Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe appearing in C:\Windows\Temp\


  • Please log in to reply
8 replies to this topic

#1 dantal33

dantal33

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 06 January 2016 - 11:48 AM

Every time I boot up I see over 10 svchost.exe processes in Task Manager. After searching on the web I checked each one of them and all are running in C:\Windows\System32 except one which is running in C:\Windows\Temp\. I believe this means that it is a virus/malware. 
 
Each time my laptop boots up the process in the temp directory starts up. I've tried killing it and deleting from the directory (has to be done very quickly), but it just keeps coming back.
 
I have both Malwarebytes Anti-Malware and Avast. MBAM once in a while finds the process and also a registry entry, but for both when I select quarantine they just come back next time and MBAM finds them again. Avast sometimes finds the process on startup (multiple times) and alerts that it has deleted the first time and then ignores.
 
Can anyone help with confirming if this is in fact and issue and, if so, getting rid of it once and for all?

Edit: Moved topic from Am I Infected to the more appropriate forum, at the request of malware team. ~ Animal

BC AdBot (Login to Remove)

 


#2 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:42 PM

Posted 06 January 2016 - 12:29 PM

Hi,

 

Instead of trying to delete the svchost.exe from the c:\Windows\temp folder can you copy the file to the Desktop?

 

If you successfully copied the file then try to upload the file from the Desktop to www.virustotal.com and post the resulting URL into your topic.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#3 dantal33

dantal33
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 06 January 2016 - 01:02 PM

Hi,

 

I was able to copy to desktop and run the analysis.

 

Here is the resulting URL: https://www.virustotal.com/en/file/2cc6c6d80e775f4b24d11afe2481bf37be94510fc1eceb397eb6a009befc70e4/analysis/1452103209/



#4 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:42 PM

Posted 06 January 2016 - 01:36 PM

Hi,

 

It's something new..., we need to use other tools not allowed on this section of the forum. I will ask for the topic to be moved to the Malware Removal Logs section.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#5 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:42 PM

Posted 06 January 2016 - 01:50 PM

Hi,

 

I need you to collect some logs for me please. If possible keep the machine disconnected from the Internet.

 

 

Step 1 - Farbar Recovery Scan Tool (FRST)
 

  • Download FRST or FRST x64 and save it to the Desktop.
    (Please pick the version that matches your operating system's bit type. If you don't know which version matches your system, try FRST if it say that is not compatible with your OS you have to use FRST64
  • Execute FRST/FRST64 right click on the icon FRST.gif and choose Run as Administrator. Make sure all other windows are closed.
    (When the Tool opens for the first time you must click Yes on the disclaimer.)
    FRST.png
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the Tool is run from.
  • The first time the Tool is run, it makes also another log (Addition.txt).
  • Please copy and paste the logs to your post.

 

Can you post any previously detection log from MBAM?

 

 

 

Things I would like to see in your next reply:

  • The FRST.txt log and Addition.txt
  • MBAM log

 


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#6 dantal33

dantal33
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 06 January 2016 - 03:35 PM

Hi,

 

Here is the log from FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-01-2015

Ran by DANIELTA (administrator) on DANIELTA01 (06-01-2016 22:29:07)
Running from C:\Users\Danielta\Desktop
Loaded Profiles: DANIELTA (Available Profiles: BOPCADMIN & sms2003svc & DANIELTA)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Aternity Systems LTD.) C:\Program Files (x86)\Aternity Information Systems\Assistant\A180AA.exe
(Aternity Systems LTD.) C:\Program Files (x86)\Aternity Information Systems\Agent\A180WD.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Amdocs) C:\Windows\System32\sims\AmdocsSIMS.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
(iPass Inc.) C:\Program Files (x86)\iPass\Open Mobile\omsi\iPlatformService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
() C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe
(iPass Inc.) C:\Program Files (x86)\iPass\Open Mobile\omsi\iPlatformHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(BEA Systems, Inc.) C:\Oracle\Middleware\wlserver_10.3\server\bin\beasvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Aternity Systems LTD.) C:\Program Files (x86)\Aternity Information Systems\Agent\A180CM.exe
(EMC Corporation) C:\Windows\System32\secsvccat.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Array Networks) C:\Program Files\Array Networks\SSL VPN Client\VPNService.exe
(VMware) C:\Program Files\Wanova\Mirage Service\Wanova.Desktop.Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(iPass Inc.) C:\Program Files (x86)\iPass\Open Mobile\omsi\iPlatformHost.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
(iPass Inc.) C:\Program Files (x86)\iPass\Open Mobile\bin\iMobilityService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(VMware) C:\Program Files\Wanova\Mirage Service\Wanova.Desktop.Notification.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(AT&T Inc.) C:\Program Files (x86)\ATT Connect\Participant\pull.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 4640 series\Bin\ScanToPCActivationApp.exe
(Hola Networks Ltd.) C:\Users\Danielta\AppData\Local\Hola\local\app\hola.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(iPass, Inc.) C:\Program Files (x86)\iPass\Open Mobile\bin\iMobility.exe
() C:\Program Files (x86)\Launchy\Launchy.exe
() C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\BrowserTraySwitch\BrowserTraySwitch.exe
(Hola Networks Ltd.) C:\Users\Danielta\AppData\Local\Hola\local\app\hola_updater.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Hola Networks Ltd.) C:\Users\Danielta\AppData\Local\Hola\local\app\hola_svc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Aternity Systems LTD.) C:\Program Files (x86)\Aternity Information Systems\Agent\A180AG.exe
(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe
(Amdocs) C:\Windows\Temp\svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Aternity Systems LTD.) C:\Program Files (x86)\Aternity Information Systems\Agent\A180RS.exe
(TechSmith Corporation) C:\Program Files (x86)\Snagit10\TscHelp.exe
(TechSmith Corporation) C:\Program Files (x86)\Snagit10\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconv.exe
(IDM Computer Solutions, Inc.) C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe
(RSA Security Inc.) C:\Program Files (x86)\RSA SecurID Software Token\SecurID.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [44096 2012-01-16] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-08-20] (Lenovo)
HKLM\...\Run: [Mirage Client] => C:\Program Files\Wanova\Mirage Service\Wanova.Desktop.Notification.exe [575808 2014-11-30] (VMware)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM\...\Run: [WebVPN] => C:\Program Files\Array Networks\SSL VPN Client\WebVPN.exe [1427944 2015-07-22] (Array Networks)
HKLM-x32\...\Run: [EDFcsn] => C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe [188680 2015-06-26] ()
HKLM-x32\...\Run: [ACTray] => C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe [432424 2013-08-20] (Lenovo)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Winlogon: [LegalNoticeCaption] Legal Warning !!!
HKLM\...\Winlogon: [LegalNoticeText] THIS IS AN AMDOCS SYSTEM, RESTRICTED TO AUTHORIZED INDIVIDUALS. THIS SYSTEM IS SUBJECT TO MONITORING. UNAUTHORIZED USERS, ACCESS, AND/OR MODIFICATION WILL BE PROSECUTED. IF YOU ARE NOT AUTHORIZED TO PROCEED, EXIT NOW.
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-143744227-174999600-642189945-264072\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-143744227-174999600-642189945-264072\...\Run: [Push Client] => C:\Program Files (x86)\ATT Connect\Participant\pull.exe [983296 2013-11-12] (AT&T Inc.)
HKU\S-1-5-21-143744227-174999600-642189945-264072\...\Run: [HP Deskjet 4640 series (NET)] => C:\Program Files\HP\HP Deskjet 4640 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-143744227-174999600-642189945-264072\...\Run: [hola] => C:\Users\Danielta\AppData\Local\Hola\local\app\hola.exe [2031232 2015-12-26] (Hola Networks Ltd.)
HKU\S-1-5-21-143744227-174999600-642189945-264072\...\RunOnce: [Application Restart #5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-11] (Google Inc.)
HKU\S-1-5-21-143744227-174999600-642189945-264072\...\Policies\Explorer: [DisallowCpl] 1
HKU\S-1-5-21-143744227-174999600-642189945-264072\...\Policies\Explorer: [NoWindowsUpdate] 1
HKU\S-1-5-21-143744227-174999600-642189945-264072\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-143744227-174999600-642189945-264072\...\Policies\Explorer: [ForceRunOnStartMenu] 1
HKU\S-1-5-21-143744227-174999600-642189945-264072\...\MountPoints2: {2725883b-4441-11e5-9b37-3c970e612cf8} - E:\iStudio.exe
HKU\S-1-5-21-143744227-174999600-642189945-264072\...\MountPoints2: {665cd4a8-35f9-11e5-abd5-3c970e612cf8} - D:\LaunchU3.exe
HKU\S-1-5-21-143744227-174999600-642189945-264072\...\MountPoints2: {8948b66d-a6c4-11e4-b0f4-3c970e612cf8} - D:\Starter.exe
HKU\S-1-5-21-143744227-174999600-642189945-264072\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Amdocs.scr [446799 2015-11-17] ()
HKU\S-1-5-18\...\Run: [Push Client] => C:\Program Files (x86)\ATT Connect\Participant\pull.exe [983296 2013-11-12] (AT&T Inc.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Amdocs.scr [446799 2015-11-17] ()
Lsa: [Notification Packages] scecli ACGina
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danielta\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2012-11-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danielta\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2012-11-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danielta\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2012-11-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danielta\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2012-11-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [{MirageOverlay}] -> {6471fc45-6445-42a3-8468-41ca8b0f7523} => C:\Program Files\Wanova\Mirage Service\x64\Wanova.Desktop.ShellEx.dll [2014-11-30] (VMware)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danielta\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [2012-11-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danielta\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [2012-11-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danielta\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [2012-11-14] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-06-01]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-06-01]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iPass Open Mobile.lnk [2013-01-17]
ShortcutTarget: iPass Open Mobile.lnk -> C:\Program Files (x86)\iPass\Open Mobile\bin\iMobility.exe (iPass, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk [2013-01-16]
ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk [2013-01-15]
ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\Snagit10\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\Danielta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BrowserTraySwitch.lnk [2013-02-26]
ShortcutTarget: BrowserTraySwitch.lnk -> C:\Program Files (x86)\BrowserTraySwitch\BrowserTraySwitch.exe ()
Startup: C:\Users\Danielta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-11-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck pivotautocheck autochk * 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-143744227-174999600-642189945-264072\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-143744227-174999600-642189945-264072] => genproxy:8080
Winsock: Catalog9-x64 11 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll No File 
Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll No File 
Hosts: 10.232.148.68     ossvm.corp.amdocs.com ossvm
Tcpip\Parameters: [DhcpNameServer] 216.136.95.2 64.132.94.250
Tcpip\..\Interfaces\{33066C1A-0288-4FA0-9E88-0CC4B3EB1732}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7DB09D86-A176-4BB4-AD0A-CCFEA78ADF9D}: [DhcpNameServer] 216.136.95.2 64.132.94.250
Tcpip\..\Interfaces\{D37C67CD-7680-43A6-8A5B-0967FA0E9DE0}: [NameServer] 127.0.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-143744227-174999600-642189945-264072\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-143744227-174999600-642189945-264072\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://portal/Pages/homepage.aspx
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\Snagit10\DLLx64\SnagitBHO64.dll [2010-04-13] (TechSmith Corporation)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-11-12] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-06-01] (LastPass)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Aternity HTML Monitor -> {E34782C0-33EF-4EBE-9285-596523DDBE62} -> C:\ProgramData\Aternity\hooks\NewHtmlHook64.dll [2015-11-08] (Aternity Ltd)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\Snagit10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-11-12] (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL [2013-06-08] (Symantec Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-06-01] (LastPass)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Java\jre6\bin\jp2ssv.dll [2015-02-01] (Sun Microsystems, Inc.)
BHO-x32: Aternity HTML Monitor -> {E34782C0-33EF-4EBE-9285-596523DDBE62} -> C:\ProgramData\Aternity\hooks\NewHtmlHook.dll [2015-11-08] (Aternity Ltd)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\Snagit10\DLLx64\SnagitIEAddin64.dll [2010-04-13] (TechSmith Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-06-01] (LastPass)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\Snagit10\SnagitIEAddin.dll [2010-04-13] (TechSmith Corporation)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-06-01] (LastPass)
DPF: HKLM {47C6ECF4-2DDE-4001-836B-5BF6ED9BC2DC} 
DPF: HKLM-x32 {12D7432B-838B-48CA-9558-A51E2F054BFF} hxxps://isrvpn.amdocs.com/prx/00/54xr/sLqmu0t3~/s7j2yx@61zBq/u1A00=_/ArrayCS.cab
DPF: HKLM-x32 {3BCEAAF6-6774-4137-BC4E-BD8A2CD4CA95} hxxp://alm11ind:8080/qcbin/ALM-Platform-Loader.11.5x.cab
DPF: HKLM-x32 {47C6ECF4-2DDE-4001-836B-5BF6ED9BC2DC} hxxps://isrvpn.amdocs.com/prx/000/http/localhost/client_sec/l3vpn/arr_x.cab
DPF: HKLM-x32 {67312B80-99C5-420A-B621-50E727E0EB13} hxxps://isrvpn.amdocs.com/prx/000/http/localhost/client_sec/l3vpn/SessionLaunch.cab
DPF: HKLM-x32 {759FD3DE-F0EF-4A76-909C-88CF840D4173} hxxp://documentcenter:7004/webtop/wdk/native/WdkPluginCab.CAB
DPF: HKLM-x32 {A4E4C162-7EE3-47E1-A9B4-8BED1233616F} hxxps://tlvportal.amdocs.com/prx/000/http/localhost/dd_clients/1/DesktopDirectTCS.cab
DPF: HKLM-x32 {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} hxxp://qcisr:8080/qcbin/Spider91.cab
DPF: HKLM-x32 {B6648EB8-2460-484F-9255-9654454C4C70} hxxps://isrvpn.amdocs.com/prx/000/http/localhost/arr_x.cab
DPF: HKLM-x32 {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} hxxp://websrv2/edms/java/jre-6u27-windows-i586-s.exe
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP9-15980/event/ieatgpc1.cab
DPF: HKLM-x32 {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} hxxp://qc11isr:8080/qcbin/ALM-Platform-Loader.11.cab
DPF: HKLM-x32 {EE64AC11-5480-444E-AB2F-A9780EC929D5} hxxps://isrvpn.amdocs.com/prx/000/http/localhost/client_sec/isrvpn/CSLaunchAX.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-06-01] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @aternity.com/FPI -> C:\ProgramData\Aternity\hooks\npHtmlHook.dll [2015-11-08] (Aternity Ltd)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Java\jre6\bin\new_plugin\npjp2.dll [2015-02-01] (Sun Microsystems, Inc.)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-06-01] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-04-25] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-143744227-174999600-642189945-264072: @citrixonline.com/appdetectorplugin -> C:\Users\Danielta\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-08-14] (Citrix Online)
FF Plugin HKU\S-1-5-21-143744227-174999600-642189945-264072: @hola.org/FlashPlayer -> C:\Users\Danielta\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2015-12-26] ()
FF Plugin HKU\S-1-5-21-143744227-174999600-642189945-264072: @hola.org/vlc -> C:\Users\Danielta\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2015-12-26] (Hola)
FF Plugin HKU\S-1-5-21-143744227-174999600-642189945-264072: LWAPlugin15.8 -> C:\Users\Danielta\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2015-02-01] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-04-25] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2015-06-24] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Danielta\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-06-24] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Danielta\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\searchplugins\firefox-add-ons.xml [2015-02-25]
FF SearchPlugin: C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\searchplugins\youtube-video-search.xml [2015-03-01]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2015-05-30]
FF Extension: Pocket - C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\extensions\isreaditlater@ideashower.com [2015-05-30]
FF Extension: Xmarks - C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\extensions\foxmarks@kei.com [2015-05-30]
FF Extension: Shortly URL Shortner - C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\extensions\shortly@aloshbennett.in.xpi [2015-08-23]
FF Extension: Torrent Tornado - C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\extensions\s3torrent@tornado.xpi [2015-10-30]
FF Extension: FireGestures - C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\extensions\firegestures@xuldev.org.xpi [2015-11-05]
FF Extension: Youtube Downloader - 4K Download - C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\extensions\paulsaintuzb@gmail.com [2015-12-01]
FF Extension: LastPass - C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\extensions\support@lastpass.com [2015-12-21]
FF Extension: Hola Better Internet - C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-12-28]
FF Extension: No Name - C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\Extensions\jid1-BYcQOfYfmBMd9A@jetpack.xpi [2015-12-30] [not signed]
FF Extension: Google™ Hangouts - C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\Extensions\jid1-uqbSKwXpf2K6yl@jetpack.xpi [2015-09-18]
FF Extension: Troubleshooter - C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\Extensions\troubleshooter@mozilla.org.xpi [2015-04-25]
FF Extension: Share Button for Pinterest - C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2015-12-26]
FF Extension: RSS Feed Icon in Navbar - C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\Extensions\{963162af-4179-4365-b207-8d0b078b58c3}.xpi [2015-08-14]
FF Extension: Adblock Plus - C:\Users\Danielta\AppData\Roaming\Mozilla\Firefox\Profiles\o23f56cb.default-1401517692693\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-16]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF Extension: Aternity HTML Monitor - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\fpi@aternity.com [2016-01-06] [not signed]
 
Chrome: 
=======
CHR NewTab: Profile 1 -> "chrome-extension://dpjamkmjmigaoobjbekmfgabipmfilij/empty_ntp.html"
CHR Profile: C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Web Store) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-09-23]
CHR Extension: (SubSonic) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki [2015-09-23]
CHR Extension: (Perisonic) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdipjpecphmbijlckkkmabnabhbpjbn [2015-09-23]
CHR Extension: (Web Store) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-23]
CHR Extension: (Web Store) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dogkpdfcklifaemcdfbildhcofnopogp [2015-09-23]
CHR Extension: (Web Store) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij [2015-09-23]
CHR Extension: (Web Store) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-10-05]
CHR Extension: (Web Store) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-23]
CHR Extension: (Web Store) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-09-23]
CHR Extension: (Web Store) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2015-10-05]
CHR Extension: (feedly) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2015-09-23]
CHR Extension: (Web Store) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpimopiibggegpmbekldodhempbndjgg [2015-09-23]
CHR Extension: (Jamstash) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccdpflnecheidefpofmlblgebobbloc [2015-09-23]
CHR Extension: (Web Store) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgkpaicikihijadgifklkbpdajbkhjo [2015-09-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-23]
CHR Extension: (Web Store) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-09-23]
CHR Extension: (Web Store) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhdikhnaigcdlamenbgkmllgmfnngoi [2015-09-23]
CHR Extension: (Web Store) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-09-23]
CHR Extension: (Web Store) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-09-24]
CHR Extension: (Web Store) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2015-09-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-23]
CHR Extension: (Wunderlist for Chrome) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcflmmmcfpacggndoaaflkmcoblhnbh [2015-10-05]
CHR Profile: C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-10]
CHR Extension: (__MSG_extName__) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aejoelaoggembcahagimdiliamlcdmfm [2016-01-04]
CHR Extension: (Google Slides) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-10-11]
CHR Extension: (Google Slides) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-10]
CHR Extension: (Google Drive) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (SubSonic) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bdebkkdipomhlhnmgdcdjjnifpealoki [2015-10-11]
CHR Extension: (Perisonic) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bkdipjpecphmbijlckkkmabnabhbpjbn [2015-10-11]
CHR Extension: (YouTube) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-10]
CHR Extension: (Google Slides) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-06]
CHR Extension: (Google Search) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Slides) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dogkpdfcklifaemcdfbildhcofnopogp [2015-10-11]
CHR Extension: (Google Slides) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij [2015-10-11]
CHR Extension: (Google Sheets) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-10]
CHR Extension: (Google Slides) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Google Slides) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-01-03]
CHR Extension: (Google Slides) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-10-11]
CHR Extension: (Google Slides) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-10-27]
CHR Extension: (Google Slides) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2015-12-28]
CHR Extension: (feedly) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2015-10-11]
CHR Extension: (Google Slides) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hpimopiibggegpmbekldodhempbndjgg [2015-10-11]
CHR Extension: (Google Slides) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2015-10-25]
CHR Extension: (__MSG_appName__) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2015-10-17]
CHR Extension: (Jamstash) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jccdpflnecheidefpofmlblgebobbloc [2015-10-11]
CHR Extension: (Google Slides) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlgkpaicikihijadgifklkbpdajbkhjo [2015-10-11]
CHR Extension: (Google Slides) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-11-17]
CHR Extension: (Google Slides) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-18]
CHR Extension: (Google Slides) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nbhdikhnaigcdlamenbgkmllgmfnngoi [2015-10-11]
CHR Extension: (Google Slides) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-12-11]
CHR Extension: (Google Slides) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-10-16]
CHR Extension: (Google Slides) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2015-10-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-10]
CHR Extension: (Wunderlist for Chrome) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ojcflmmmcfpacggndoaaflkmcoblhnbh [2015-12-22]
CHR Extension: (Gmail) - C:\Users\Danielta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-10]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"AmdocsSIMS" => service was unlocked. <===== ATTENTION
 
R2 A180AA; C:\Program Files (x86)\Aternity Information Systems\Assistant\A180AA.exe [17440 2015-11-04] (Aternity Systems LTD.)
R2 A180WD; C:\Program Files (x86)\Aternity Information Systems\Agent\A180WD.exe [276512 2015-11-08] (Aternity Systems LTD.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1571000 2013-09-11] (Microsoft Corporation)
R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [577720 2013-09-11] (Microsoft Corporation)
R2 hpDiscAgent; C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe [1000200 2015-06-26] ()
R2 HPSLPSVC; C:\Users\Danielta\AppData\Local\Temp\7zS6879\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R3 iMobilityService; C:\Program Files (x86)\iPass\Open Mobile\bin\iMobilityService.exe [30208 2012-07-03] (iPass Inc.) [File not signed]
R2 iPlatformService; C:\Program Files (x86)\iPass\Open Mobile\omsi\iPlatformService.exe [22528 2012-07-03] (iPass Inc.) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R2 MBAMAgent; C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [304360 2013-10-31] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-04-28] (Hewlett-Packard) [File not signed]
R2 Oracle WebLogic NodeManager (C_Oracle_Middleware_wlserver_10.3); C:\Oracle\Middleware\wlserver_10.3\server\bin\beasvc.exe [57344 2013-01-15] (BEA Systems, Inc.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-04-28] (Hewlett-Packard) [File not signed]
R2 secsvccat; C:\Windows\system32\secsvccat.exe [1228296 2015-05-04] (EMC Corporation)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [144368 2014-03-16] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe [2377984 2014-03-16] (Symantec Corporation)
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [276152 2013-09-11] (Microsoft Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe [334736 2014-03-16] (Symantec Corporation)
S3 VPNInstallManager; C:\Program Files\Array Networks\Install Manager\VPNInstallManager.exe [1369064 2015-07-22] (Array Networks)
R2 VPNService; C:\Program Files\Array Networks\SSL VPN Client\VPNService.exe [2245096 2015-07-22] (Array Networks)
R2 Wanova Mirage Desktop Service; C:\Program Files\Wanova\Mirage Service\Wanova.Desktop.Service.exe [17728 2014-11-30] (VMware)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ATP; C:\Windows\System32\DRIVERS\atpdrvr_7_x64.sys [19456 2011-04-08] (Array Networks)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-04-01] (Broadcom Corporation.)
S1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20151223.011\BHDrvx64.sys [1665608 2015-10-22] (Symantec Corporation)
R1 ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE}; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [169048 2014-03-16] (Symantec Corporation)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [36432 2008-03-04] (DemoForge, LLC)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
S0 iastor; C:\Windows\SysWOW64\Drivers\iaStor.sys [408600 2009-08-07] (Intel Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20160105.013\IDSvia64.sys [767224 2015-12-04] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-06] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 Mirage; C:\Windows\System32\DRIVERS\Mirage.sys [49472 2014-11-30] (VMware)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20160106.004\ENG64.SYS [138488 2015-12-18] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20160106.004\EX64.SYS [2148080 2015-12-18] (Symantec Corporation)
S3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2013-09-11] (Microsoft Corporation)
R3 ProcObsrv; C:\Windows\system32\sims\ProcObsrv.sys [9760 2016-01-06] () [File not signed]
R1 secsvccatDriver6683; C:\Windows\System32\drivers\secsvccatDriver6683.sys [174504 2015-05-04] (EMC Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-17] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS [797272 2014-03-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS [36952 2014-03-16] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys [34800 2014-03-16] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS [493656 2014-03-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS [1147480 2014-03-16] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-03-16] (Symantec Corporation)
S1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS [224856 2014-03-16] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS [437336 2014-03-16] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155352 2014-03-16] (Symantec Corporation)
R3 TcUsb; C:\Windows\System32\Drivers\tcusb.sys [63304 2011-11-14] (AuthenTec, Inc.)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [92456 2014-03-16] (Symantec Corporation)
R1 vpntdi; C:\Windows\System32\drivers\vpntdi64.sys [64616 2012-03-12] (Array Networks)
R2 AmdocsSIMS; no ImagePath
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-06 22:29 - 2016-01-06 22:29 - 00048246 _____ C:\Users\Danielta\Desktop\FRST.txt
2016-01-06 22:27 - 2016-01-06 22:27 - 02370560 _____ (Farbar) C:\Users\Danielta\Desktop\FRST64.exe
2016-01-06 19:35 - 2016-01-06 20:33 - 00000755 _____ C:\Users\Danielta\Desktop\WDM discovery 6-1 morning.txt
2016-01-06 18:39 - 2016-01-06 18:39 - 00000490 _____ C:\TDSSKiller.3.1.0.9_06.01.2016_18.39.50_log.txt
2016-01-06 15:17 - 2016-01-06 15:17 - 03763054 _____ C:\Users\Danielta\Desktop\Level3 -Scoping- Action Items.xlsx
2016-01-04 14:27 - 2016-01-06 21:14 - 00041356 _____ C:\Users\Danielta\AppData\Local\Corp brand screensaver 2015-5.swf
2016-01-04 14:27 - 2016-01-06 21:14 - 00000766 _____ C:\Users\Danielta\AppData\Local\scrcfg.ini
2016-01-03 22:32 - 2016-01-03 22:32 - 01111653 _____ C:\Users\Danielta\Desktop\Scan.pdf
2016-01-03 16:10 - 2016-01-06 22:28 - 00000000 ____D C:\Windows\system32\EFT44dd0b017b685d37
2016-01-03 14:57 - 2016-01-04 15:55 - 00002443 _____ C:\Users\Danielta\soapui-settings.xml
2016-01-03 14:57 - 2016-01-04 15:55 - 00000846 _____ C:\Users\Danielta\default-soapui-workspace.xml
2016-01-03 14:42 - 2016-01-03 14:42 - 00002261 _____ C:\Users\Public\Desktop\SoapUI 5.2.1.lnk
2016-01-03 14:42 - 2016-01-03 14:42 - 00000000 ____D C:\Users\Danielta\.soapuios
2016-01-03 14:42 - 2016-01-03 14:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartBear
2016-01-03 14:42 - 2016-01-03 14:42 - 00000000 ____D C:\Program Files\SmartBear
2016-01-01 12:32 - 2016-01-01 12:32 - 03026375 _____ C:\Users\Danielta\Documents\Amdocs Ethernet Solutions Scope v2_DT.pptx
2016-01-01 11:45 - 2016-01-01 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-31 13:49 - 2015-12-31 13:49 - 00000249 _____ C:\Users\Danielta\Desktop\BSC Gabriel.txt
2015-12-31 08:58 - 2015-12-31 08:58 - 00048938 _____ C:\TDSSKiller.3.1.0.9_31.12.2015_08.58.41_log.txt
2015-12-30 19:43 - 2015-12-30 19:43 - 00048938 _____ C:\TDSSKiller.3.1.0.9_30.12.2015_19.43.11_log.txt
2015-12-30 19:41 - 2015-12-30 19:41 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Danielta\Desktop\tdsskiller.exe
2015-12-30 19:40 - 2015-12-30 19:40 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Danielta\Desktop\rkill.exe
2015-12-30 19:29 - 2015-12-30 19:29 - 00000000 ____D C:\Users\Danielta\AppData\LocalLow\Mercury Interactive
2015-12-30 19:18 - 2015-12-30 21:34 - 00000000 ____D C:\Users\Danielta\AppData\Local\HP
2015-12-29 08:57 - 2015-12-29 08:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-28 19:07 - 2015-12-28 19:07 - 00000000 ____D C:\Users\Danielta\AppData\OICE_15_974FA576_32C1D314_3FBE
2015-12-28 17:04 - 2015-12-30 12:13 - 00391928 _____ C:\Windows\CynetEPS.dat
2015-12-28 17:01 - 2015-12-16 14:01 - 01413096 _____ (Cynet) C:\Windows\CynetEPS.exe
2015-12-27 17:19 - 2015-12-27 17:19 - 00173769 _____ C:\Users\Danielta\Desktop\אמדוקס.pdf
2015-12-26 08:05 - 2015-12-26 08:05 - 00001257 _____ C:\Users\Danielta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hola.lnk
2015-12-26 08:05 - 2015-12-26 08:05 - 00000000 ____D C:\Users\Danielta\AppData\Roaming\Hola
2015-12-24 07:46 - 2015-12-24 07:46 - 04895469 _____ C:\Users\Danielta\Desktop\SDxCentral_FB-Wedge_and_Google-Datacenter.pdf
2015-12-23 08:54 - 2015-12-23 08:54 - 01600856 _____ C:\Users\Danielta\Desktop\AUA with APSdp product Pack v02.pptx
2015-12-23 08:28 - 2016-01-06 20:33 - 00004970 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {2da2d40b-84ab-45a6-a9cd-f3f62bedab91} DANIELTA01.corp.amdocs.com
2015-12-22 19:20 - 2015-12-31 17:57 - 00002646 _____ C:\Users\Danielta\Desktop\Edit1.txt
2015-12-21 18:54 - 2015-12-31 19:37 - 00004204 _____ C:\Users\Danielta\Desktop\transport pre-scoping.txt
2015-12-21 07:42 - 2015-12-21 07:42 - 00030508 _____ C:\Users\Danielta\Documents\Report (2).xlsm
