Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe appearing in C:\Windows\Temp\


  • This topic is locked This topic is locked
18 replies to this topic

#1 dantal33

dantal33

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 15 November 2014 - 02:41 PM

Hi,

 

Continuing a thread from here based on request: http://www.bleepingcomputer.com/forums/t/555945/svchostexe-appearing-in-cwindowstemp/

 

 



BC AdBot (Login to Remove)

 


#2 dantal33

dantal33
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 15 November 2014 - 02:42 PM

Here is the Attach.txt log from the DDS tool:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Enterprise 
Boot Device: \Device\HarddiskVolume1
Install Date: 14/01/13 15:38:03
System Uptime: 14/11/14 10:29:54 (35 hours ago)
.
Motherboard: LENOVO |  | 2324AJ4
Processor: Intel® Core™ i5-3320M CPU @ 2.60GHz | CPU Socket - U3E1 | 2601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 92.986 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Array Networks SSL VPN Adapter
Device ID: ROOT\NET\0001
Manufacturer: Array Networks
Name: Array Networks VPN Adapter
PNP Device ID: ROOT\NET\0001
Service: ATP
.
Class GUID: {1378e71b-ab4d-4348-af26-cba56b12969e}
Description: StorLib bus (virtual storages support)
Device ID: ROOT\STORLIB\0000
Manufacturer: SugarSync
Name: StorLib bus (virtual storages support)
PNP Device ID: ROOT\STORLIB\0000
Service: SSCBFS3
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Device (Personal Area Network)
Device ID: BTH\MS_BTHPAN\7&4F928B9&0&2
Manufacturer: Microsoft
Name: Bluetooth Device (Personal Area Network)
PNP Device ID: BTH\MS_BTHPAN\7&4F928B9&0&2
Service: BthPan
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: secsvccatDriver13893
Device ID: ROOT\LEGACY_SECSVCCATDRIVER13893\0000
Manufacturer: 
Name: secsvccatDriver13893
PNP Device ID: ROOT\LEGACY_SECSVCCATDRIVER13893\0000
Service: secsvccatDriver13893
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
??? ????? ?? Microsoft Office 2013 - ?????
64 Bit HP CIO Components Installer
ACM Lite
Adobe AIR
Adobe Community Help
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.07)
Amdocs Outlook Add-In
Amdocs PC Maintenance Pack - May 2013
Amdocs Screen Saver 2012
Amdocs Software Catalog
APM Monitor 8.3.0.pb00_hf04
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Array Networks SSL VPN Client 8,4,6,67 (Array Networks)
Array SSL VPN
AT&T Conferencing Outlook Add-in v10.5.15
AT&T Connect Participant Application v9.5.51
AT&T Connect Recording Converter Utility v1.0.51
Aternity Agent
Aternity Assistant
Aternity Bundle
Babylon-Enterprise Client
Bonjour
Box Sync
BrowserTraySwitch 2.05.01
Camtasia Studio 8
CCleaner
Cisco Systems VPN Client 5.0.07.0440
Cisco WebEx Meetings
Citrix Online Launcher
Citrix XenApp Plugin for Hosted Apps
Configuration Manager Client
Dropbox
DST 2014 Chile
ECAT Agent
Enterprise Architect 9.2
Foxit Cloud
Foxit Reader
Google Chrome
Google Talk (remove only)
Google Update Helper
GoToMeeting 7.0.3.1963
HP DDM Inventory Agent (x86) 7.61.000.9328
iCloud
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software
iPass Open Mobile
iTunes
Java 7 Update 21
Java Auto Updater
Java SE Development Kit 7 Update 21
Java™ 6 Update 24
Java™ SE Development Kit 6 Update 24
Launchy 2.5
Lenovo Auto Scroll Utility
Lenovo Patch Utility
Lenovo Patch Utility 64 bit
Lenovo System Interface Driver
Malwarebytes Anti-Malware version 2.0.3.1025
MDOP MBAM
Microsoft .NET Framework 4.5.1
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 2010 Primary Interop Assemblies
Microsoft Office 64-bit Components 2013
Microsoft Office Office 64-bit Components 2007
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2013
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft Outlook Social Connector Provider for Facebook 32-bit
Microsoft Policy Platform
Microsoft PowerPoint MUI (English) 2013
Microsoft Project MUI (English) 2013
Microsoft Project Professional 2013
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft Visio Viewer 2013
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Word MUI (English) 2013
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 32.0.3 (x86 en-US)
Mozilla Maintenance Service
Nortel PC Client
On Screen Display
Oracle WebLogic
Outils de vérification linguistique 2013 de Microsoft Office - Français
Proxy Switcher
Realtek High Definition Audio Driver
Reflector
RSA SecurID Software Token
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft Lync 2013 (KB2881013) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office 2013 (KB2760272) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2768005) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2810009) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2817623) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2878316) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2880463) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2880502) 32-Bit Edition
Security Update for Microsoft Office Visio 2007 (KB2553010)
Security Update for Microsoft Word 2013 (KB2863910) 32-Bit Edition
Skype Click to Call
Skype™ 6.14
Snagit 10
SubWiji
Symantec Endpoint Protection
System Requirements Lab for Intel
TeamPlayer
TeamViewer 9
ThinkPad FullScreen Magnifier
ThinkPad Power Management Driver
ThinkPad UltraNav Driver
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Communications Utility
Tivoli Challenge Response
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Total Commander (Remove or Repair)
UltraEdit 16.20
Unlocker 1.9.2
Update for Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (KB982305)
Viber
Visual Studio 2005 Tools for Office Second Edition Runtime
VLC media player
VMware Mirage Client
VMware Workstation
WinZip 15.5
Yammer Notifier
.
==== Event Viewer Messages From Past Week ========
.
15/11/14 20:47:52, Error: Service Control Manager [7031]  - The A180WD service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
15/11/14 18:10:51, Error: NETLOGON [5719]  - This computer was not able to set up a secure session with a domain controller in domain NTNET due to the following:  There are currently no logon servers available to service the logon request.  This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.   ADDITIONAL INFO  If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
15/11/14 00:19:16, Error: Microsoft-Windows-GroupPolicy [1129]  - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
14/11/14 10:32:53, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067]  - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
14/11/14 10:32:17, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {05D1D5D8-18D1-4B83-85ED-A0F99D53C885}  and APPID  {AD65A69D-3831-40D7-9629-9B0B50A93843}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
14/11/14 10:30:15, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  iastor secsvccatDriver13893
14/11/14 10:30:15, Error: Service Control Manager [7000]  - The secsvccatDriver13893 service failed to start due to the following error:  %%-536805375
14/11/14 10:30:04, Error: Microsoft-Windows-GroupPolicy [1055]  - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:  a) Name Resolution failure on the current domain controller.  B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
14/11/14 09:30:44, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {1CCB96F4-B8AD-4B43-9688-B273F58E0910}  and APPID  {AD65A69D-3831-40D7-9629-9B0B50A93843}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
14/11/14 05:55:11, Error: Service Control Manager [7034]  - The VPNService service terminated unexpectedly.  It has done this 1 time(s).
14/11/14 05:25:34, Error: Service Control Manager [7034]  - The Amdocs SIMS service terminated unexpectedly.  It has done this 1 time(s).
14/11/14 04:32:50, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
13/11/14 20:29:26, Error: Service Control Manager [7034]  - The VPNService service terminated unexpectedly.  It has done this 2 time(s).
13/11/14 19:02:30, Error: Microsoft-Windows-Security-Kerberos [4]  - The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server kumars02$. The target name used was cifs/manikandank01.corp.amdocs.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (CORP.AMDOCS.COM) is different from the client domain (CORP.AMDOCS.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
13/11/14 18:00:02, Error: Microsoft-Windows-Security-Kerberos [4]  - The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server vkalam02$. The target name used was cifs/manikandank01.corp.amdocs.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (CORP.AMDOCS.COM) is different from the client domain (CORP.AMDOCS.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
13/11/14 13:14:00, Error: cdrom [15]  - The device, \Device\CdRom0, is not ready for access yet.
13/11/14 13:14:00, Error: atapi [11]  - The driver detected a controller error on \Device\Ide\IdePort1.
13/11/14 13:13:59, Error: Microsoft-Windows-GroupPolicy [1065]  - The processing of Group Policy failed. Windows could not evaluate the Windows Management Instrumentation (WMI) filter for the Group Policy object cn={A0CE8D11-F78F-4B3D-A6EF-687BFA694E51},cn=policies,cn=system,DC=corp,DC=amdocs,DC=com. This could be caused by RSOP being disabled  or Windows Management Instrumentation (WMI) service being disabled, stopped, or other WMI errors. Make sure the WMI service is started and the startup type is set to automatic. New Group Policy objects or settings will not process until this event has been resolved.
13/11/14 13:00:59, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the RPC Endpoint Mapper service, but this action failed with the following error:  An instance of the service is already running.
13/11/14 12:59:26, Error: Service Control Manager [7001]  - The Remote Procedure Call (RPC) service depends on the RPC Endpoint Mapper service which failed to start because of the following error:  The service has returned a service-specific error code.
13/11/14 12:59:26, Error: Service Control Manager [7001]  - The A180WD service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The dependency service or group failed to start.
13/11/14 12:58:59, Error: Service Control Manager [7031]  - The RPC Endpoint Mapper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
13/11/14 12:58:59, Error: Service Control Manager [7031]  - The Remote Procedure Call (RPC) service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
13/11/14 11:07:11, Error: Service Control Manager [7023]  - The Superfetch service terminated with the following error:  The service has not been started.
13/11/14 10:36:31, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom iastor secsvccatDriver13893
12/11/14 18:52:49, Error: Microsoft-Windows-GroupPolicy [1053]  - The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:  a) Name Resolution failure on the current domain controller.  B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
12/11/14 18:35:22, Error: Service Control Manager [7011]  - A timeout (300000 milliseconds) was reached while waiting for a transaction response from the Netman service.
12/11/14 10:17:29, Error: Microsoft-Windows-SharedAccess_NAT [34001]  - The ICS_IPV6 failed to configure IPv6 stack.
12/11/14 04:22:12, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
11/11/14 13:05:19, Error: Schannel [36887]  - The following fatal alert was received: 40.
.
==== End Of File ===========================


#3 dantal33

dantal33
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 15 November 2014 - 02:44 PM

Here is the DDS.txt log from the DDS tool:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 9.0.8112.16575  BrowserJavaVersion: 10.21.2
Run by DANIELTA at 21:38:49 on 2014-11-15
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.7888.3200 [GMT 2:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Array Networks\Common\8,4,6,67\arr_isrv.exe
C:\Program Files (x86)\Aternity Information Systems\Assistant\A180AA.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\sims\AmdocsSIMS.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Array Networks\Array SSL VPN\8,4,6,67\arr_srvs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Program Files (x86)\iPass\Open Mobile\omsi\iPlatformService.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files (x86)\iPass\Open Mobile\omsi\iPlatformHost.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Oracle\MIDDLE~1\WLSERV~1.3\server\bin\beasvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\secsvccat.exe
C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Array Networks\SSL VPN Client\VPNService.exe
C:\Program Files\Wanova\Mirage Service\Wanova.Desktop.Service.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files (x86)\iPass\Open Mobile\omsi\iPlatformHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Box\Box Sync\BoxSync.exe
C:\Program Files\Wanova\Mirage Service\Wanova.Desktop.Notification.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\ATT Connect\Participant\pull.exe
C:\Program Files (x86)\iPass\Open Mobile\bin\iMobility.exe
C:\Program Files (x86)\Babylon\Client\Babylon.exe
C:\Program Files (x86)\Launchy\Launchy.exe
C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\OnyxBox Software\Proxy Switcher\Proxy Switcher.exe
C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
C:\Program Files (x86)\iPass\Open Mobile\bin\iMobilityService.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Babylon\Client\BabylonHelper64.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Windows\temp\svchost.exe  -servicemonitor
C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\CCM\CcmExec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\CCM\RemCtrl\CmRcService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\CCM\SCNotification.exe
C:\Program Files (x86)\RSA SecurID Software Token\SecurID.exe
C:\Program Files\Array Networks\Install Manager\VPNInstallManager.exe
C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Aternity Information Systems\Agent\A180WD.exe
C:\Program Files (x86)\Aternity Information Systems\Agent\A180CM.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://portal/Pages/HomePage.aspx
uProxyServer = genproxy:8080
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\Snagit10\SnagitBHO.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\IPS\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Java\jre7\bin\ssv.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Java\jre7\bin\jp2ssv.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\Snagit10\SnagitIEAddin.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [Push Client] "C:\Program Files (x86)\ATT Connect\Participant\pull.exe"
mRun: [Babylon Client] C:\Program Files (x86)\Babylon\Client\Babylon.exe -AutoStart
mRun: [EDFcsn] C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [ACTray] C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
dRun: [Push Client] "C:\Program Files (x86)\ATT Connect\Participant\pull.exe"
StartupFolder: C:\Users\Danielta\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\Danielta\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IPASSO~1.LNK - C:\Program Files (x86)\iPass\Open Mobile\bin\iMobility.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - C:\Program Files (x86)\Launchy\Launchy.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PROXYS~1.LNK - C:\Windows\Installer\{47EB8A2A-84C1-4CC7-B5F4-9EFC344D0D20}\_1C712541CF4F48EA0AAAE3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\Snagit10\Snagit32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: DisallowCpl = dword:1
uPolicies-Explorer: NoWindowsUpdate = dword:1
uPolicies-Explorer: HideSCAHealth = dword:1
uPolicies-Explorer: ForceRunOnStartMenu = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: legalnoticecaption = Legal Warning !!!
mPolicies-System: legalnoticetext = THIS IS AN AMDOCS SYSTEM, RESTRICTED TO AUTHORIZED INDIVIDUALS. THIS SYSTEM IS SUBJECT TO MONITORING. UNAUTHORIZED USERS, ACCESS, AND/OR MODIFICATION WILL BE PROSECUTED. IF YOU ARE NOT AUTHORIZED TO PROCEED, EXIT NOW.
mPolicies-Windows\System: UserPolicyMode = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: amadeus.com
Trusted Zone: cbgnl
Trusted Zone: salespoint
Trusted Zone: service-now.com
Trusted Zone: servicenow.com
DPF: {12D7432B-838B-48CA-9558-A51E2F054BFF} - hxxps://isrvpn.amdocs.com/prx/00/54xr/sLqmu0t3~/s7j2yx@61zBq/u1A00=_/ArrayCS.cab
DPF: {47C6ECF4-2DDE-4001-836B-5BF6ED9BC2DC} - hxxps://isrvpn.amdocs.com/prx/000/http/localhost/client_sec/l3vpn/arr_x.cab
DPF: {67312B80-99C5-420A-B621-50E727E0EB13} - hxxps://isrvpn.amdocs.com/prx/000/http/localhost/client_sec/l3vpn/SessionLaunch.cab
DPF: {759FD3DE-F0EF-4A76-909C-88CF840D4173} - hxxp://documentcenter:7004/webtop/wdk/native/WdkPluginCab.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://qcisr:8080/qcbin/Spider91.cab
DPF: {B6648EB8-2460-484F-9255-9654454C4C70} - hxxps://isrvpn.amdocs.com/prx/000/http/localhost/arr_x.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP9-15980/event/ieatgpc1.cab
DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} - hxxp://qc11isr:8080/qcbin/ALM-Platform-Loader.11.cab
DPF: {EE64AC11-5480-444E-AB2F-A9780EC929D5} - hxxps://isrvpn.amdocs.com/prx/000/http/localhost/client_sec/isrvpn/CSLaunchAX.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{33066C1A-0288-4FA0-9E88-0CC4B3EB1732} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7DB09D86-A176-4BB4-AD0A-CCFEA78ADF9D} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{7DB09D86-A176-4BB4-AD0A-CCFEA78ADF9D}\14D646F63637 : DHCPNameServer = 10.232.217.1 10.232.217.2
TCP: Interfaces\{7DB09D86-A176-4BB4-AD0A-CCFEA78ADF9D}\24E626D223 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7DB09D86-A176-4BB4-AD0A-CCFEA78ADF9D}\56874756E6465627932663464363 : DHCPNameServer = 0.0.0.0
TCP: Interfaces\{7DB09D86-A176-4BB4-AD0A-CCFEA78ADF9D}\75C414E4E45445 : DHCPNameServer = 192.168.242.1
TCP: Interfaces\{7DB09D86-A176-4BB4-AD0A-CCFEA78ADF9D}\943445026627565602759464940226970245255554 : DHCPNameServer = 10.42.254.6 10.42.254.34
TCP: Interfaces\{D10496C8-FC42-4EE1-923E-0299C099DEB7} : NameServer = 127.0.0.1
TCP: Interfaces\{E71FFCDC-FF62-4F14-9C60-DB51A9387042} : DHCPNameServer = 192.168.137.2
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli ACGina
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {E42E8753-9A8E-48E9-9829-B3571D91A945} - "C:\Windows\SysWOW64\msiexec.exe" /fu {E42E8753-9A8E-48E9-9829-B3571D91A945}  /q
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\Snagit10\DLLx64\SnagitBHO64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\Snagit10\DLLx64\SnagitIEAddin64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
x64-Run: [BoxSync] "C:\Program Files\Box\Box Sync\BoxSync.exe" -m
x64-Run: [WebVPN] C:\Program Files\Array Networks\SSL VPN Client\WebVPN.exe /Resume
x64-Run: [Mirage Client] C:\Program Files\Wanova\Mirage Service\Wanova.Desktop.Notification.exe
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: 8329FF0E-11D0-25CA-B076-1056E6D20FD7 - "C:\Windows\SysWOW64\msiexec.exe" /fpu {CC8C6973-85DF-49BD-9883-9C9986C5285E} /q
x64-mASetup: A86856FB-7D33-803D-1BEA-B2FE74A7D9DD - "C:\Windows\SysWOW64\msiexec.exe" /fpu {CC8C6973-85DF-49BD-9883-9C9986C5285E} /q
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\
FF - plugin: C:\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\ProgramData\Application Data\Aternity\hooks\npHtmlHook.dll
FF - plugin: C:\Users\Danielta\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Danielta\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R?3 VPNInstallManager;VPNInstallManager;C:\Program Files\Array Networks\Install Manager\VPNInstallManager.exe [2014-9-7 1345328]
R0 Mirage;Mirage;C:\Windows\System32\drivers\Mirage.sys [2014-9-7 49472]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\SymDS64.sys [2014-3-16 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\SymEFA64.sys [2014-3-16 1147480]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-1-14 23664]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20141113.011\BHDrvx64.sys [2014-11-15 1586904]
R1 ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE};Symantec Endpoint Protection 12.1.4013.4013.105 Settings Manager;C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [2014-3-16 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20141114.011\IDSviA64.sys [2014-11-15 525016]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2010-9-7 15472]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.sys [2014-3-16 224856]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\symnets.sys [2014-3-16 437336]
R1 vpntdi;vpntdi;C:\Windows\System32\drivers\vpntdi64.sys [2014-9-7 64616]
R2 A180AA;A180AA;C:\Program Files (x86)\Aternity Information Systems\Assistant\A180AA.exe [2014-8-7 11776]
R2 A180WD;A180WD;C:\Program Files (x86)\Aternity Information Systems\Agent\A180WD.exe [2014-8-7 298496]
R2 AmdocsSIMS;Amdocs SIMS;C:\Windows\System32\sims\AmdocsSIMS.exe [2013-8-19 2803712]
R2 Array_Utility_Service8.4.6.67;Array Utility Service 8,4,6,67;C:\Program Files\Array Networks\Common\8,4,6,67\arr_isrv.exe [2013-5-19 403992]
R2 ArraySSL_VPN_Service8.4.6.67;Array SSL VPN Service 8,4,6,67;C:\Program Files\Array Networks\Array SSL VPN\8,4,6,67\arr_srvs.exe [2013-5-19 309784]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 CmRcService;Configuration Manager Remote Control;C:\Windows\CCM\RemCtrl\CmRcService.exe [2013-9-11 577720]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2014-3-19 242912]
R2 iPlatformService;iPlatformService;C:\Program Files (x86)\iPass\Open Mobile\omsi\iPlatformService.exe [2012-7-3 22528]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2013-1-24 43584]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2010-11-24 45496]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2013-1-24 62016]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-4-7 93032]
R2 MBAMAgent;BitLocker Management Client Service;C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [2013-10-31 304360]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-24 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-24 968504]
R2 Oracle WebLogic NodeManager (C_Oracle_Middleware_wlserver_10.3);Oracle WebLogic NodeManager (C_Oracle_Middleware_wlserver_10.3);C:\Oracle\MIDDLE~1\WLSERV~1.3\server\bin\beasvc.exe [2013-1-15 57344]
R2 prgnDiscAgent;HP DDMI Agent;C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe [2010-4-22 775736]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2012-7-17 101888]
R2 secsvccat;secsvccat;C:\Windows\System32\secsvccat.exe [2013-8-7 1256224]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [2014-3-16 144368]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2010-12-3 114024]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2010-12-2 64440]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2012-6-9 539288]
R2 VPNService;VPNService;C:\Program Files\Array Networks\SSL VPN Client\VPNService.exe [2014-9-7 2194224]
R2 Wanova Mirage Desktop Service;Wanova Mirage Desktop Service;C:\Program Files\Wanova\Mirage Service\Wanova.Desktop.Service.exe [2014-9-7 17728]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-8-5 163368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-9 142640]
R3 iMobilityService;iMobilityService;C:\Program Files (x86)\iPass\Open Mobile\bin\iMobilityService.exe [2012-7-3 30208]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-17 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-11-4 356632]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-11-4 789272]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-5 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-24 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-24 63704]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-1-20 44344]
S1 secsvccatDriver13893;secsvccatDriver13893;C:\Windows\System32\drivers\secsvccatDriver13893.sys [2014-6-10 161984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ATP;Array Networks SSL VPN Driver;C:\Windows\System32\drivers\atpdrvr_7_x64.sys [2014-9-7 19456]
S3 BoxSyncUpdateService;Box Sync Update Service;C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [2014-9-24 28696]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 lpasvc;Microsoft Policy Platform Local Authority;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2012-8-2 50280]
S3 lppsvc;Microsoft Policy Platform Processor;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2012-8-2 50280]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys [2014-3-16 34800]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
.
=============== File Associations ===============
.
FileExt: .txt: UltraEdit.txt="C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1" [UserChoice]
FileExt: .ini: UltraEdit.ini="C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1" [UserChoice]
FileExt: .js: UltraEdit.js="C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-11-15 08:36:16 79064 ----a-w- C:\Windows\System32\drivers\avtrhh.sys
2014-11-14 08:36:34 -------- d-----w- C:\TDSSKiller_Quarantine
2014-11-14 07:51:26 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2014-11-14 03:10:57 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-13 08:42:10 -------- d-----w- C:\Program Files (x86)\RSA SecurID Token Common
2014-11-13 08:42:10 -------- d-----w- C:\Program Files (x86)\RSA SecurID Software Token
2014-10-23 13:49:42 63840 ----a-r- C:\Users\Danielta\AppData\Roaming\Microsoft\Installer\{B13278C5-66E9-4BE6-97A5-C025CDC2F6BA}\ARPPRODUCTICON.exe
2014-10-21 18:03:25 -------- d-----w- C:\Users\Danielta\AppData\Local\Adobe
2014-10-21 05:51:29 -------- d-----w- C:\Users\Danielta\AppData\Roaming\ATT
2014-10-21 05:51:27 -------- d-----w- C:\Users\Danielta\AppData\Local\ATT
.
==================== Find3M  ====================
.
2014-11-15 19:19:16 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-15 19:19:15 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-15 06:39:20 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-14 03:09:55 96472 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-06 21:08:48 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-10-01 08:11:26 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-01 08:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-07 18:26:02 72512 ----a-w- C:\Windows\System32\pivot.exe
2014-09-07 18:26:02 49472 ----a-w- C:\Windows\System32\drivers\Mirage.sys
.
============= FINISH: 21:39:09.29 ===============


#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 20 November 2014 - 03:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/556278 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 dantal33

dantal33
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 22 November 2014 - 02:27 AM

Hi,
 
I am still have this issue. Here is the description from my original post:
 
Every time I boot up I see over 10 svchost.exe processes in Task Manager. After searching on the web I checked each one of them and all are running in C:\Windows\System32 except one which is running in C:\Windows\Temp\. I believe this means that it is a virus/malware. 
 
Each time my laptop boots up the process in the temp directory starts up. I've tried killing it and deleting from the directory (has to be done very quickly), but it just keeps coming back.
 
I have both Malwarebytes Anti-Malware and Avast. MBAM once in a while finds the process and also a registry entry, but for both when I select quarantine they just come back next time and MBAM finds them again. Avast sometimes finds the process on startup (multiple times) and alerts that it has deleted the first time and then ignores.
 
In this link you can see all the previous steps that I've taken according to the instructions: http://www.bleepingcomputer.com/forums/t/555945/svchostexe-appearing-in-cwindowstemp/
 
Here is the DDS log and attached is the other one:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16575  BrowserJavaVersion: 10.21.2
Run by DANIELTA at 9:21:44 on 2014-11-22
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.7888.2107 [GMT 2:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Array Networks\Common\8,4,6,67\arr_isrv.exe
C:\Program Files (x86)\Aternity Information Systems\Assistant\A180AA.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\sims\AmdocsSIMS.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Array Networks\Array SSL VPN\8,4,6,67\arr_srvs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Program Files (x86)\iPass\Open Mobile\omsi\iPlatformService.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files (x86)\iPass\Open Mobile\omsi\iPlatformHost.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Oracle\MIDDLE~1\WLSERV~1.3\server\bin\beasvc.exe
C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\secsvccat.exe
C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Wanova\Mirage Service\Wanova.Desktop.Service.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\iPass\Open Mobile\omsi\iPlatformHost.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Windows\System32\rundll32.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\iPass\Open Mobile\bin\iMobilityService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Wanova\Mirage Service\Wanova.Desktop.Notification.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\ATT Connect\Participant\pull.exe
C:\Program Files (x86)\Launchy\Launchy.exe
C:\Program Files (x86)\Babylon\Client\Babylon.exe
C:\Program Files (x86)\OnyxBox Software\Proxy Switcher\Proxy Switcher.exe
C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\temp\svchost.exe  -servicemonitor
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Babylon\Client\BabylonHelper64.exe
C:\Windows\CCM\CcmExec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\CCM\RemCtrl\CmRcService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\CCM\SCNotification.exe
C:\Program Files\Array Networks\Install Manager\VPNInstallManager.exe
C:\Program Files\Box\Box Sync\BoxSync.exe
C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconv.exe
C:\Program Files (x86)\Snagit10\Snagit32.exe
C:\Program Files (x86)\Snagit10\TSCHelp.exe
C:\Program Files (x86)\Snagit10\SnagPriv.exe
C:\Program Files (x86)\Snagit10\snagiteditor.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
C:\Program Files\Array Networks\SSL VPN Client\VPNService.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\iPass\Open Mobile\bin\iMobility.exe
C:\Windows\System32\alg.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ACMLite\ACMLite.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Aternity Information Systems\Agent\A180WD.exe
C:\Program Files (x86)\Aternity Information Systems\Agent\A180CM.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://portal/Pages/HomePage.aspx
uProxyServer = genproxy:8080
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\Snagit10\SnagitBHO.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\IPS\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Java\jre7\bin\ssv.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Java\jre7\bin\jp2ssv.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\Snagit10\SnagitIEAddin.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [Push Client] "C:\Program Files (x86)\ATT Connect\Participant\pull.exe"
uRunOnce: [Application Restart #5] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --restore-last-session -- http://creativity/SpaceDirectory/Sites/Telstra%20OSS%20Upgrade%20Proposal/Shared%20Documents/Forms/AllItems.aspx?RootFolder=%2FSpaceDirectory%2FSites%2FTelstra%20OSS%20Upgrade%20Proposal%2FShared%20Documents%2FD-O2A%2FTelstra%20background%20collaterals&View={763BCBB6-7605-41AF-941C-9306F6DB7421}
mRun: [Babylon Client] C:\Program Files (x86)\Babylon\Client\Babylon.exe -AutoStart
mRun: [EDFcsn] C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [ACTray] C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
dRun: [Push Client] "C:\Program Files (x86)\ATT Connect\Participant\pull.exe"
StartupFolder: C:\Users\Danielta\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\Danielta\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IPASSO~1.LNK - C:\Program Files (x86)\iPass\Open Mobile\bin\iMobility.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - C:\Program Files (x86)\Launchy\Launchy.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PROXYS~1.LNK - C:\Windows\Installer\{47EB8A2A-84C1-4CC7-B5F4-9EFC344D0D20}\_1C712541CF4F48EA0AAAE3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\Snagit10\Snagit32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: DisallowCpl = dword:1
uPolicies-Explorer: NoWindowsUpdate = dword:1
uPolicies-Explorer: HideSCAHealth = dword:1
uPolicies-Explorer: ForceRunOnStartMenu = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: legalnoticecaption = Legal Warning !!!
mPolicies-System: legalnoticetext = THIS IS AN AMDOCS SYSTEM, RESTRICTED TO AUTHORIZED INDIVIDUALS. THIS SYSTEM IS SUBJECT TO MONITORING. UNAUTHORIZED USERS, ACCESS, AND/OR MODIFICATION WILL BE PROSECUTED. IF YOU ARE NOT AUTHORIZED TO PROCEED, EXIT NOW.
mPolicies-Windows\System: UserPolicyMode = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: amadeus.com
Trusted Zone: cbgnl
Trusted Zone: salespoint
Trusted Zone: service-now.com
Trusted Zone: servicenow.com
DPF: {12D7432B-838B-48CA-9558-A51E2F054BFF} - hxxps://isrvpn.amdocs.com/prx/00/54xr/sLqmu0t3~/s7j2yx@61zBq/u1A00=_/ArrayCS.cab
DPF: {47C6ECF4-2DDE-4001-836B-5BF6ED9BC2DC} - hxxps://isrvpn.amdocs.com/prx/000/http/localhost/client_sec/l3vpn/arr_x.cab
DPF: {67312B80-99C5-420A-B621-50E727E0EB13} - hxxps://isrvpn.amdocs.com/prx/000/http/localhost/client_sec/l3vpn/SessionLaunch.cab
DPF: {759FD3DE-F0EF-4A76-909C-88CF840D4173} - hxxp://documentcenter:7004/webtop/wdk/native/WdkPluginCab.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://qcisr:8080/qcbin/Spider91.cab
DPF: {B6648EB8-2460-484F-9255-9654454C4C70} - hxxps://isrvpn.amdocs.com/prx/000/http/localhost/arr_x.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP9-15980/event/ieatgpc1.cab
DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} - hxxp://qc11isr:8080/qcbin/ALM-Platform-Loader.11.cab
DPF: {EE64AC11-5480-444E-AB2F-A9780EC929D5} - hxxps://isrvpn.amdocs.com/prx/000/http/localhost/client_sec/isrvpn/CSLaunchAX.cab
TCP: Interfaces\{33066C1A-0288-4FA0-9E88-0CC4B3EB1732} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7DB09D86-A176-4BB4-AD0A-CCFEA78ADF9D} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{7DB09D86-A176-4BB4-AD0A-CCFEA78ADF9D}\14D646F63637 : DHCPNameServer = 10.232.217.1 10.232.217.2
TCP: Interfaces\{7DB09D86-A176-4BB4-AD0A-CCFEA78ADF9D}\56874756E6465627932663464363 : DHCPNameServer = 0.0.0.0
TCP: Interfaces\{7DB09D86-A176-4BB4-AD0A-CCFEA78ADF9D}\761656C6C65616E6464616E69656C65707374716962737 : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{D10496C8-FC42-4EE1-923E-0299C099DEB7} : NameServer = 127.0.0.1
TCP: Interfaces\{E71FFCDC-FF62-4F14-9C60-DB51A9387042} : DHCPNameServer = 192.168.137.2
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli ACGina
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {E42E8753-9A8E-48E9-9829-B3571D91A945} - "C:\Windows\SysWOW64\msiexec.exe" /fu {E42E8753-9A8E-48E9-9829-B3571D91A945}  /q
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\Snagit10\DLLx64\SnagitBHO64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\Snagit10\DLLx64\SnagitIEAddin64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
x64-Run: [BoxSync] "C:\Program Files\Box\Box Sync\BoxSync.exe" -m
x64-Run: [WebVPN] C:\Program Files\Array Networks\SSL VPN Client\WebVPN.exe /Resume
x64-Run: [Mirage Client] C:\Program Files\Wanova\Mirage Service\Wanova.Desktop.Notification.exe
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: 8329FF0E-11D0-25CA-B076-1056E6D20FD7 - "C:\Windows\SysWOW64\msiexec.exe" /fpu {CC8C6973-85DF-49BD-9883-9C9986C5285E} /q
x64-mASetup: A86856FB-7D33-803D-1BEA-B2FE74A7D9DD - "C:\Windows\SysWOW64\msiexec.exe" /fpu {CC8C6973-85DF-49BD-9883-9C9986C5285E} /q
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\
FF - plugin: C:\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\ProgramData\Application Data\Aternity\hooks\npHtmlHook.dll
FF - plugin: C:\Users\Danielta\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Danielta\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R?3 VPNInstallManager;VPNInstallManager;C:\Program Files\Array Networks\Install Manager\VPNInstallManager.exe [2014-9-7 1345328]
R0 Mirage;Mirage;C:\Windows\System32\drivers\Mirage.sys [2014-9-7 49472]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\SymDS64.sys [2014-3-16 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\SymEFA64.sys [2014-3-16 1147480]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-1-14 23664]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20141119.011\BHDrvx64.sys [2014-11-19 1586904]
R1 ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE};Symantec Endpoint Protection 12.1.4013.4013.105 Settings Manager;C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [2014-3-16 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20141120.011\IDSviA64.sys [2014-11-21 525016]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2010-9-7 15472]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.sys [2014-3-16 224856]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\symnets.sys [2014-3-16 437336]
R1 vpntdi;vpntdi;C:\Windows\System32\drivers\vpntdi64.sys [2014-9-7 64616]
R2 A180AA;A180AA;C:\Program Files (x86)\Aternity Information Systems\Assistant\A180AA.exe [2014-8-7 11776]
R2 A180WD;A180WD;C:\Program Files (x86)\Aternity Information Systems\Agent\A180WD.exe [2014-8-7 298496]
R2 AmdocsSIMS;Amdocs SIMS;C:\Windows\System32\sims\AmdocsSIMS.exe [2013-8-19 2803712]
R2 Array_Utility_Service8.4.6.67;Array Utility Service 8,4,6,67;C:\Program Files\Array Networks\Common\8,4,6,67\arr_isrv.exe [2013-5-19 403992]
R2 ArraySSL_VPN_Service8.4.6.67;Array SSL VPN Service 8,4,6,67;C:\Program Files\Array Networks\Array SSL VPN\8,4,6,67\arr_srvs.exe [2013-5-19 309784]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 CmRcService;Configuration Manager Remote Control;C:\Windows\CCM\RemCtrl\CmRcService.exe [2013-9-11 577720]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2014-3-19 242912]
R2 iPlatformService;iPlatformService;C:\Program Files (x86)\iPass\Open Mobile\omsi\iPlatformService.exe [2012-7-3 22528]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2013-1-24 43584]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2010-11-24 45496]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2013-1-24 62016]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-4-7 93032]
R2 MBAMAgent;BitLocker Management Client Service;C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [2013-10-31 304360]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-24 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-24 968504]
R2 Oracle WebLogic NodeManager (C_Oracle_Middleware_wlserver_10.3);Oracle WebLogic NodeManager (C_Oracle_Middleware_wlserver_10.3);C:\Oracle\MIDDLE~1\WLSERV~1.3\server\bin\beasvc.exe [2013-1-15 57344]
R2 prgnDiscAgent;HP DDMI Agent;C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe [2010-4-22 775736]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2012-7-17 101888]
R2 secsvccat;secsvccat;C:\Windows\System32\secsvccat.exe [2013-8-7 1256224]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [2014-3-16 144368]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2010-12-3 114024]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2010-12-2 64440]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2012-6-9 539288]
R2 VPNService;VPNService;C:\Program Files\Array Networks\SSL VPN Client\VPNService.exe [2014-9-7 2194224]
R2 Wanova Mirage Desktop Service;Wanova Mirage Desktop Service;C:\Program Files\Wanova\Mirage Service\Wanova.Desktop.Service.exe [2014-9-7 17728]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-8-5 163368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-9 142640]
R3 iMobilityService;iMobilityService;C:\Program Files (x86)\iPass\Open Mobile\bin\iMobilityService.exe [2012-7-3 30208]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-17 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-11-4 356632]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-11-4 789272]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-5 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-24 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-24 63704]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-1-20 44344]
S1 secsvccatDriver13893;secsvccatDriver13893;C:\Windows\System32\drivers\secsvccatDriver13893.sys [2014-6-10 161984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ATP;Array Networks SSL VPN Driver;C:\Windows\System32\drivers\atpdrvr_7_x64.sys [2014-9-7 19456]
S3 BoxSyncUpdateService;Box Sync Update Service;C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [2014-9-24 28696]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 lpasvc;Microsoft Policy Platform Local Authority;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2012-8-2 50280]
S3 lppsvc;Microsoft Policy Platform Processor;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2012-8-2 50280]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys [2014-3-16 34800]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
.
=============== File Associations ===============
.
FileExt: .txt: UltraEdit.txt="C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1" [UserChoice]
FileExt: .ini: UltraEdit.ini="C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1" [UserChoice]
FileExt: .js: UltraEdit.js="C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-11-22 07:17:36 79064 ----a-w- C:\Windows\System32\drivers\vukda.sys
2014-11-21 05:54:50 79064 ----a-w- C:\Windows\System32\drivers\lssngcwf.sys
2014-11-20 05:20:40 79064 ----a-w- C:\Windows\System32\drivers\utwg.sys
2014-11-19 03:17:17 79064 ----a-w- C:\Windows\System32\drivers\xfmaqlt.sys
2014-11-18 05:54:36 79064 ----a-w- C:\Windows\System32\drivers\ojhb.sys
2014-11-14 08:36:34 -------- d-----w- C:\TDSSKiller_Quarantine
2014-11-14 07:51:26 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2014-11-14 03:10:57 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-13 08:42:10 -------- d-----w- C:\Program Files (x86)\RSA SecurID Token Common
2014-11-13 08:42:10 -------- d-----w- C:\Program Files (x86)\RSA SecurID Software Token
2014-10-23 13:49:42 63840 ----a-r- C:\Users\Danielta\AppData\Roaming\Microsoft\Installer\{B13278C5-66E9-4BE6-97A5-C025CDC2F6BA}\ARPPRODUCTICON.exe
.
==================== Find3M  ====================
.
2014-11-22 06:43:51 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-15 19:19:16 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-15 19:19:15 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-14 03:09:55 96472 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-06 21:08:48 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-10-01 08:11:26 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-01 08:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-07 18:26:02 72512 ----a-w- C:\Windows\System32\pivot.exe
2014-09-07 18:26:02 49472 ----a-w- C:\Windows\System32\drivers\Mirage.sys
.
============= FINISH:  9:22:01.87 ===============

