:03 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-05-30 09:48 - 2015-06-13 04:45 - 0000112 _____ () C:\ProgramData\s73Bt3.dat
 
Files to move or delete:
====================
C:\ProgramData\s73Bt3.dat
 
 
Some files in TEMP:
====================
C:\Users\Alan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbg3lk6.dll
C:\Users\Alan\AppData\Local\Temp\mpam-899529ea.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-11 05:27
 
==================== End of log ============================

 


  • 0

Advertisements


#2
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts
Hi alan058,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


- Save ALL Tools to your Desktop-


All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab. Thank you.


Let's get started....

First question is do you still need some help with this issue?

Second question, can you get updates for Windows Defender or does that fail when you try?

I am going over your logs now but need the answers to the above before I post fixes. Thank you for helping.
  • 0

#3
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP