Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE proxy keeps getting changed


  • This topic is locked This topic is locked
15 replies to this topic

#1 infobvi

infobvi

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 06 June 2014 - 02:26 AM

Hi,

 

Thanks in advanced for the help.  I've attached the DDS logs for your review.

 

The symptons are that the IE proxy keeps getting changed to 127.0.0.1:19000 and proxy is also bypassed for the following URL:

 

;*origin.com;*ea.com;*akamaihd.net

 

When I removed the proxy (because i don't use any), it keeps reverting to the incorrect one.

 

Another observation that i've made is that this seems to only affect IE proxy settings because Firefox (or other programs that maintains their own proxies) remain unaffected.

 

Would appreciate if you could advise me on how to go about retifying this situation please.  Please let me know if further details are required.

 

Many thanks!

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:31 AM

Posted 06 June 2014 - 06:18 PM

Hi infobvi and welcome to BC.

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.


For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
Both reports from FRST


Thanks.

BBPP6nz.png


#3 infobvi

infobvi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 08 June 2014 - 08:23 PM

Hi,

 

Thanks for the warm welcome and for assisting me on this issue.  I've taken note of your advise and have ran FRST.  I've attached the logs from FRST for your review.

 

Please let me know if you need anything else.

 

Thanks again.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by sghocc (administrator) on SG20121003 on 09-06-2014 09:15:48
Running from D:\Users\sghocc\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Check Point Software Technologies Ltd.) C:\Windows\SysWOW64\FDE_srv.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\IDAFServerHostService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\cpda.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Fuji Xerox Co, Ltd.) C:\Program Files (x86)\Fuji Xerox\DocuWorks\bin\FXDocCreatorClient.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Fieldston Software) C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
(Copernic Inc.) C:\Program Files (x86)\Copernic Desktop Search - Pro\DesktopSearchService.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Data Loss Prevention\disknet.exe
() D:\Users\sghocc\AppData\Local\6ec3279de7aa3e1a2ca4d8cd994e6402\DriverNetRemote.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVERDEV01\MSSQL\Binn\sqlservr.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Fuji Xerox Co, Ltd.) C:\Windows\System32\FXCreatorMessages.exe
() D:\Users\sghocc\AppData\Local\6ec3279de7aa3e1a2ca4d8cd994e6402\FreewareGUIMotion.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(NTWind Software) C:\Program Files\VistaSwitcher\vswitch64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Xerox Corporation) C:\Program Files\Xerox\DSClient\DsTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(WinZip Computing, Inc.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\Common Files\Check Point\UIFramework 3.0\bin\EPLauncher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
() C:\Program Files (x86)\Launchy\Launchy.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Xerox Corporation) C:\Program Files\Xerox\DSClient\DSMon.exe
(Xerox Corporation) C:\Program Files\Xerox\DSClient\DSPlaces.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\Common Files\Check Point\UIFramework 3.0\bin\cptray.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Data Loss Prevention\ServiceRequest.exe
(Juniper Networks, Inc.) D:\Users\sghocc\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Copernic Inc.) C:\Program Files (x86)\Copernic Desktop Search - Pro\DesktopSearch.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4756240 2012-03-29] (Intel® Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [FXDocCreatorClient] => C:\Program Files (x86)\Fuji Xerox\DocuWorks\bin\FXDocCreatorClient.exe [744856 2011-06-03] (Fuji Xerox Co, Ltd.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-08-01] (Logitech, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-09-05] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Check Point Endpoint Security Tray 3.0] => C:\Program Files (x86)\Common Files\Check Point\UIFramework 3.0\Bin\EPLauncher.exe [1804304 2013-01-10] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2522672 2014-04-09] (Juniper Networks, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3057096662-3934190749-3756954656-1002\...\Run: [gSyncit] => C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe [166912 2014-04-29] (Fieldston Software)
HKU\S-1-5-21-3057096662-3934190749-3756954656-1002\...\Run: [Copernic Desktop Search - Professional] => C:\Program Files (x86)\Copernic Desktop Search - Pro\DesktopSearchService.exe [1853992 2013-01-28] (Copernic Inc.)
HKU\S-1-5-21-3057096662-3934190749-3756954656-1002\...\Run: [VistaSwitcher] => C:\Program Files\VistaSwitcher\vswitch64.exe [233088 2012-05-12] (NTWind Software)
HKU\S-1-5-21-3057096662-3934190749-3756954656-1002\...\MountPoints2: {26c2be6e-e07f-11e3-9105-d3409d23f483} - G:\SETUP.EXE
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DocuShare Client.lnk
ShortcutTarget: DocuShare Client.lnk -> C:\Windows\Installer\{46152C6A-CF36-46D2-A429-9E844745214E}\dsx_icon.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
Startup: D:\Users\sghocc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: D:\Users\sghocc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:23831
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2396DD065981CF01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = http://www.default-search.net/search?sid=498&aid=121&itype=n&ver=12302&tm=313&src=ds&p={searchTerms}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: DSClient Browser Helper Object - {78839ABD-14B9-11D4-BA68-00104BC6425F} - C:\Program Files\Xerox\DSClient\BHO.dll (Xerox Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140404180319.dll (McAfee, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DSClient Browser Helper Object - {78839ABD-14B9-11D4-BA68-00104BC6425F} - C:\Program Files (x86)\Xerox\DSClient\BHO.dll (Xerox Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140404180319.dll (McAfee, Inc.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{2B35E8F3-9F1C-42B2-91F3-1BA5314663EF}: [NameServer]192.168.56.1
Tcpip\..\Interfaces\{40265487-CD72-4E7A-8DA0-FA1983AAA8BF}: [NameServer]13.198.10.61,13.198.10.62
Tcpip\..\Interfaces\{861FCBA2-D83C-4F06-AB3B-AC693B95F7F7}: [NameServer]13.198.10.61,13.198.10.62

FireFox:
========
FF ProfilePath: D:\Users\sghocc\AppData\Roaming\Mozilla\Firefox\Profiles\qi8e3jwa.default
FF NetworkProxy: "autoconfig_url", "file:///D:/49%20Miscellaneous/proxy.pac"
FF NetworkProxy: "type", 2
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2014-04-04]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-04-08]
FF HKCU\...\Firefox\Extensions: [{133B7132-EA16-42F0-9329-2F420F9EB1A1}] - c:\program files (x86)\copernic desktop search - pro\firefoxconnector
FF Extension: Copernic Desktop Search - Search Firefox content - c:\program files (x86)\copernic desktop search - pro\firefoxconnector [2014-04-08]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