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:41 AM

Posted 22 November 2014 - 02:30 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
  • If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
  • ===
     
    Download the version of this tool for your operating system.
    and save it to a folder on your computer's Desktop.
    Double-click to run it. When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
    ===
     
    Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
    To attach a file select the "More Reply Option" and follow the instructions.
     
    How is the computer running?
    Wait for further instructions.


    #7 dantal33

    dantal33
    • Topic Starter

    • Members
    • 24 posts
    • OFFLINE
    •  
    • Local time:10:41 AM

    Posted 23 November 2014 - 03:05 AM

    Hers is the log from AdwCleaner.exe. I did not select 'Clean' as I was not sure what should be deleted.

     

    # AdwCleaner v4.101 - Report created 23/11/2014 at 09:54:24
    # Updated 09/11/2014 by Xplode
    # Database : 2014-11-22.1 [Live]
    # Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
    # Username : DANIELTA - DANIELTA01
    # Running from : C:\Users\Danielta\Desktop\adwcleaner_4.101.exe
    # Option : Scan
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
    Folder Found : C:\Program Files (x86)\Babylon
    Folder Found : C:\Program Files (x86)\Common Files\Wondershare
    Folder Found : C:\Program Files (x86)\Wondershare
    Folder Found : C:\ProgramData\Aimersoft Video Converter Ultimate
    Folder Found : C:\ProgramData\Babylon
    Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
    Folder Found : C:\ProgramData\SoftSafe
    Folder Found : C:\ProgramData\Wondershare
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
    Folder Found : C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
     
    ***** [ Scheduled Tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Key Found : HKCU\Software\Babylon
    Key Found : [x64] HKCU\Software\Babylon
    Key Found : HKLM\SOFTWARE\Babylon
    Key Found : HKLM\SOFTWARE\Classes\.bdc
    Key Found : HKLM\SOFTWARE\Classes\.bgl
    Key Found : HKLM\SOFTWARE\Classes\.bof
    Key Found : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
    Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
    Key Found : HKLM\SOFTWARE\Classes\BabyDict
    Key Found : HKLM\SOFTWARE\Classes\BabyGloss
    Key Found : HKLM\SOFTWARE\Classes\BabyOptFile
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v9.0.8112.16575
     
     
    -\\ Mozilla Firefox v32.0.3 (x86 en-US)
     
     
    -\\ Google Chrome v39.0.2171.65
     
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dpjamkmjmigaoobjbekmfgabipmfilij
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bdebkkdipomhlhnmgdcdjjnifpealoki
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dpjamkmjmigaoobjbekmfgabipmfilij
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bdebkkdipomhlhnmgdcdjjnifpealoki
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dpjamkmjmigaoobjbekmfgabipmfilij
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bdebkkdipomhlhnmgdcdjjnifpealoki
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dpjamkmjmigaoobjbekmfgabipmfilij
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bdebkkdipomhlhnmgdcdjjnifpealoki
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dpjamkmjmigaoobjbekmfgabipmfilij
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bdebkkdipomhlhnmgdcdjjnifpealoki
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dpjamkmjmigaoobjbekmfgabipmfilij
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bdebkkdipomhlhnmgdcdjjnifpealoki
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dpjamkmjmigaoobjbekmfgabipmfilij
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bdebkkdipomhlhnmgdcdjjnifpealoki
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dpjamkmjmigaoobjbekmfgabipmfilij
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bdebkkdipomhlhnmgdcdjjnifpealoki
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dpjamkmjmigaoobjbekmfgabipmfilij
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bdebkkdipomhlhnmgdcdjjnifpealoki
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dpjamkmjmigaoobjbekmfgabipmfilij
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bdebkkdipomhlhnmgdcdjjnifpealoki
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dpjamkmjmigaoobjbekmfgabipmfilij
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bdebkkdipomhlhnmgdcdjjnifpealoki
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dpjamkmjmigaoobjbekmfgabipmfilij
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bdebkkdipomhlhnmgdcdjjnifpealoki
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dpjamkmjmigaoobjbekmfgabipmfilij
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bdebkkdipomhlhnmgdcdjjnifpealoki
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dpjamkmjmigaoobjbekmfgabipmfilij
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bdebkkdipomhlhnmgdcdjjnifpealoki
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dpjamkmjmigaoobjbekmfgabipmfilij
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bdebkkdipomhlhnmgdcdjjnifpealoki
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dpjamkmjmigaoobjbekmfgabipmfilij
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bdebkkdipomhlhnmgdcdjjnifpealoki
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dpjamkmjmigaoobjbekmfgabipmfilij
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bdebkkdipomhlhnmgdcdjjnifpealoki
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dpjamkmjmigaoobjbekmfgabipmfilij
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bdebkkdipomhlhnmgdcdjjnifpealoki
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dpjamkmjmigaoobjbekmfgabipmfilij
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bdebkkdipomhlhnmgdcdjjnifpealoki
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dpjamkmjmigaoobjbekmfgabipmfilij
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bdebkkdipomhlhnmgdcdjjnifpealoki
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dpjamkmjmigaoobjbekmfgabipmfilij
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bdebkkdipomhlhnmgdcdjjnifpealoki
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dpjamkmjmigaoobjbekmfgabipmfilij
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bdebkkdipomhlhnmgdcdjjnifpealoki
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dpjamkmjmigaoobjbekmfgabipmfilij
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
    [C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : bdebkkdipomhlhnmgdcdjjnifpealoki
     
    *************************
     
    AdwCleaner[R0].txt - [84712 octets] - [05/10/2014 17:52:17]
    AdwCleaner[R1].txt - [42524 octets] - [23/11/2014 09:54:24]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [42585 octets] ##########


    #8 dantal33

    dantal33
    • Topic Starter

    • Members
    • 24 posts
    • OFFLINE
    •  
    • Local time:10:41 AM

    Posted 23 November 2014 - 03:07 AM

    Here is the Farbar log and also attached is the Addition.txt file.

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2014 01
    Ran by DANIELTA (administrator) on DANIELTA01 on 23-11-2014 10:03:03
    Running from C:\Users\Danielta\Desktop
    Loaded Profile: DANIELTA (Available profiles: BOPCADMIN & sms2003svc & DANIELTA)
    Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 9
    Boot Mode: Normal
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Lenovo.) C:\Windows\System32\ibmpmsvc.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
    (Array Networks, Inc.) C:\Program Files\Array Networks\Common\8,4,6,67\arr_isrv.exe
    (Aternity Systems LTD.) C:\Program Files (x86)\Aternity Information Systems\Assistant\A180AA.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
    (Amdocs) C:\Windows\System32\sims\AmdocsSIMS.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Array Networks, Inc.) C:\Program Files\Array Networks\Array SSL VPN\8,4,6,67\arr_srvs.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
    (iPass Inc.) C:\Program Files (x86)\iPass\Open Mobile\omsi\iPlatformService.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
    (iPass Inc.) C:\Program Files (x86)\iPass\Open Mobile\omsi\iPlatformHost.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
    (Microsoft Corporation) C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (BEA Systems, Inc.) C:\Oracle\Middleware\wlserver_10.3\server\bin\beasvc.exe
    () C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (EMC Corporation) C:\Windows\System32\secsvccat.exe
    () C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
    (VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
    (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
    (VMware) C:\Program Files\Wanova\Mirage Service\Wanova.Desktop.Service.exe
    (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (iPass Inc.) C:\Program Files (x86)\iPass\Open Mobile\omsi\iPlatformHost.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (iPass Inc.) C:\Program Files (x86)\iPass\Open Mobile\bin\iMobilityService.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
    (VMware) C:\Program Files\Wanova\Mirage Service\Wanova.Desktop.Notification.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (AT&T Inc.) C:\Program Files (x86)\ATT Connect\Participant\pull.exe
    () C:\Program Files (x86)\Launchy\Launchy.exe
    (Babylon Ltd.) C:\Program Files (x86)\Babylon\Client\Babylon.exe
    (OnyxBox Software) C:\Program Files (x86)\OnyxBox Software\Proxy Switcher\Proxy Switcher.exe
    () C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe
    (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Amdocs) C:\Windows\Temp\svchost.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Babylon) C:\Program Files (x86)\Babylon\Client\BabylonHelper64.exe
    (Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
    (Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe
    (Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
    (Array Networks) C:\Program Files\Array Networks\Install Manager\VPNInstallManager.exe
    (Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
    () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
    () C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconv.exe
    (TechSmith Corporation) C:\Program Files (x86)\Snagit10\Snagit32.exe
    (TechSmith Corporation) C:\Program Files (x86)\Snagit10\TscHelp.exe
    (TechSmith Corporation) C:\Program Files (x86)\Snagit10\SnagPriv.exe
    (TechSmith Corporation) C:\Program Files (x86)\Snagit10\SnagitEditor.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Array Networks) C:\Program Files\Array Networks\SSL VPN Client\VPNService.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (iPass, Inc.) C:\Program Files (x86)\iPass\Open Mobile\bin\iMobility.exe
    (Aternity Systems LTD.) C:\Program Files (x86)\Aternity Information Systems\Agent\A180WD.exe
    (Aternity Systems LTD.) C:\Program Files (x86)\Aternity Information Systems\Agent\A180CM.exe
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    (Aternity Systems LTD.) C:\Program Files (x86)\Aternity Information Systems\Agent\A180AG.exe
    (Aternity Systems LTD.) C:\Program Files (x86)\Aternity Information Systems\Agent\A180RS.exe
    (Aternity Systems LTD.) C:\Program Files (x86)\Aternity Information Systems\Agent\Plugins\A180RO64.exe
    (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
    () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-17] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
    HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
    HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [44096 2012-01-16] (Lenovo Group Limited)
    HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-08-20] (Lenovo)
    HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5609176 2014-11-13] (Box, Inc.)
    HKLM\...\Run: [WebVPN] => C:\Program Files\Array Networks\SSL VPN Client\WebVPN.exe [1389360 2014-07-01] (Array Networks)
    HKLM\...\Run: [Mirage Client] => C:\Program Files\Wanova\Mirage Service\Wanova.Desktop.Notification.exe [575808 2014-09-07] (VMware)
    HKLM-x32\...\Run: [Babylon Client] => C:\Program Files (x86)\Babylon\Client\Babylon.exe [3354264 2012-09-30] (Babylon Ltd.)
    HKLM-x32\...\Run: [EDFcsn] => C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe [177720 2010-04-22] ()
    HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [129688 2012-06-09] (VMware, Inc.)
    HKLM-x32\...\Run: [ACTray] => C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe [432424 2013-08-20] (Lenovo)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation)
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-143744227-174999600-642189945-264072\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
    HKU\S-1-5-21-143744227-174999600-642189945-264072\...\Run: [Push Client] => C:\Program Files (x86)\ATT Connect\Participant\pull.exe [983296 2013-11-12] (AT&T Inc.)
    HKU\S-1-5-21-143744227-174999600-642189945-264072\...\RunOnce: [Application Restart #5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-11-14] (Google Inc.)
    HKU\S-1-5-21-143744227-174999600-642189945-264072\...\Policies\Explorer: [DisallowCpl] 1
    HKU\S-1-5-21-143744227-174999600-642189945-264072\...\Policies\Explorer: [NoWindowsUpdate] 1
    HKU\S-1-5-21-143744227-174999600-642189945-264072\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\S-1-5-21-143744227-174999600-642189945-264072\...\Policies\Explorer: [ForceRunOnStartMenu] 1
    HKU\S-1-5-18\...\Run: [Push Client] => C:\Program Files (x86)\ATT Connect\Participant\pull.exe [983296 2013-11-12] (AT&T Inc.)
    Lsa: [Notification Packages] scecli ACGina
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iPass Open Mobile.lnk
    ShortcutTarget: iPass Open Mobile.lnk -> C:\Program Files (x86)\iPass\Open Mobile\bin\iMobility.exe (iPass, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
    ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Proxy Switcher.lnk
    ShortcutTarget: Proxy Switcher.lnk -> C:\Windows\Installer\{47EB8A2A-84C1-4CC7-B5F4-9EFC344D0D20}\_1C712541CF4F48EA0AAAE3.exe ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk
    ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\Snagit10\Snagit32.exe (TechSmith Corporation)
    Startup: C:\Users\Danielta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (No File)
    Startup: C:\Users\Danielta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [    BoxSyncFileLocked] -> {9a216f5d-3530-3b1a-8006-9a1233402fba} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [    BoxSyncNotSynced] -> {4c3d7a5e-7476-3c21-9717-0614ce209c44} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [    BoxSyncProblem] -> {aa0bacc8-a5df-34b0-acd8-e6739d92010e} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [    BoxSyncSynced] -> {0f20db5b-365d-3cc6-82eb-41207f77bb71} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danielta\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danielta\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danielta\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danielta\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [{MirageOverlay}] -> {6471fc45-6445-42a3-8468-41ca8b0f7523} => C:\Program Files\Wanova\Mirage Service\x64\Wanova.Desktop.ShellEx.dll (VMware)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danielta\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danielta\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danielta\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
    BootExecute: autocheck pivotautocheck autochk * 
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-143744227-174999600-642189945-264072\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    ProxyEnable: [S-1-5-21-143744227-174999600-642189945-264072] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-143744227-174999600-642189945-264072] => genproxy:8080
    HKU\S-1-5-21-143744227-174999600-642189945-264072\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/?rd=1&ucc=IL&dcc=IL&opt=0&ocid=iehp
    HKU\S-1-5-21-143744227-174999600-642189945-264072\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2A6C99D9FBF2CD01
    HKU\S-1-5-21-143744227-174999600-642189945-264072\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    HKU\S-1-5-21-143744227-174999600-642189945-264072\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal/Pages/HomePage.aspx
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKU\S-1-5-21-143744227-174999600-642189945-264072 -> {7D964744-C6BF-45C1-AF61-7E946A15C771} URL = http://wigloo/PeopleSearch.aspx?k={searchTerms}
    BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\Snagit10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Aternity HTML Monitor -> {E34782C0-33EF-4EBE-9285-596523DDBE62} -> C:\ProgramData\Application Data\Aternity\hooks\NewHtmlHook64.dll (Aternity Ltd)
    BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\Snagit10\SnagitBHO.dll (TechSmith Corporation)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Aternity HTML Monitor -> {E34782C0-33EF-4EBE-9285-596523DDBE62} -> C:\ProgramData\Application Data\Aternity\hooks\NewHtmlHook.dll (Aternity Ltd)
    Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\Snagit10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
    Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\Snagit10\SnagitIEAddin.dll (TechSmith Corporation)
    Toolbar: HKU\S-1-5-21-143744227-174999600-642189945-264072 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
    DPF: HKLM {47C6ECF4-2DDE-4001-836B-5BF6ED9BC2DC} 
    DPF: HKLM-x32 {47C6ECF4-2DDE-4001-836B-5BF6ED9BC2DC} https://isrvpn.amdocs.com/prx/000/http/localhost/client_sec/l3vpn/arr_x.cab
    DPF: HKLM-x32 {759FD3DE-F0EF-4A76-909C-88CF840D4173} http://documentcenter:7004/webtop/wdk/native/WdkPluginCab.CAB
    DPF: HKLM-x32 {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} http://qcisr:8080/qcbin/Spider91.cab
    DPF: HKLM-x32 {B6648EB8-2460-484F-9255-9654454C4C70} https://isrvpn.amdocs.com/prx/000/http/localhost/arr_x.cab
    DPF: HKLM-x32 {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} http://qc11isr:8080/qcbin/ALM-Platform-Loader.11.cab
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Winsock: Catalog9 11 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [346776] (VMware, Inc.)
    Winsock: Catalog9 12 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [346776] (VMware, Inc.)
    Winsock: Catalog9-x64 11 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [446616] (VMware, Inc.)
    Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [446616] (VMware, Inc.)
    Tcpip\..\Interfaces\{D10496C8-FC42-4EE1-923E-0299C099DEB7}: [NameServer] 127.0.0.1
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @aternity.com/FPI -> C:\ProgramData\Application Data\Aternity\hooks\npHtmlHook.dll (Aternity Ltd)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-143744227-174999600-642189945-264072: @citrixonline.com/appdetectorplugin -> C:\Users\Danielta\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Danielta\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
    FF Extension: FoxyProxy Standard - C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\Extensions\foxyproxy@eric.h.jung [2014-10-04]
    FF Extension: Pocket - C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\Extensions\isreaditlater@ideashower.com [2014-07-03]
    FF Extension: Hola Better Internet - C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-11-22]
    FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2014-06-02]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-10-07]
    FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Client\Plugins\ocr@babylon.com
    FF Extension: Babylon Translation Activation - C:\Program Files (x86)\Babylon\Client\Plugins\ocr@babylon.com [2013-01-14]
    FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\IPSFF
    FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\IPSFF [2014-03-16]
     
    Chrome: 
    =======
    CHR Profile: C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-10-04]
    CHR Extension: (Google Drive) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-14]
    CHR Extension: (SubSonic) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki [2013-09-17]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
    CHR Extension: (Perisonic) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdipjpecphmbijlckkkmabnabhbpjbn [2013-09-17]
    CHR Extension: (YouTube) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-14]
    CHR Extension: (Adblock Plus) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-05-14]
    CHR Extension: (Google Search) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-14]
    CHR Extension: (Axure RP Extension for Chrome) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dogkpdfcklifaemcdfbildhcofnopogp [2013-05-14]
    CHR Extension: (Empty New Tab Page) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij [2014-03-04]
    CHR Extension: (Hola Better Internet) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng [2014-09-04]
    CHR Extension: (Hola Better Internet) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-09-04]
    CHR Extension: (Pin It Button) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-03-09]
    CHR Extension: (IE Tab) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2013-05-14]
    CHR Extension: (Keep My Opt-Outs) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe [2013-05-14]
    CHR Extension: (feedly) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2013-06-14]
    CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-01-11]
    CHR Extension: (Live Bookmarks) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpimopiibggegpmbekldodhempbndjgg [2014-09-16]
    CHR Extension: (Jamstash) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccdpflnecheidefpofmlblgebobbloc [2013-07-28]
    CHR Extension: (Foxish live RSS) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgagcapnkccceppgljfpoadahaopjdb [2014-06-14]
    CHR Extension: (iCloud) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljfoogmnmgnafenjlejonkpdlkjbjfkk [2013-10-01]
    CHR Extension: (Hangouts) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-09-07]
    CHR Extension: (Save to Pocket) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-05-14]
    CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2013-05-14]
    CHR Extension: (Google Wallet) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
    CHR Extension: (Wunderlist for Chrome) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcflmmmcfpacggndoaaflkmcoblhnbh [2013-09-17]
    CHR Extension: (Gmail) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-14]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    Locked "AmdocsSIMS" service was unlocked successfully. <===== ATTENTION
     
    R2 A180AA; C:\Program Files (x86)\Aternity Information Systems\Assistant\A180AA.exe [11776 2014-08-07] (Aternity Systems LTD.) [File not signed]
    R2 A180WD; C:\Program Files (x86)\Aternity Information Systems\Agent\A180WD.exe [298496 2014-08-07] (Aternity Systems LTD.) [File not signed]
    R2 ArraySSL_VPN_Service8.4.6.67; C:\Program Files\Array Networks\Array SSL VPN\8,4,6,67\arr_srvs.exe [309784 2012-12-19] (Array Networks, Inc.)
    R2 Array_Utility_Service8.4.6.67; C:\Program Files\Array Networks\Common\8,4,6,67\arr_isrv.exe [403992 2012-12-19] (Array Networks, Inc.)
    S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [28696 2014-09-24] (Box, Inc.)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1571000 2013-09-11] (Microsoft Corporation)
    R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [577720 2013-09-11] (Microsoft Corporation)
    R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
    R3 iMobilityService; C:\Program Files (x86)\iPass\Open Mobile\bin\iMobilityService.exe [30208 2012-07-03] (iPass Inc.) [File not signed]
    R2 iPlatformService; C:\Program Files (x86)\iPass\Open Mobile\omsi\iPlatformService.exe [22528 2012-07-03] (iPass Inc.) [File not signed]
    R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
    S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
    S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
    R2 MBAMAgent; C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [304360 2013-10-31] (Microsoft Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 Oracle WebLogic NodeManager (C_Oracle_Middleware_wlserver_10.3); C:\Oracle\Middleware\wlserver_10.3\server\bin\beasvc.exe [57344 2013-01-15] (BEA Systems, Inc.) [File not signed]
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 prgnDiscAgent; C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe [775736 2010-04-22] ()
    R2 secsvccat; C:\Windows\system32\secsvccat.exe [1256224 2013-08-07] (EMC Corporation)
    R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [144368 2014-03-16] (Symantec Corporation)
    R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe [2377984 2014-03-16] (Symantec Corporation)
    S3 smstsmgr; C:\Windows\CCM\TSManager.exe [276152 2013-09-11] (Microsoft Corporation)
    S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe [334736 2014-03-16] (Symantec Corporation)
    S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2010-08-19] (VMware, Inc.)
    U3 VPNInstallManager; C:\Program Files\Array Networks\Install Manager\VPNInstallManager.exe [1345328 2014-07-01] (Array Networks)
    R2 VPNService; C:\Program Files\Array Networks\SSL VPN Client\VPNService.exe [2194224 2014-07-01] (Array Networks)
    R2 Wanova Mirage Desktop Service; C:\Program Files\Wanova\Mirage Service\Wanova.Desktop.Service.exe [17728 2014-09-07] (VMware)
    R2 AmdocsSIMS; No ImagePath
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 ATP; C:\Windows\System32\DRIVERS\atpdrvr_7_x64.sys [19456 2011-04-08] (Array Networks)
    R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-04-01] (Broadcom Corporation.)
    R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20141119.011\BHDrvx64.sys [1586904 2014-10-06] (Symantec Corporation)
    R1 ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE}; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [169048 2014-03-16] (Symantec Corporation)
    R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
    U0 hgeqfk; C:\Windows\System32\drivers\xfmaqlt.sys [79064 2014-11-19] (Malwarebytes Corporation)
    S0 iastor; C:\Windows\SysWOW64\Drivers\iaStor.sys [408600 2009-08-07] (Intel Corporation)
    R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20141121.011\IDSvia64.sys [525016 2014-10-23] (Symantec Corporation)
    U0 iutm; C:\Windows\System32\drivers\utwg.sys [79064 2014-11-20] (Malwarebytes Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-23] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
    R0 Mirage; C:\Windows\System32\DRIVERS\Mirage.sys [49472 2014-09-07] (VMware)
    R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141122.002\ENG64.SYS [129752 2014-11-14] (Symantec Corporation)
    R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141122.002\EX64.SYS [2137304 2014-11-14] (Symantec Corporation)
    U0 ngghgj; C:\Windows\System32\drivers\raghbdvx.sys [79064 2014-11-23] (Malwarebytes Corporation)
    U0 ocwg; C:\Windows\System32\drivers\ojhb.sys [79064 2014-11-18] (Malwarebytes Corporation)
    S3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2013-09-11] (Microsoft Corporation)
    R3 ProcObsrv; C:\Windows\system32\sims\ProcObsrv.sys [9760 2014-11-17] () [File not signed]
    S1 secsvccatDriver13893; C:\Windows\System32\drivers\secsvccatDriver13893.sys [161984 2013-08-07] (EMC Corporation)
    R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
    R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-17] (Synaptics Incorporated)
    R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS [797272 2014-03-16] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS [36952 2014-03-16] (Symantec Corporation)
    S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys [34800 2014-03-16] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS [493656 2014-03-16] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS [1147480 2014-03-16] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-03-16] (Symantec Corporation)
    R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS [224856 2014-03-16] (Symantec Corporation)
    R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS [437336 2014-03-16] (Symantec Corporation)
    R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155352 2014-03-16] (Symantec Corporation)
    R3 TcUsb; C:\Windows\System32\Drivers\tcusb.sys [63304 2011-11-14] (AuthenTec, Inc.)
    R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [92456 2014-03-16] (Symantec Corporation)
    U0 ueba; C:\Windows\System32\drivers\lssngcwf.sys [79064 2014-11-21] (Malwarebytes Corporation)
    U0 umxykhv; C:\Windows\System32\drivers\vukda.sys [79064 2014-11-22] (Malwarebytes Corporation)
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
    R1 vpntdi; C:\Windows\System32\drivers\vpntdi64.sys [64616 2012-03-12] (Array Networks)
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-11-23 10:03 - 2014-11-23 10:03 - 00039084 _____ () C:\Users\Danielta\Desktop\FRST.txt
    2014-11-23 10:02 - 2014-11-23 10:03 - 00000000 ____D () C:\FRST
    2014-11-23 09:54 - 2014-11-23 09:58 - 00042682 _____ () C:\Users\Danielta\Desktop\AdwCleaner[R1].txt
    2014-11-23 09:53 - 2014-11-23 09:53 - 02118144 _____ (Farbar) C:\Users\Danielta\Desktop\FRST64.exe
    2014-11-23 09:52 - 2014-11-23 09:52 - 02140160 _____ () C:\Users\Danielta\Desktop\adwcleaner_4.101.exe
    2014-11-23 08:03 - 2014-11-23 08:03 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\raghbdvx.sys
    2014-11-22 19:08 - 2014-11-22 19:08 - 00000000 ____D () C:\Users\Danielta\AppData\Local\Hola
    2014-11-22 09:17 - 2014-11-22 09:17 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\vukda.sys
    2014-11-22 09:17 - 2014-11-22 09:17 - 00000098 _____ () C:\Windows\Minidump\cvjxady
    2014-11-21 07:54 - 2014-11-21 07:54 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\lssngcwf.sys
    2014-11-20 07:20 - 2014-11-20 07:20 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\utwg.sys
    2014-11-19 05:17 - 2014-11-19 05:17 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\xfmaqlt.sys
    2014-11-18 07:54 - 2014-11-18 07:54 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\ojhb.sys
    2014-11-18 07:54 - 2014-11-18 07:54 - 00000098 _____ () C:\Windows\system\uhqd
    2014-11-14 10:36 - 2014-11-14 10:36 - 00000000 ____D () C:\TDSSKiller_Quarantine
    2014-11-14 05:10 - 2014-11-14 05:22 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-11-13 10:42 - 2014-11-13 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSA
    2014-11-13 10:42 - 2014-11-13 10:42 - 00000000 ____D () C:\Program Files (x86)\RSA SecurID Token Common
    2014-11-13 10:42 - 2014-11-13 10:42 - 00000000 ____D () C:\Program Files (x86)\RSA SecurID Software Token
    2014-11-12 22:22 - 2014-11-12 22:22 - 00001022 _____ () C:\Users\Danielta\Downloads\foxish-opml.xml
    2014-11-03 21:37 - 2014-11-03 21:38 - 00286336 _____ () C:\Windows\Minidump\110314-42572-01.dmp
    2014-11-01 21:30 - 2014-11-01 21:31 - 00286336 _____ () C:\Windows\Minidump\110114-45645-01.dmp
    2014-11-01 21:21 - 2014-11-01 21:22 - 00286336 _____ () C:\Windows\Minidump\110114-42993-01.dmp
    2014-10-29 06:37 - 2014-10-29 06:38 - 00286336 _____ () C:\Windows\Minidump\102914-48344-01.dmp
    2014-10-25 09:14 - 2014-10-25 09:15 - 00286336 _____ () C:\Windows\Minidump\102514-49857-01.dmp
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-11-23 10:02 - 2014-10-05 17:52 - 00000000 ____D () C:\AdwCleaner
    2014-11-23 09:54 - 2013-01-17 04:13 - 00000000 ____D () C:\Users\Danielta\Documents\Outlook Files
    2014-11-23 09:52 - 2013-05-14 14:41 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-23 09:38 - 2013-01-14 15:51 - 00119470 __RSH () C:\ProgramData\ntuser.pol
    2014-11-23 09:33 - 2014-04-02 17:29 - 00000580 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-143744227-174999600-642189945-264072.job
    2014-11-23 09:19 - 2014-01-01 21:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-11-23 09:11 - 2013-01-15 11:45 - 00000000 __SHD () C:\Wanova Volume Information
    2014-11-23 09:08 - 2013-01-14 15:49 - 00000000 ____D () C:\ProgramData\Babylon
    2014-11-23 08:39 - 2013-01-15 10:35 - 00012084 __RSH () C:\Users\Danielta\ntuser.pol
    2014-11-23 08:39 - 2013-01-15 10:35 - 00000000 ____D () C:\Users\Danielta
    2014-11-23 08:39 - 2013-01-15 01:34 - 00000344 _____ () C:\Windows\system32\config\netlogon.ftl
    2014-11-23 08:16 - 2009-07-14 06:45 - 00023808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-23 08:16 - 2009-07-14 06:45 - 00023808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-23 08:07 - 2013-01-15 01:35 - 01131776 _____ () C:\Windows\WindowsUpdate.log
    2014-11-23 08:03 - 2014-10-12 00:00 - 00015940 _____ () C:\Windows\setupact.log
    2014-11-23 08:03 - 2013-10-06 07:23 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
    2014-11-23 07:19 - 2013-09-21 10:01 - 00000000 ____D () C:\Users\Danielta\AppData\Local\BD62ADDE-A1AD-409B-8176-DE3A05B6BD92.aplzod
    2014-11-23 03:38 - 2014-09-02 12:34 - 00004970 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {2da2d40b-84ab-45a6-a9cd-f3f62bedab91} DANIELTA01.corp.amdocs.com
    2014-11-23 01:55 - 2014-06-24 15:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-22 21:52 - 2013-05-14 14:41 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-22 18:48 - 2013-09-16 20:35 - 00000000 ____D () C:\Users\Danielta\AppData\Roaming\vlc
    2014-11-22 18:44 - 2013-01-16 18:00 - 00000000 ____D () C:\Users\Danielta\AppData\Local\Deployment
    2014-11-22 09:22 - 2009-07-14 07:13 - 00840082 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-11-22 09:17 - 2014-05-12 20:35 - 00000000 ____D () C:\Windows\Minidump
    2014-11-21 07:54 - 2013-05-03 00:00 - 00000000 ____D () C:\Windows\Sun
    2014-11-20 08:51 - 2013-01-17 15:22 - 00002060 ____H () C:\Users\Danielta\Documents\Default.rdp
    2014-11-20 00:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-11-19 19:34 - 2013-02-27 01:04 - 00000000 ____D () C:\Users\Danielta\AppData\Local\CrashDumps
    2014-11-18 07:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
    2014-11-18 03:26 - 2013-03-16 22:19 - 00000000 ____D () C:\Users\Danielta\AppData\Local\Box Sync
    2014-11-18 03:25 - 2014-08-22 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
    2014-11-18 02:42 - 2014-09-18 07:35 - 00004970 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for NTNET-DANIELTA DANIELTA01.corp.amdocs.com
    2014-11-17 23:19 - 2013-01-16 15:55 - 00000000 ____D () C:\Users\Danielta\Documents\DOX
    2014-11-17 23:16 - 2011-08-20 15:46 - 00000000 ____D () C:\Users\Danielta\Documents\Misc
    2014-11-17 21:58 - 2011-10-03 20:42 - 00000535 _____ () C:\Windows\SMSCFG.INI
    2014-11-17 21:55 - 2014-10-12 10:09 - 00718030 _____ () C:\Windows\PFRO.log
    2014-11-17 21:55 - 2014-10-12 07:48 - 00006532 _____ () C:\Windows\MirageNative.log
    2014-11-17 21:55 - 2013-01-15 11:08 - 00000000 ____D () C:\ProgramData\VMware
    2014-11-17 21:55 - 2009-07-14 07:08 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-11-17 21:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-11-17 21:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-11-17 14:52 - 2013-01-16 12:34 - 00000000 ____D () C:\pcd_tmpl32
    2014-11-16 12:26 - 2011-10-03 21:12 - 00000000 ____D () C:\Windows\PCHEALTH
    2014-11-15 21:19 - 2014-01-01 21:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-11-15 21:19 - 2013-08-13 17:08 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-11-15 21:19 - 2013-08-13 17:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-11-14 21:47 - 2013-05-14 14:41 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-11-14 21:47 - 2013-05-14 14:41 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-11-14 10:29 - 2014-10-05 18:38 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-11-14 05:16 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
    2014-11-14 05:09 - 2014-06-24 15:04 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-11-14 05:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PLA
    2014-11-13 10:42 - 2013-01-15 10:53 - 00000000 ____D () C:\Users\BOPCADMIN\AppData\Roaming\Amdocs Software Catalog
    2014-11-12 22:22 - 2013-01-15 23:25 - 00001517 _____ () C:\Users\Danielta\Downloads\Downloads.txt
    2014-11-12 15:32 - 2013-03-05 03:11 - 00000600 _____ () C:\Users\Danielta\AppData\Local\PUTTY.RND
    2014-11-12 10:43 - 2013-01-14 15:50 - 00000000 ____D () C:\temp
    2014-11-12 00:54 - 2013-01-17 10:34 - 00000000 ____D () C:\Users\Danielta\Documents\att connect
    2014-11-11 13:38 - 2014-04-02 17:29 - 00003606 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-143744227-174999600-642189945-264072
    2014-11-11 08:27 - 2013-01-14 15:40 - 00000000 ____D () C:\ProgramData\Symantec
    2014-11-10 22:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
    2014-11-09 13:00 - 2013-01-15 10:35 - 00000000 ____D () C:\Users\Danielta\AppData\Local\Microsoft Help
    2014-11-05 21:48 - 2013-07-28 07:24 - 00000843 _____ () C:\Users\Danielta\Documents\SubGadget.xml
    2014-11-04 19:11 - 2014-04-22 16:28 - 00000000 ____D () C:\Users\Danielta\AppData\Local\IE Tab
    2014-11-03 23:38 - 2013-01-21 08:35 - 00000000 ____D () C:\Users\Danielta\Documentum
    2014-11-03 21:37 - 2014-10-16 16:34 - 926520628 _____ () C:\Windows\MEMORY.DMP
    2014-10-28 14:59 - 2014-10-01 14:26 - 00000000 ____D () C:\Users\Danielta\AppData\Local\iConference
    2014-10-24 07:55 - 2014-06-24 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-10-24 07:55 - 2014-06-24 15:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
     
    Some content of TEMP:
    ====================
    C:\Users\BOPCADMIN\AppData\Local\Temp\certmgr.exe
    C:\Users\BOPCADMIN\AppData\Local\Temp\qwinsta.exe
    C:\Users\BOPCADMIN\AppData\Local\Temp\rootsupd.exe
    C:\Users\Danielta\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.487.exe
    C:\Users\Danielta\AppData\Local\Temp\JExplorer32.2.5.4.dll
    C:\Users\Danielta\AppData\Local\Temp\JExplorer32.2.5.4.exe
    C:\Users\Danielta\AppData\Local\Temp\qwinsta.exe
    C:\Users\sms2003svc\AppData\Local\Temp\qwinsta.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-11-15 00:59
     
    ==================== End Of Log ============================

    Attached Files



    #9 nasdaq

    nasdaq

    • Malware Response Team
    • 40,754 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:03:41 AM

    Posted 23 November 2014 - 09:23 AM

     
    Run this tool to clean your Temporary files/Folders.
     
    Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
  • ===
     

    Hers is the log from AdwCleaner.exe. I did not select 'Clean' as I was not sure what should be deleted.
    Clean everything.
     
    I admit that placing that file in a \temp folder is not a good idea.
    ===
     
    svchost process is for your Pay TV from Amdocs. 
    (Amdocs) C:\Windows\Temp\svchost.exe
    Unless this program/service is giving you some problems I did not remove anything associated with it.
    ===
     
     
    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
    start
     
    (Babylon Ltd.) C:\Program Files (x86)\Babylon\Client\Babylon.exe
    (Babylon) C:\Program Files (x86)\Babylon\Client\BabylonHelper64.exe
    HKLM-x32\...\Run: [Babylon Client] => C:\Program Files (x86)\Babylon\Client\Babylon.exe [3354264 2012-09-30] (Babylon Ltd.)
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (No File)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-143744227-174999600-642189945-264072\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    Toolbar: HKU\S-1-5-21-143744227-174999600-642189945-264072 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
    FF Extension: Hola Better Internet - C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-11-22]
    FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Client\Plugins\ocr@babylon.com
    FF Extension: Babylon Translation Activation - C:\Program Files (x86)\Babylon\Client\Plugins\ocr@babylon.com [2013-01-14]
    CHR Extension: (Hola Better Internet) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng [2014-09-04]
    CHR Extension: (Hola Better Internet) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-09-04]
    CHR Extension: (Google Wallet) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
    Locked "AmdocsSIMS" service was unlocked successfully. <===== ATTENTION
    R2 AmdocsSIMS; No ImagePath
    U0 hgeqfk; C:\Windows\System32\drivers\xfmaqlt.sys [79064 2014-11-19] (Malwarebytes Corporation)
    U0 iutm; C:\Windows\System32\drivers\utwg.sys [79064 2014-11-20] (Malwarebytes Corporation)
    U0 ngghgj; C:\Windows\System32\drivers\raghbdvx.sys [79064 2014-11-23] (Malwarebytes Corporation)
    U0 ocwg; C:\Windows\System32\drivers\ojhb.sys [79064 2014-11-18] (Malwarebytes Corporation)
    U0 ueba; C:\Windows\System32\drivers\lssngcwf.sys [79064 2014-11-21] (Malwarebytes Corporation)
    U0 umxykhv; C:\Windows\System32\drivers\vukda.sys [79064 2014-11-22] (Malwarebytes Corporation)
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    C:\Windows\Minidump\110314-42572-01.dmp
    C:\Windows\Minidump\110114-45645-01.dmp
    C:\Windows\Minidump\110114-42993-01.dmp
    C:\Windows\Minidump\102914-48344-01.dmp
    C:\Windows\Minidump\102514-49857-01.dmp
    C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\Extensions\jid1-4P0kohSJxU1qGg@jetpack
    C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng
    C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    C:\Windows\System32\drivers\xfmaqlt.sys
    C:\Windows\System32\drivers\utwg.sys
    C:\Windows\System32\drivers\raghbdvx.sys
    C:\Windows\System32\drivers\ojhb.sys
    C:\Windows\System32\drivers\lssngcwf.sys
    C:\Windows\System32\drivers\vukda.sys
     
    End
    
    Save the files as fixlist.txt into the same folder as FRST
     
    Run FRST and click Fix only once and wait.
     
    Restart the computer normally to reset the registry.
     
    The tool will create a log Fixlog.txt please post it to your reply.
    ===
     
    How is the computer running now?
     
     
     
     


    #10 dantal33

    dantal33
    • Topic Starter

    • Members
    • 24 posts
    • OFFLINE
    •  
    • Local time:10:41 AM

    Posted 23 November 2014 - 06:53 PM

    Here is the Fixlog.txt

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2014 01
    Ran by DANIELTA at 2014-11-24 01:48:16 Run:1
    Running from C:\Users\Danielta\Desktop\FRST
    Loaded Profile: DANIELTA (Available profiles: DANIELTA)
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    start
     
    (Babylon Ltd.) C:\Program Files (x86)\Babylon\Client\Babylon.exe
    (Babylon) C:\Program Files (x86)\Babylon\Client\BabylonHelper64.exe
    HKLM-x32\...\Run: [Babylon Client] => C:\Program Files (x86)\Babylon\Client\Babylon.exe [3354264 2012-09-30] (Babylon Ltd.)
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (No File)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-143744227-174999600-642189945-264072\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    Toolbar: HKU\S-1-5-21-143744227-174999600-642189945-264072 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
    FF Extension: Hola Better Internet - C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-11-22]
    FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Client\Plugins\ocr@babylon.com
    FF Extension: Babylon Translation Activation - C:\Program Files (x86)\Babylon\Client\Plugins\ocr@babylon.com [2013-01-14]
    CHR Extension: (Hola Better Internet) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng [2014-09-04]
    CHR Extension: (Hola Better Internet) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-09-04]
    CHR Extension: (Google Wallet) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
    Locked "AmdocsSIMS" service was unlocked successfully. <===== ATTENTION
    R2 AmdocsSIMS; No ImagePath
    U0 hgeqfk; C:\Windows\System32\drivers\xfmaqlt.sys [79064 2014-11-19] (Malwarebytes Corporation)
    U0 iutm; C:\Windows\System32\drivers\utwg.sys [79064 2014-11-20] (Malwarebytes Corporation)
    U0 ngghgj; C:\Windows\System32\drivers\raghbdvx.sys [79064 2014-11-23] (Malwarebytes Corporation)
    U0 ocwg; C:\Windows\System32\drivers\ojhb.sys [79064 2014-11-18] (Malwarebytes Corporation)
    U0 ueba; C:\Windows\System32\drivers\lssngcwf.sys [79064 2014-11-21] (Malwarebytes Corporation)
    U0 umxykhv; C:\Windows\System32\drivers\vukda.sys [79064 2014-11-22] (Malwarebytes Corporation)
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    C:\Windows\Minidump\110314-42572-01.dmp
    C:\Windows\Minidump\110114-45645-01.dmp
    C:\Windows\Minidump\110114-42993-01.dmp
    C:\Windows\Minidump\102914-48344-01.dmp
    C:\Windows\Minidump\102514-49857-01.dmp
    C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\Extensions\jid1-4P0kohSJxU1qGg@jetpack
    C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng
    C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    C:\Windows\System32\drivers\xfmaqlt.sys
    C:\Windows\System32\drivers\utwg.sys
    C:\Windows\System32\drivers\raghbdvx.sys
    C:\Windows\System32\drivers\ojhb.sys
    C:\Windows\System32\drivers\lssngcwf.sys
    C:\Windows\System32\drivers\vukda.sys
     
    End
    *****************
     
    [7612] C:\Program Files (x86)\Babylon\Client\Babylon.exe => Process closed successfully.
    [7624] C:\Program Files (x86)\Babylon\Client\BabylonHelper64.exe => Process closed successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Babylon Client => value deleted successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
    "HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKU\S-1-5-21-143744227-174999600-642189945-264072\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKU\S-1-5-21-143744227-174999600-642189945-264072\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => value deleted successfully.
    "HKCR\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" => Key not found.
    "HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => Key deleted successfully.
    C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\Extensions\jid1-4P0kohSJxU1qGg@jetpack => Moved successfully.
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ocr@babylon.com => value deleted successfully.
    C:\Program Files (x86)\Babylon\Client\Plugins\ocr@babylon.com => Moved successfully.
    C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng => Moved successfully.
    C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio => Moved successfully.
    C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
    Locked "AmdocsSIMS" service was unlocked successfully. <===== ATTENTION => Error: No automatic fix found for this entry.
    AmdocsSIMS => Unable to stop service
    AmdocsSIMS => Service deleted successfully.
    hgeqfk => Service not found.
    iutm => Service not found.
    ngghgj => Service not found.
    ocwg => Service not found.
    ueba => Service not found.
    umxykhv => Service not found.
    VGPU => Service deleted successfully.
    C:\Windows\Minidump\110314-42572-01.dmp => Moved successfully.
    C:\Windows\Minidump\110114-45645-01.dmp => Moved successfully.
    C:\Windows\Minidump\110114-42993-01.dmp => Moved successfully.
    C:\Windows\Minidump\102914-48344-01.dmp => Moved successfully.
    C:\Windows\Minidump\102514-49857-01.dmp => Moved successfully.
    "C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\Extensions\jid1-4P0kohSJxU1qGg@jetpack" => File/Directory not found.
    "C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng" => File/Directory not found.
    "C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio" => File/Directory not found.
    "C:\Windows\System32\drivers\xfmaqlt.sys" => File/Directory not found.
    "C:\Windows\System32\drivers\utwg.sys" => File/Directory not found.
    "C:\Windows\System32\drivers\raghbdvx.sys" => File/Directory not found.
    "C:\Windows\System32\drivers\ojhb.sys" => File/Directory not found.
    "C:\Windows\System32\drivers\lssngcwf.sys" => File/Directory not found.
    "C:\Windows\System32\drivers\vukda.sys" => File/Directory not found.
     
     
    The system needed a reboot. 
     
    ==== End of Fixlog ====


    #11 nasdaq

    nasdaq

    • Malware Response Team
    • 40,754 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:03:41 AM

    Posted 24 November 2014 - 09:05 AM

    Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.
     
    If the site is busy or not available use this mirror site:
     
    How is the computer running now?
     
    ======
     


    #12 dantal33

    dantal33
    • Topic Starter

    • Members
    • 24 posts
    • OFFLINE
    •  
    • Local time:10:41 AM

    Posted 24 November 2014 - 05:53 PM

    Hi,

     

    Here is the log from SecurityCheck.exe:

     

     Results of screen317's Security Check version 0.99.90  

     Windows 7 Service Pack 1 x64 (UAC is enabled)  
     Internet Explorer 11  
    ``````````````Antivirus/Firewall Check:`````````````` 
     Windows Firewall Disabled!  
    Symantec Endpoint Protection   
     WMI entry may not exist for antivirus; attempting automatic update. 
    `````````Anti-malware/Other Utilities Check:````````` 
     Java™ 6 Update 27  
     Java 7 Update 21  
     Java™ SE Development Kit 6 Update 24 
     Java SE Development Kit 7 Update 21 
     Java version out of Date! 
     Adobe Flash Player 15.0.0.223  
     Adobe Reader XI  
     Mozilla Firefox 32.0.3 Firefox out of Date!  
     Google Chrome (38.0.2125.111) 
     Google Chrome (39.0.2171.65) 
     Google Chrome (chrome.exe..) 
     Google Chrome (debug.log..) 
     Google Chrome (Dictionaries...) 
     Google Chrome (master_preferences...) 
     Google Chrome (old_chrome.exe..) 
    ````````Process Check: objlist.exe by Laurent````````  
     Norton ccSvcHst.exe 
     Malwarebytes Anti-Malware mbamservice.exe  
     Malwarebytes Anti-Malware mbam.exe  
     Malwarebytes Anti-Malware mbamscheduler.exe   
    `````````````````System Health check````````````````` 
     Total Fragmentation on Drive C:  
    ````````````````````End of Log`````````````````````` 


    #13 nasdaq

    nasdaq

    • Malware Response Team
    • 40,754 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:03:41 AM

    Posted 25 November 2014 - 07:09 AM

    Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
    The latest version is Java 7 Update 71 for the 32 bit Operating system.
    Java 8 Update 25 for the 64 bit Operating system.
     
    You can manually check your present version and update as recommended.
     
    Be careful not to install malware posing as Java update!
    Important read this blog.
     
    Quoted from the page.
    "In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
     
    How to disable Java in your browsers
     
     
    If present remove the old version(s) of Java using the Add/Remove Programs applet.
     
    Java™ 6 Update 27  
     Java 7 Update 21  
     Java™ SE Development Kit 6 Update 24 
     Java SE Development Kit 7 Update 21  
     
    ===
     
    Get the latest version of the Adobe Reader.
    Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
     
    When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
    <<<>>>
     
    How is the computer running now?


    #14 dantal33

    dantal33
    • Topic Starter

    • Members
    • 24 posts
    • OFFLINE
    •  
    • Local time:10:41 AM

    Posted 26 November 2014 - 04:07 PM

    Hi,

     

    I downloaded Java 7 update 71. I have have to keep Java 6 as well for some work apps. I completely uninstalled Adobe Reader as I'm primarily using Foxit Reader for PDFs.



    #15 nasdaq

    nasdaq

    • Malware Response Team
    • 40,754 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:03:41 AM

    Posted 27 November 2014 - 09:22 AM

    If all is well.
     
    To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
    ===





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users