==================== Services (Whitelisted) =================

S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 Check Point Device Auxiliary Framework; C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\idafserverhostservice.exe [215056 2013-01-15] (Check Point Software Technologies Ltd.)
R2 CPDA; C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\cpda.exe [941736 2013-01-15] (Check Point Software Technologies Ltd.)
R2 DisknetClient; C:\Program Files (x86)\CheckPoint\Endpoint Security\Data Loss Prevention\disknet.exe [4327080 2013-01-15] (Check Point Software Technologies Ltd.)
R4 DriverNetRemote.exe; D:\Users\sghocc\AppData\Local\6ec3279de7aa3e1a2ca4d8cd994e6402\DriverNetRemote.exe [110592 2014-06-03] ()
R2 Full Disk Encryption; C:\Windows\SysWOW64\FDE_srv.exe [5220880 2013-01-15] (Check Point Software Technologies Ltd.)
R3 FXCreatorMessages; C:\Windows\System32\FXCreatorMessages.exe [111512 2011-06-03] (Fuji Xerox Co, Ltd.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-09-05] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [201864 2014-04-04] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2014-04-04] (McAfee, Inc.)
R2 MSSQL$MSSQLSERVERDEV01; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVERDEV01\MSSQL\Binn\sqlservr.exe [61913952 2010-04-04] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
S3 SQLAgent$MSSQLSERVERDEV01; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVERDEV01\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
S2 22ca4b4a2bdb379.exe; D:\Users\sghocc\AppData\Local\78fb7c01c47fc3395bc7c155a8f611ef\22ca4b4a2bdb379.exe [X]

==================== Drivers (Whitelisted) ====================

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2013-06-17] (Broadcom Corporation.)
R0 DNPFW; C:\Windows\System32\drivers\DNPFW.sys [41392 2013-01-15] (Check Point Software Technologies Ltd.)
S3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdX64.sys [29184 2008-07-31] (Juniper Networks)
R0 dvrem; C:\Windows\System32\drivers\dvrem.sys [67504 2013-01-15] (Check Point Software Technologies Ltd.)
R1 jnprns; C:\Windows\System32\DRIVERS\jnprns.sys [506160 2014-03-13] (Juniper Networks)
S4 jnprTdi_803_44983; C:\Windows\system32\Drivers\jnprTdi_803_44983.sys [108344 2014-04-09] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [30072 2014-03-13] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2014-03-13] (Juniper Networks, Inc.)
R0 KAEON; C:\Windows\System32\drivers\kaeon.sys [43440 2013-01-15] (Check Point Software Technologies Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mevdbus; C:\Windows\System32\DRIVERS\mevdbus.sys [26304 2012-12-04] (Check Point Software Technologies Ltd.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160952 2014-04-04] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [274880 2014-04-04] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [665768 2014-04-04] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2014-04-04] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [303464 2014-04-04] (McAfee, Inc.)
R0 prot_2k; C:\Windows\System32\Drivers\prot_2k.sys [205336 2013-01-15] (Check Point Software Technologies Ltd.)
R0 prot_2k; C:\Windows\SysWow64\Drivers\prot_2k.sys [170776 2013-01-15] (Check Point Software Technologies Ltd.)
R0 PSG; C:\Windows\System32\drivers\PSG.sys [72112 2013-01-15] (Check Point Software Technologies Ltd.)
R3 RegFltrX64; D:\Users\sghocc\AppData\Local\6ec3279de7aa3e1a2ca4d8cd994e6402\RegFltrX64.sys [18064 2014-06-03] ()
R0 rmm; C:\Windows\System32\drivers\rmm.sys [32176 2013-01-15] (Check Point Software Technologies Ltd.)
R1 rxAES100; C:\Windows\System32\drivers\rxAES100.sys [59824 2013-01-15] (Check Point Software Technologies Ltd.)
R3 ST_ACCEL; C:\Windows\system32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
R1 vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [455872 2013-01-09] (Check Point Software Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-09 09:15 - 2014-06-09 09:17 - 00023818 _____ () D:\Users\sghocc\Downloads\FRST.txt
2014-06-09 09:15 - 2014-06-09 09:17 - 00000000 ____D () C:\FRST
2014-06-09 09:13 - 2014-06-09 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-09 09:13 - 2014-06-09 09:13 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-09 09:12 - 2014-06-09 09:15 - 02072576 _____ (Farbar) D:\Users\sghocc\Downloads\FRST64.exe
2014-06-06 14:09 - 2014-06-06 14:09 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-06 14:09 - 2014-06-06 14:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-06 12:04 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-05 12:15 - 2014-06-05 12:15 - 00000000 ____D () D:\Users\sghocc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-06-05 09:16 - 2014-06-05 09:16 - 00000000 ____D () D:\Users\sghocc\AppData\Local\6ec3279de7aa3e1a2ca4d8cd994e6402
2014-05-29 17:19 - 2014-05-29 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-05-29 17:17 - 2014-05-29 17:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-29 17:17 - 2014-05-29 17:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-05-28 10:52 - 2014-06-04 14:23 - 00000000 ____D () D:\Users\sghocc\VirtualBox VMs
2014-05-28 10:46 - 2014-05-28 10:46 - 00000000 ____D () D:\Users\sghocc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Notepad 2007
2014-05-28 10:46 - 2014-05-28 10:46 - 00000000 ____D () C:\Program Files (x86)\XML Notepad 2007
2014-05-26 13:32 - 2014-05-26 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bizagi
2014-05-26 13:31 - 2014-05-26 13:31 - 00000000 ____D () C:\Program Files\Bizagi
2014-05-26 13:30 - 2014-05-26 13:30 - 00000000 ____D () D:\Users\sghocc\AppData\Local\Downloaded Installations
2014-05-22 10:06 - 2010-04-04 02:51 - 00073568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$MSSQLSERVERDEV01-sqlctr10.50.1600.1.dll
2014-05-22 10:06 - 2010-04-04 02:51 - 00047456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL10_50.MSSQLSERVERDEV01-sqlagtctr.dll
2014-05-22 10:06 - 2010-04-04 01:57 - 00079200 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$MSSQLSERVERDEV01-sqlctr10.50.1600.1.dll
2014-05-22 10:06 - 2010-04-04 01:57 - 00077152 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL10_50.MSSQLSERVERDEV01-sqlagtctr.dll
2014-05-22 10:05 - 2014-05-22 10:05 - 00000000 ____D () C:\Windows\system32\RsFx
2014-05-22 10:05 - 2014-05-22 10:05 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2014-05-21 15:24 - 2014-05-21 15:24 - 00000000 ____D () D:\Users\sghocc\Documents\Visual Studio 2005
2014-05-21 15:19 - 2014-05-21 15:19 - 00000000 ____D () D:\Users\sghocc\Documents\Integration Services Script Component
2014-05-21 15:18 - 2014-05-21 15:18 - 00000000 ____D () D:\Users\sghocc\Documents\Integration Services Script Task
2014-05-21 15:17 - 2014-05-21 15:34 - 00000000 ____D () D:\Users\sghocc\Documents\SQL Server Management Studio
2014-05-21 15:17 - 2014-05-21 15:17 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-05-21 15:17 - 2014-05-21 15:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-05-21 15:15 - 2014-05-21 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2014-05-21 15:14 - 2014-05-21 15:14 - 00000000 ____D () D:\Users\sghocc\Documents\Visual Studio 2008
2014-05-21 15:13 - 2014-05-21 15:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0
2014-05-21 15:13 - 2014-05-21 15:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-05-21 15:09 - 2014-05-22 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2
2014-05-21 15:08 - 2014-05-21 15:08 - 00000000 ____D () D:\Users\sghocc\AppData\Local\Microsoft_Corporation
2014-05-21 14:17 - 2014-06-06 11:05 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-05-19 13:25 - 2014-05-19 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-19 13:25 - 2014-05-19 13:25 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-19 11:58 - 2014-04-12 10:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-19 11:58 - 2014-03-04 17:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-19 11:58 - 2014-03-04 17:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-19 11:58 - 2014-03-04 17:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-19 11:58 - 2014-03-04 17:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-19 11:58 - 2014-03-04 17:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-19 11:58 - 2014-03-04 17:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-19 11:58 - 2014-03-04 17:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-19 11:58 - 2014-03-04 17:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-19 11:58 - 2014-03-04 17:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-19 11:58 - 2014-03-04 17:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-19 11:58 - 2014-03-04 17:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-19 11:58 - 2014-03-04 17:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-19 11:57 - 2014-04-12 10:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-19 11:57 - 2014-04-12 10:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-19 11:57 - 2014-04-12 10:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-19 11:57 - 2014-04-12 10:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-19 11:57 - 2014-04-12 10:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-19 11:57 - 2014-04-12 10:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-19 11:57 - 2014-04-12 10:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-19 11:57 - 2014-04-12 10:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-19 11:57 - 2014-03-04 17:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-19 11:57 - 2014-03-04 17:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-19 11:57 - 2014-03-04 17:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-19 11:57 - 2014-03-04 17:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-19 11:57 - 2014-03-04 17:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-19 11:57 - 2014-03-04 17:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-19 11:57 - 2014-03-04 17:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-19 11:57 - 2014-03-04 17:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-19 11:57 - 2014-03-04 17:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-19 11:57 - 2014-03-04 17:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-19 11:57 - 2014-03-04 17:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-19 11:57 - 2014-03-04 17:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-19 11:57 - 2014-03-04 17:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-19 11:57 - 2014-03-04 17:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-19 11:57 - 2014-03-04 17:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-19 11:57 - 2014-03-04 17:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-19 11:57 - 2014-03-04 17:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-19 11:57 - 2014-03-04 17:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-19 11:57 - 2014-03-04 17:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-19 11:57 - 2014-03-04 17:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-19 11:18 - 2014-05-06 12:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-19 11:18 - 2014-05-06 12:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-19 11:18 - 2014-05-06 11:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-19 11:18 - 2014-05-06 11:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-19 11:18 - 2014-05-06 11:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-19 11:18 - 2014-05-06 10:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-19 11:16 - 2014-05-09 14:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-19 11:16 - 2014-05-09 14:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-19 11:16 - 2014-03-25 10:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-19 11:16 - 2014-03-25 10:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-19 08:42 - 2014-04-09 01:22 - 00108344 _____ (Juniper Networks, Inc.) C:\Windows\system32\Drivers\jnprTdi_803_44983.sys
2014-05-19 08:42 - 2014-03-13 08:29 - 00506160 _____ (Juniper Networks) C:\Windows\system32\Drivers\jnprns.sys
2014-05-19 08:35 - 2014-05-19 08:35 - 00000000 ____D () C:\Network Connect 6.1.0
2014-05-19 08:34 - 2014-05-19 08:35 - 00000820 _____ () C:\NcAdmin.log
2014-05-16 14:55 - 2014-06-02 10:34 - 00000000 ____D () D:\Users\sghocc\.freemind
2014-05-16 14:54 - 2014-05-16 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind
2014-05-16 14:54 - 2014-05-16 14:54 - 00000000 ____D () C:\Program Files (x86)\FreeMind
2014-05-15 09:40 - 2014-05-15 09:40 - 00000027 _____ () D:\Users\sghocc\.appcfg_nag

==================== One Month Modified Files and Folders =======

2014-06-09 09:17 - 2014-06-09 09:15 - 00023818 _____ () D:\Users\sghocc\Downloads\FRST.txt
2014-06-09 09:17 - 2014-06-09 09:15 - 00000000 ____D () C:\FRST
2014-06-09 09:17 - 2014-04-04 18:49 - 00006614 _____ () D:\Users\sghocc\AppData\Roaming\EPLauncher.log
2014-06-09 09:17 - 2014-04-04 18:36 - 00000000 ____D () D:\Users\sghocc\AppData\Local\Temp
2014-06-09 09:15 - 2014-06-09 09:12 - 02072576 _____ (Farbar) D:\Users\sghocc\Downloads\FRST64.exe
2014-06-09 09:15 - 2014-04-08 15:23 - 00000000 ____D () C:\QUARANTINE
2014-06-09 09:13 - 2014-06-09 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-09 09:13 - 2014-06-09 09:13 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-09 09:13 - 2014-04-04 18:34 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-09 09:13 - 2009-07-14 12:45 - 00012080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-09 09:13 - 2009-07-14 12:45 - 00012080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-09 09:13 - 2009-07-14 11:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-09 09:11 - 2014-04-28 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-06-09 09:10 - 2014-04-08 13:46 - 00000000 ____D () D:\Users\sghocc\AppData\Roaming\gSyncit
2014-06-09 09:06 - 2014-04-10 15:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-09 09:06 - 2009-07-14 13:13 - 00880634 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-09 09:04 - 2014-04-08 10:41 - 00000000 ____D () D:\Users\sghocc\AppData\Roaming\Juniper Networks
2014-06-09 08:59 - 2014-04-04 18:17 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-09 08:59 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-09 08:59 - 2009-07-14 12:51 - 00034989 _____ () C:\Windows\setupact.log
2014-06-06 15:46 - 2014-04-08 21:34 - 00000000 ____D () D:\Users\sghocc\.VirtualBox
2014-06-06 15:46 - 2014-04-03 15:07 - 01497235 _____ () C:\Windows\WindowsUpdate.log
2014-06-06 15:40 - 2014-04-04 18:17 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-06 14:09 - 2014-06-06 14:09 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-06 14:09 - 2014-06-06 14:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-06 14:09 - 2014-04-28 10:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-06 12:18 - 2014-04-04 18:40 - 00000000 ____D () D:\Users\sghocc\AppData\Local\Google
2014-06-06 12:14 - 2013-06-14 15:40 - 00188528 _____ () C:\Windows\PFRO.log
2014-06-06 11:05 - 2014-05-21 14:17 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-06-06 10:39 - 2013-06-17 08:58 - 00894132 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-05 12:15 - 2014-06-05 12:15 - 00000000 ____D () D:\Users\sghocc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-06-05 09:16 - 2014-06-05 09:16 - 00000000 ____D () D:\Users\sghocc\AppData\Local\6ec3279de7aa3e1a2ca4d8cd994e6402
2014-06-04 14:23 - 2014-05-28 10:52 - 00000000 ____D () D:\Users\sghocc\VirtualBox VMs
2014-06-03 18:16 - 2014-04-03 15:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-03 11:39 - 2014-04-10 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 11:39 - 2014-04-10 15:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-02 10:34 - 2014-05-16 14:55 - 00000000 ____D () D:\Users\sghocc\.freemind
2014-05-30 11:03 - 2014-04-22 14:42 - 00000000 ____D () D:\Users\sghocc\AppData\Roaming\jaws
2014-05-29 17:22 - 2014-04-03 15:28 - 00000039 _____ () C:\Windows\vbaddin.ini
2014-05-29 17:21 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-05-29 17:19 - 2014-05-29 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-05-29 17:18 - 2014-05-29 17:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-29 17:18 - 2014-05-29 17:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-05-29 17:17 - 2009-07-14 10:34 - 00000478 _____ () C:\Windows\win.ini
2014-05-29 10:33 - 2014-04-24 14:01 - 00000000 ____D () D:\Users\sghocc\AppData\Local\CrashDumps
2014-05-28 16:44 - 2014-04-04 16:16 - 00000000 ____D () C:\Program Files (x86)\Juniper Networks
2014-05-28 16:43 - 2014-04-04 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2014-05-28 10:52 - 2014-04-04 18:36 - 00000000 ____D () D:\Users\sghocc
2014-05-28 10:46 - 2014-05-28 10:46 - 00000000 ____D () D:\Users\sghocc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Notepad 2007
2014-05-28 10:46 - 2014-05-28 10:46 - 00000000 ____D () C:\Program Files (x86)\XML Notepad 2007
2014-05-26 14:53 - 2014-04-04 18:45 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-05-26 14:50 - 2014-04-04 18:36 - 00116432 _____ () D:\Users\sghocc\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-26 14:49 - 2009-07-14 12:45 - 00504992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-26 14:36 - 2014-04-08 15:53 - 00000000 ____D () D:\Users\sghocc\AppData\Local\Microsoft Help
2014-05-26 13:32 - 2014-05-26 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bizagi
2014-05-26 13:32 - 2013-06-14 15:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-26 13:31 - 2014-05-26 13:31 - 00000000 ____D () C:\Program Files\Bizagi
2014-05-26 13:30 - 2014-05-26 13:30 - 00000000 ____D () D:\Users\sghocc\AppData\Local\Downloaded Installations
2014-05-23 15:50 - 2014-04-28 11:28 - 00000000 ____D () D:\Users\sghocc\AppData\Local\Deployment
2014-05-22 16:05 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-05-22 10:05 - 2014-05-22 10:05 - 00000000 ____D () C:\Windows\system32\RsFx
2014-05-22 10:05 - 2014-05-22 10:05 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2014-05-22 10:05 - 2014-05-21 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2
2014-05-22 10:05 - 2014-04-11 14:31 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-05-22 10:04 - 2014-04-11 14:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-05-21 15:34 - 2014-05-21 15:17 - 00000000 ____D () D:\Users\sghocc\Documents\SQL Server Management Studio
2014-05-21 15:24 - 2014-05-21 15:24 - 00000000 ____D () D:\Users\sghocc\Documents\Visual Studio 2005
2014-05-21 15:19 - 2014-05-21 15:19 - 00000000 ____D () D:\Users\sghocc\Documents\Integration Services Script Component
2014-05-21 15:18 - 2014-05-21 15:18 - 00000000 ____D () D:\Users\sghocc\Documents\Integration Services Script Task
2014-05-21 15:17 - 2014-05-21 15:17 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-05-21 15:17 - 2014-05-21 15:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-05-21 15:16 - 2014-04-03 15:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-05-21 15:15 - 2014-05-21 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2014-05-21 15:14 - 2014-05-21 15:14 - 00000000 ____D () D:\Users\sghocc\Documents\Visual Studio 2008
2014-05-21 15:13 - 2014-05-21 15:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0
2014-05-21 15:13 - 2014-05-21 15:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-05-21 15:13 - 2014-04-11 15:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-05-21 15:08 - 2014-05-21 15:08 - 00000000 ____D () D:\Users\sghocc\AppData\Local\Microsoft_Corporation
2014-05-21 15:06 - 2014-04-11 14:10 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-21 15:04 - 2009-07-14 13:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-05-21 15:03 - 2014-04-11 14:12 - 00000000 ____D () C:\Windows\system32\1033
2014-05-21 15:03 - 2014-04-11 14:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 12.0
2014-05-21 15:03 - 2014-04-11 14:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-05-21 14:57 - 2014-04-11 14:31 - 00000000 ____D () C:\Windows\SysWOW64\1033
2014-05-21 14:50 - 2009-07-14 13:32 - 00000000 ____D () C:\Program Files\MSBuild
2014-05-19 13:37 - 2014-04-03 15:28 - 00000247 _____ () C:\Windows\ODBC.INI
2014-05-19 13:25 - 2014-05-19 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-19 13:25 - 2014-05-19 13:25 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-19 13:19 - 2014-04-04 18:33 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-19 13:13 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-19 11:26 - 2014-04-04 18:36 - 00000000 ___RD () D:\Users\sghocc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-19 11:26 - 2014-04-04 18:36 - 00000000 ___RD () D:\Users\sghocc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-19 11:22 - 2014-04-24 10:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-19 11:18 - 2014-04-08 13:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-19 11:17 - 2013-06-17 11:15 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-19 08:35 - 2014-05-19 08:35 - 00000000 ____D () C:\Network Connect 6.1.0
2014-05-19 08:35 - 2014-05-19 08:34 - 00000820 _____ () C:\NcAdmin.log
2014-05-16 14:54 - 2014-05-16 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind
2014-05-16 14:54 - 2014-05-16 14:54 - 00000000 ____D () C:\Program Files (x86)\FreeMind
2014-05-15 09:40 - 2014-05-15 09:40 - 00000027 _____ () D:\Users\sghocc\.appcfg_nag
2014-05-12 07:26 - 2014-04-10 15:45 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-04-10 15:45 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-04-10 15:45 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
D:\Users\Administrator\AppData\Local\Temp\{847A9E91-0EA6-4FD0-8F99-4DF6061F919F}-33.0.1750.154_chrome_installer.exe
D:\Users\sghocc\AppData\Local\Temp\dsHostCheckerSetup.exe
D:\Users\sghocc\AppData\Local\Temp\dsNCInst64.exe
D:\Users\sghocc\AppData\Local\Temp\JuniperSetupClientInstaller.exe
D:\Users\sghocc\AppData\Local\Temp\neoNCSetup64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-22 15:58

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2014
Ran by sghocc at 2014-06-09 09:17:43
Running from D:\Users\sghocc\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AutoHotkey 1.1.14.03 (HKLM\...\AutoHotkey) (Version: 1.1.14.03 - Lexikos)
Bizagi Process Modeler (HKLM-x32\...\InstallShield_{EC5DF025-9CC7-4075-B56E-128D3E026BC6}) (Version: 2.7.02 - Bizagi Limited)
Bizagi Process Modeler (Version: 2.7.02 - Bizagi Limited) Hidden
Check Point Endpoint Security (HKLM\...\{2D8E9E30-9172-4720-BF4A-5B2C659165E3}) (Version: 8.2.833 - Check Point Software Technologies Ltd.)
Copernic Desktop Search - Professional (HKLM-x32\...\CopernicDesktopSearch2) (Version:  - Copernic Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
DocuShare Client (x64) (HKLM\...\{46152C6A-DF36-46D2-A429-9E844745214E}) (Version: 6.5.1.26 - Xerox Corporation)
DocuShare Client (x64) (Version: 6.5.1.26 - Xerox Corporation) Hidden
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Evernote v. 5.3.1 (HKLM-x32\...\{28AAF752-C41B-11E3-8CB0-00163E98E7D6}) (Version: 5.3.1.3363 - Evernote Corp.)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
Fuji Xerox DocuWorks 7.3 (HKLM\...\{A092DE82-C9EC-490A-961A-1AEEF1576E8E}) (Version: 7.3.0 - Fuji Xerox Co., Ltd.)
Fuji Xerox DocuWorks PDF Creator 1.0.1 (HKLM\...\{C9A45754-780B-4539-843C-6B0C21B9EDBD}) (Version: 2.6.1.0 - Fuji Xerox Co., Ltd.)
Fuji Xerox Network Scanner Utility 3 (HKLM-x32\...\{8D9B23B5-9D0C-45FA-836A-4FB549CBD712}) (Version: 1.7.0 - Fuji Xerox Co., Ltd.)
Fuji Xerox Network Scanner Utility2 (HKLM-x32\...\{7CB84B74-5069-444C-BB22-06B7893E4236}) (Version:  - )
Google App Engine (HKLM-x32\...\{AE010902-007D-11DD-A3C1-001636EEECBD}) (Version: 1.9.2.0 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
gSyncit (HKLM-x32\...\{60A9348D-7AB1-471D-A72E-AAEEEB7B9C34}) (Version: 3.8.114 - Fieldston Software)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6454.0 - IDT)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{54EB8041-1115-4406-AA4B-44D236E84B3B}) (Version: 15.01.1000.0927 - Intel Corporation)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Java™ 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.3.10.42895 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junos Pulse 5.0 (HKLM-x32\...\Junos Pulse 5.0) (Version: 5.0.44983 - Juniper Networks, Inc.)
Junos Pulse Core Components (x32 Version: 5.0.44983 - Juniper Networks) Hidden
Junos Pulse Drivers Add-On (Version: 5.0.44983 - Juniper Networks) Hidden
Junos Pulse Host Checker Plugin Add-On (x32 Version: 5.0.44983 - Juniper Networks) Hidden
Junos Pulse Tunnel Manager Add-On (x32 Version: 5.0.44983 - Juniper Networks) Hidden
Junos Pulse UAC/NC Components (x32 Version: 5.0.44983 - Juniper Networks) Hidden
Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version:  - Code Jelly)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Agent (HKLM-x32\...\{D107EA80-023A-443C-AA79-1C4B0CB2E227}) (Version: 4.6.0.2988 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.02004 - McAfee, Inc.)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Exchange Web Services Managed API 2.0 (x32 Version: 15.0.516.14 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (x32 Version: 2.1.21005 - Microsoft Corporation) Hidden
Microsoft Identity Extensions (Version: 2.0.1459.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office JIS90 互換フォント (HKLM-x32\...\{6B5C8298-000D-4761-B6B8-95586EC6273B}) (Version: 1.00.0317 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
Microsoft Office Project 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Project MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Project Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Visio MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2008 (KB971119) (x32 Version: 9.0.30731 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{79A2C6E8-C727-4D12-B4B3-19790C181DEA}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{D535FC73-1F63-4347-896A-C97A45F11E9C}) (Version: 3.0.07.44 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.44 - O2Micro International LTD.) Hidden
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 4.3.10 (HKLM\...\{5632714F-6A48-4BF2-89E0-F8B6CE9FE6D1}) (Version: 4.3.10 - Oracle Corporation)
Pencil (HKLM-x32\...\Pencil) (Version:  - Evolus Co., Ltd.)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.5.7.2450 - Jan Fiala)
Python 2.7.6 (64-bit) (HKLM\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E3}) (Version: 2.7.6150 - Python Software Foundation)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RSA SecurID Token for Windows Desktops (HKLM-x32\...\{4800D75D-4697-4D6B-9B3B-0BF36245B95C}) (Version: 4.0.0 - RSA Security Inc.)
SharePoint Client Components (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Client Tools (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Common Files (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Management Studio (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0036 - ST Microelectronics)
UniPDF 1.1 (HKLM-x32\...\UniPDF) (Version: 1.1 - UniPDF.com)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Project 2007 Help (KB963668) (HKLM-x32\...\{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{1DF07773-4289-4998-BC2C-83539AD85C50}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Visio 2007 Help (KB963666) (HKLM-x32\...\{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{D2C4ACC9-12F5-4E1C-81A8-5DC878AC6278}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VC8 CRT (Version: 8.0.50727.762 - Juniper Networks) Hidden
VistaSwitcher (HKLM-x32\...\VistaSwitcher) (Version: 1.1.5 - NTWind Software)
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4000 - Broadcom Corporation)
WinZip (HKLM-x32\...\WinZip) (Version:  9.0  (6028) - WinZip Computing, Inc.)
Xerox Sans OTF (HKLM-x32\...\{9D6EDFA4-023D-4523-AFDA-72C218220EB8}) (Version: 1.1.0 - Xerox Europe)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)

==================== Restore Points  =========================

26-05-2014 05:31:19 Installed Bizagi Process Modeler
28-05-2014 02:46:28 Installed XML Notepad 2007
28-05-2014 08:40:45 Revo Uninstaller's restore point - Juniper Installer Service 7.3
28-05-2014 08:40:56 Removed Juniper Installer Service
28-05-2014 08:42:19 Revo Uninstaller's restore point - Juniper Networks Host Checker
28-05-2014 08:43:11 Revo Uninstaller's restore point - Juniper Networks Network Connect 7.1.0
28-05-2014 08:43:50 Revo Uninstaller's restore point - Juniper Networks Network Connect 7.3.0
28-05-2014 08:44:25 Revo Uninstaller's restore point - Juniper Networks, Inc. Setup Client
28-05-2014 08:45:06 Revo Uninstaller's restore point - Juniper Networks, Inc. Setup Client Activex Control
28-05-2014 08:48:22 Revo Uninstaller's restore point - RSA SecurID Token for Windows Desktops
29-05-2014 09:15:42 Windows Update
03-06-2014 03:21:37 Revo Uninstaller's restore point - ImgBurn
03-06-2014 03:22:36 Revo Uninstaller's restore point - ImgBurn
03-06-2014 10:15:12 Windows Update
06-06-2014 03:02:04 Revo Uninstaller's restore point - VirtualCloneDrive
06-06-2014 04:17:31 Revo Uninstaller's restore point - Google Chrome
06-06-2014 06:23:04 Installed HiJackThis
06-06-2014 07:27:38 Revo Uninstaller's restore point - HiJackThis
06-06-2014 07:28:02 Revo Uninstaller's restore point - HiJackThis
06-06-2014 07:28:11 Removed HiJackThis

==================== Hosts content: ==========================

2009-07-14 10:34 - 2014-06-09 09:04 - 00000932 ____A C:\Windows\system32\Drivers\etc\hosts
192.168.56.100    eddard     
192.168.56.101    tyrion  
192.168.56.102    infinitidev01  


==================== Scheduled Tasks (whitelisted) =============

Task: {56439F74-964F-4770-AF55-2CD7B592F6FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-04] (Google Inc.)
Task: {ED862FF0-5DE1-464F-8B08-DB27E1EC4EF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-04] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-01-15 17:45 - 2013-01-15 17:45 - 01581848 _____ () C:\Windows\system32\eps_unified_logon_fde_plugin.dll
2013-01-15 17:45 - 2013-01-15 17:45 - 01265944 _____ () C:\Windows\system32\eps_unified_logon_onecheck_plugin.dll
2013-01-15 17:45 - 2013-01-15 17:45 - 00203544 _____ () C:\Windows\system32\LogonAgentAPI64.dll
2013-06-14 14:35 - 2012-03-26 17:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-06-05 09:16 - 2014-06-03 16:34 - 00110592 _____ () D:\Users\sghocc\AppData\Local\6ec3279de7aa3e1a2ca4d8cd994e6402\DriverNetRemote.exe
2014-06-05 09:16 - 2014-06-03 16:33 - 00294400 _____ () D:\Users\sghocc\AppData\Local\6ec3279de7aa3e1a2ca4d8cd994e6402\FreewareGUIMotion.exe
2014-04-08 13:41 - 2010-11-10 19:38 - 00380928 _____ () C:\Program Files (x86)\Launchy\Launchy.exe
2013-06-14 16:26 - 2003-04-18 18:06 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2013-01-15 17:45 - 2013-01-15 17:45 - 00157712 _____ () C:\Windows\SysWOW64\LogonAgentAPI.dll
2013-01-15 17:45 - 2013-01-15 17:45 - 00149672 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Data Loss Prevention\LIBEXPAT.dll
2014-06-05 09:16 - 2014-03-07 20:56 - 00117262 _____ () D:\Users\sghocc\AppData\Local\6ec3279de7aa3e1a2ca4d8cd994e6402\libgcc_s_dw2-1.dll
2014-06-05 09:16 - 2014-03-07 20:56 - 00970766 _____ () D:\Users\sghocc\AppData\Local\6ec3279de7aa3e1a2ca4d8cd994e6402\libstdc++-6.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2012-08-14 20:08 - 2012-08-14 20:08 - 00150328 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\WscAv.dll
2008-03-26 10:46 - 2008-03-26 10:46 - 01585856 _____ () C:\Program Files (x86)\RSA SecurID Token Common\QtCore4.dll
2008-03-26 10:46 - 2008-03-26 10:46 - 06406848 _____ () C:\Program Files (x86)\RSA SecurID Token Common\QtGui4.dll
2014-04-08 13:41 - 2009-12-16 22:13 - 08314880 _____ () C:\Program Files (x86)\Launchy\QtGui4.dll
2014-04-08 13:41 - 2009-12-16 21:54 - 02236416 _____ () C:\Program Files (x86)\Launchy\QtCore4.dll
2014-04-08 13:41 - 2009-12-16 21:56 - 00712704 _____ () C:\Program Files (x86)\Launchy\QtNetwork4.dll
2014-04-08 13:41 - 2009-12-17 00:18 - 00233472 _____ () C:\Program Files (x86)\Launchy\imageformats\qmng4.dll
2014-04-08 13:41 - 2010-11-10 19:39 - 00081920 _____ () C:\Program Files (x86)\Launchy\plugins\calcy.dll
2014-04-08 13:41 - 2010-11-10 19:39 - 00090112 _____ () C:\Program Files (x86)\Launchy\plugins\controly.dll
2014-04-08 13:41 - 2010-11-10 19:38 - 00024064 _____ () C:\Program Files (x86)\Launchy\plugins\gcalc.dll
2014-04-08 13:41 - 2010-11-10 19:38 - 00094208 _____ () C:\Program Files (x86)\Launchy\plugins\runner.dll
2014-04-08 13:41 - 2010-11-10 19:38 - 00057344 _____ () C:\Program Files (x86)\Launchy\plugins\verby.dll
2014-04-08 13:41 - 2010-11-10 19:38 - 00122880 _____ () C:\Program Files (x86)\Launchy\plugins\weby.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-04-15 12:29 - 2014-04-15 12:29 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll
2013-06-14 16:12 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-04-28 10:34 - 2014-06-06 14:09 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-14 14:23 - 2014-04-14 14:23 - 21115392 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll
2014-04-14 14:17 - 2014-04-14 14:17 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-04-14 14:17 - 2014-04-14 14:17 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-04-14 14:23 - 2014-04-14 14:23 - 00983054 _____ () C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll
2014-04-14 14:23 - 2014-04-14 14:23 - 00133134 _____ () C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll
2014-04-14 14:23 - 2014-04-14 14:23 - 00189454 _____ () C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\disknet => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DisknetClient => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\disknet => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DisknetClient => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/09/2014 09:21:09 AM) (Source: McLogEvent) (EventID: 5051) (User: NT AUTHORITY)
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 6308 (0x18a4)

Thread address : 0x00000000777B12FA

Thread message :

 Build VSCORE.15.0.0.466 / 5600.1067
 Object being scanned = \Device\HarddiskVolume2\Users\sghocc\AppData\Local\6ec3279de7aa3e1a2ca4d8cd994e6402\FreewareGUIMotion.exe
 by D:\Users\sghocc\Downloads\FRST64.exe
 4(0)(0)
 4(0)(0)
 7200(0)(0)
 7595(0)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)

Error: (06/09/2014 09:19:31 AM) (Source: McLogEvent) (EventID: 5051) (User: NT AUTHORITY)
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 5492 (0x1574)

Thread address : 0x00000000777B12FA

Thread message :

 Build VSCORE.15.0.0.466 / 5600.1067
 Object being scanned = \Device\HarddiskVolume2\Users\sghocc\AppData\Local\6ec3279de7aa3e1a2ca4d8cd994e6402\DriverNetRemote.exe
 by D:\Users\sghocc\Downloads\FRST64.exe
 4(0)(0)
 4(0)(0)
 7200(0)(0)
 7595(0)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)

Error: (06/09/2014 09:17:20 AM) (Source: McLogEvent) (EventID: 5051) (User: NT AUTHORITY)
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 4296 (0x10c8)

Thread address : 0x00000000777B12FA

Thread message :

 Build VSCORE.15.0.0.466 / 5600.1067
 Object being scanned = \Device\HarddiskVolume2\Users\sghocc\AppData\Local\6ec3279de7aa3e1a2ca4d8cd994e6402\DriverNetRemote.exe
 by D:\Users\sghocc\Downloads\FRST64.exe
 4(0)(0)
 4(0)(0)
 7200(0)(0)
 7595(0)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)

Error: (06/06/2014 03:28:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3057096662-3934190749-3756954656-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {d42a30ea-2e2b-4b6e-a18c-8e2ea1f6cde6}

Error: (06/06/2014 03:28:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3057096662-3934190749-3756954656-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {d42a30ea-2e2b-4b6e-a18c-8e2ea1f6cde6}

Error: (06/06/2014 03:27:39 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3057096662-3934190749-3756954656-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {d42a30ea-2e2b-4b6e-a18c-8e2ea1f6cde6}

Error: (06/06/2014 02:23:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3057096662-3934190749-3756954656-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {b4127e71-296e-493f-bb40-10ed88a64010}

Error: (06/06/2014 00:17:31 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3057096662-3934190749-3756954656-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ebf6501c-185b-4699-8da2-c99ba34e8aba}

Error: (06/06/2014 11:02:04 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3057096662-3934190749-3756954656-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {00f3ff49-a83a-4d86-9cf8-ce785f8ce070}

Error: (06/06/2014 10:39:07 AM) (Source: Outlook) (EventID: 35) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007043c).


System errors:
=============
Error: (06/09/2014 09:21:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee McShield service terminated unexpectedly.  It has done this 3 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/09/2014 09:19:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee McShield service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/09/2014 09:17:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee McShield service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/09/2014 09:02:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/09/2014 09:01:12 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The DriverNetRemote.exe service hung on starting.

Error: (06/09/2014 08:59:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The 22ca4b4a2bdb379.exe service failed to start due to the following error:
%%2

Error: (06/06/2014 03:08:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/06/2014 03:07:53 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The DriverNetRemote.exe service hung on starting.

Error: (06/06/2014 03:06:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The 22ca4b4a2bdb379.exe service failed to start due to the following error:
%%2

Error: (06/06/2014 03:04:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 8074.61 MB
Available physical RAM: 5136.67 MB
Total Pagefile: 16147.39 MB
Available Pagefile: 12756.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (SYS_VOL) (Fixed) (Total:97.66 GB) (Free:40.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:368.1 GB) (Free:258.05 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

Attached Files


Edited by Starbuck, 09 June 2014 - 12:14 AM.


#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:31 AM

Posted 09 June 2014 - 12:39 AM

Hi infobvi

Thanks for the reports.
I did try and complete a fix before going to work this morning, but unfortunately i didn't have time.
I will complete it when i return and will post it later.

Thanks

BBPP6nz.png


#5 infobvi

infobvi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 09 June 2014 - 12:55 AM

Thanks Starbuck,  I truely appreciate the assistance.



#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:31 AM

Posted 09 June 2014 - 12:00 PM

Hi infobvi

Let's run this fix first and see how things go.

Please download the attached fixlist.txt file (bottom of this post) and save it to D:\Users\sghocc\Downloads.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.


In your next reply, please submit:
Fixlog.txt

and let me know if this fixes the proxy problem


Thanks.

Attached Files


Edited by Starbuck, 09 June 2014 - 12:08 PM.

BBPP6nz.png


#7 infobvi

infobvi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 09 June 2014 - 10:44 PM

Hi Starbuck,
 
Please see the log files after the fixes are applied.  Looks good thus far. 
 
May I know what the issue might be please?
 
Thanks a lot.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-06-2014
Ran by sghocc at 2014-06-10 11:37:32 Run:1
Running from D:\Users\sghocc\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
() D:\Users\sghocc\AppData\Local\6ec3279de7aa3e1a2ca4d8cd994e6402\DriverNetRemote.exe
() D:\Users\sghocc\AppData\Local\6ec3279de7aa3e1a2ca4d8cd994e6402\FreewareGUIMotion.exe
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:23831
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2396DD065981CF01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = http://www.default-search.net/search?sid=498&aid=121&itype=n&ver=12302&tm=313&src=ds&p={searchTerms}
FF NetworkProxy: "autoconfig_url", "file:///D:/49%20Miscellaneous/proxy.pac"
FF NetworkProxy: "type", 2
S2 22ca4b4a2bdb379.exe; D:\Users\sghocc\AppData\Local\78fb7c01c47fc3395bc7c155a8f611ef\22ca4b4a2bdb379.exe [X]
U3 mfeavfk01; No ImagePath
R3 RegFltrX64; D:\Users\sghocc\AppData\Local\6ec3279de7aa3e1a2ca4d8cd994e6402\RegFltrX64.sys [18064 2014-06-03] ()
2014-06-05 09:16 - 2014-06-05 09:16 - 00000000 ____D () D:\Users\sghocc\AppData\Local\6ec3279de7aa3e1a2ca4d8cd994e6402
D:\Users\Administrator\AppData\Local\Temp\{847A9E91-0EA6-4FD0-8F99-4DF6061F919F}-33.0.1750.154_chrome_installer.exe
D:\Users\sghocc\AppData\Local\Temp\dsHostCheckerSetup.exe
D:\Users\sghocc\AppData\Local\Temp\dsNCInst64.exe
D:\Users\sghocc\AppData\Local\Temp\JuniperSetupClientInstaller.exe
D:\Users\sghocc\AppData\Local\Temp\neoNCSetup64.exe
D:\Users\sghocc\AppData\Local\78fb7c01c47fc3395bc7c155a8f611ef
Hosts:
Reboot:
*****************

[2148] D:\Users\sghocc\AppData\Local\6ec3279de7aa3e1a2ca4d8cd994e6402\DriverNetRemote.exe => Process closed successfully.
[5164] D:\Users\sghocc\AppData\Local\6ec3279de7aa3e1a2ca4d8cd994e6402\FreewareGUIMotion.exe => Process closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}'=> Key not found.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
22ca4b4a2bdb379.exe => Service deleted successfully.
mfeavfk01 => Service deleted successfully.
RegFltrX64 => Service stopped successfully.
RegFltrX64 => Service deleted successfully.
"2014-06-05 09:16 - 2014-06-05 09:16 - 00000000 ____D () D:\Users\sghocc\AppData\Local\6ec3279de7aa3e1a2ca4d8cd994e6402" => File/Directory not found.
D:\Users\Administrator\AppData\Local\Temp\{847A9E91-0EA6-4FD0-8F99-4DF6061F919F}-33.0.1750.154_chrome_installer.exe => Moved successfully.
D:\Users\sghocc\AppData\Local\Temp\dsHostCheckerSetup.exe => Moved successfully.
D:\Users\sghocc\AppData\Local\Temp\dsNCInst64.exe => Moved successfully.
D:\Users\sghocc\AppData\Local\Temp\JuniperSetupClientInstaller.exe => Moved successfully.
D:\Users\sghocc\AppData\Local\Temp\neoNCSetup64.exe => Moved successfully.
"D:\Users\sghocc\AppData\Local\78fb7c01c47fc3395bc7c155a8f611ef" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.


The system needed a reboot.

==== End of Fixlog ====

Attached Files


Edited by Starbuck, 10 June 2014 - 11:08 AM.


#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:31 AM

Posted 10 June 2014 - 11:20 AM

Hi infobvi
 

May I know what the issue might be please?

There was still malware entries on the system, so every time you tried to remove the proxy settings ... the malware just recreated them.

Step 1
Please uninstall:
Java 6 Update 37
This should have been removed when Java was updated.

Do Not remove Java 8 Update 5 as this is the latest version.


Step 2
I'd like you to do an ESET OnlineScan
64Bit users, please see note at the bottom.

You may find it beneficial to close your resident AV program before running the scan.

It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

eset.png
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • If asked, allow the activex control to install
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Click esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the esetBack.png button.
  • Click esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Note:
As you are running a 64bit system:
The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu.


Please post the Eset report in your next reply.

Thanks

BBPP6nz.png


#9 infobvi

infobvi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 12 June 2014 - 05:51 AM

Hi Starbuck,

 

Please see the requested output following the ESET run. Thanks a lot!

Attached Files



#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:31 AM

Posted 12 June 2014 - 01:29 PM

Hi infobvi

Eset removed a few leftovers from some Adware we had already removed, so that's good.
As you already have MalwareBytes AntiMalware on your system, let's update this and get a scan from that.
Hopefully this will come back clean.


Start MBAM
  • Click Scan Now >>
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
.

(Copy to clipboard for pasting into forum replies)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab >> Application Logs.

    mbamapplog_zps222887ef.png
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'

    mbamhis_zps7bfe6503.png
  • Paste the contents of the clipboard into your reply.
Thanks

BBPP6nz.png


#11 infobvi

infobvi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 12 June 2014 - 02:05 PM

Hi Starbuck,

 

Here you go, the below after running MBAM:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 13/6/2014
Scan Time: 2:56:05 AM
Logfile:
Administrator: No

Version: 2.00.2.1012
Malware Database: v2014.06.12.10
Rootkit Database: v2014.06.02.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: sghocc

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345458
Time Elapsed: 7 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:31 AM

Posted 13 June 2014 - 06:51 PM

Hi infobvi

That looks good.
If there are no other issues with the system we can start to finish the cleaning procedure.

BBPP6nz.png


#13 infobvi

infobvi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 13 June 2014 - 11:04 PM

Hi Starbuck,

 

Sure let's do that.  Could you advise me on what needs to be done to finish the cleaning procedure please?

 

Thanks a lot.



#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:31 AM

Posted 14 June 2014 - 06:23 AM

Hi infobvi

Let's finish the cleaning process and remove the tools we have used.
We'll also set you a fresh restore point.

Step 1
Restart MBAM.
Click on the History tab >> Quarantine
Tick to select any items and then click the Delete button.
Close MBAM.


Step 2
Download Delfix and save it to your desktop.
  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
  • Create registry backup
  • Purge system restore

    delf_zpsb39a5ff3.png
    .
  • Click the Run button.
When the tool has finished, a log will open in notepad.... but i don't actually need this report


Step 3
Eset can be removed using the Remove Programs feature in Control Panel.


To find out how you may have been infected....read this topic:
How did i get infected?

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Use an AntiVirus Software

Only install one AntiVirus program

Update your AntiVirus Software regularly

Use a Firewall

Only install one software Firewall

Scan regularly with a 'Stand Alone' Anti-Malware scanner:
Installing another scanner that you can run once or twice a week is always beneficial.
Something like:
Malwarebytes Anti-Malware
SUPERAntiSypware
Remember to update these programs each time before running.
You can install more than one of these if you only run them as stand alone programs.

Use an alternative browser to Internet Explorer:
Some excellent alternatives to MS Internet Explorer are:

Firefox
For added security, add the NoScript extension to this browser:
Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks
also consider adding:
WOT - Safe Browsing Tool

Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web.
Btw: you don't have to make a contribution.

Opera

Keep a backup of your registry
Keeping a regular backup of your registry will help when something goes wrong.
Use a program like:
Erunt

A full tutorial on how to set up and use Erunt can be found here:
Erunt tutorial

Keep your system clean of temp files etc, using a 'Cleaner':

Cleaners are programs that will help to clean out your:
Windows temp files
Current user temp files
Cookies
Temporary Internet flies
Browser history
Recycle bin
Etc.......
In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc.
Programs like:
TFC by OldTimer
ATF Cleaner

Visit Microsoft's Windows Update Site Frequently - It is important that you visit Windowsupdate regularly.
Alternatively, turn on the Automatic Updates.

Peer to Peer programs
Don't be tempted to use Peer to Peer programs.
Many of the downloads are bundled with malware.

Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

Safe surfing. Computer_addict__by_Sinister_Starfeesh.g

BBPP6nz.png


#15 infobvi

infobvi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 15 June 2014 - 05:33 AM

Thanks Starbuck,  I'm grateful for your assistance in this matter!  I'm sure to go through the resources you provided.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users