2015-12-20 10:16 - 2015-12-20 10:21 - 01396189 _____ C:\Users\Danielta\Desktop\SOM 9 3_DT.pptx
2015-12-20 10:10 - 2015-12-20 10:10 - 00213415 _____ C:\Users\Danielta\Desktop\bb8-rings.zip
2015-12-18 10:48 - 2015-12-18 10:48 - 00064198 _____ C:\Users\Danielta\Desktop\Modeling Review_DT.vsdx
2015-12-17 18:04 - 2015-12-17 18:04 - 02877283 _____ C:\Users\Danielta\Desktop\advantech_webinar__121715__sildes_for_download.pdf
2015-12-17 17:48 - 2015-12-17 17:48 - 00000497 _____ C:\Users\Danielta\Downloads\121615.txt
2015-12-17 15:04 - 2015-12-17 15:04 - 00000544 _____ C:\Users\Danielta\Desktop\placeorder.zip
2015-12-17 11:11 - 2015-12-17 11:11 - 00014839 _____ C:\Users\Danielta\Desktop\Questions from Amdocs for TSystems RFI  _FR_NB_DT.xlsx
2015-12-17 10:43 - 2015-12-17 10:43 - 64178886 _____ C:\Users\Danielta\Desktop\e2eFlow_ODO_SOM.zip
2015-12-17 10:43 - 2015-12-17 10:43 - 17526116 _____ C:\Users\Danielta\Desktop\SOM_RainyDay.zip
2015-12-17 10:43 - 2015-12-17 10:43 - 17008530 _____ C:\Users\Danielta\Desktop\SOM_SunnyDay.zip
2015-12-17 10:13 - 2015-08-03 06:32 - 12529038 _____ C:\Users\Danielta\Desktop\Amdocs_OSS_SA_Training_v3.pptx
2015-12-17 10:13 - 2015-07-27 10:31 - 10410438 _____ C:\Users\Danielta\Desktop\Enterprise Solutions-v11_final.pptx
2015-12-17 10:13 - 2015-07-27 07:01 - 04808121 _____ C:\Users\Danielta\Desktop\Enterprise Solutions-light.pptx
2015-12-16 16:05 - 2015-12-16 16:39 - 00019138 _____ C:\Users\Danielta\Desktop\Features.csv
2015-12-15 18:53 - 2015-12-15 18:53 - 00479457 _____ C:\Users\Danielta\Desktop\fov_webinar__1215.pdf
2015-12-15 17:46 - 2015-12-15 17:46 - 01082119 _____ C:\Users\Danielta\Desktop\junipervirtualizing_cable_services_webinar.pdf
2015-12-15 07:16 - 2015-12-15 07:16 - 00029853 _____ C:\Users\Danielta\Documents\Report.xlsm
2015-12-14 08:46 - 2016-01-06 18:37 - 00003306 _____ C:\Windows\System32\Tasks\Amdocs Seamless Access
2015-12-13 14:41 - 2015-12-20 16:38 - 00000132 _____ C:\Users\Public\Desktop\SolveitNOW.url
2015-12-12 15:53 - 2015-10-01 20:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-12-12 15:53 - 2015-10-01 20:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-12-12 15:53 - 2015-10-01 19:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-12-12 15:52 - 2015-11-04 00:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-12 15:52 - 2015-11-03 23:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-12 15:52 - 2015-10-31 01:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-12 15:52 - 2015-10-31 01:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-12 15:52 - 2015-10-31 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-12 15:52 - 2015-10-31 01:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-12 15:52 - 2015-10-31 01:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-12 15:52 - 2015-10-31 01:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-12 15:52 - 2015-10-31 01:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-12 15:52 - 2015-10-31 01:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-12 15:52 - 2015-10-31 01:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-12 15:52 - 2015-10-31 01:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-12 15:52 - 2015-10-31 01:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-12 15:52 - 2015-10-31 01:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-12 15:52 - 2015-10-31 01:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-12 15:52 - 2015-10-31 01:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-12 15:52 - 2015-10-31 01:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-12 15:52 - 2015-10-31 01:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-12 15:52 - 2015-10-31 01:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-12 15:52 - 2015-10-31 01:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-12 15:52 - 2015-10-31 01:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-12 15:52 - 2015-10-31 00:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-12 15:52 - 2015-10-31 00:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-12 15:52 - 2015-10-31 00:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-12 15:52 - 2015-10-31 00:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-12 15:52 - 2015-10-31 00:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-12 15:52 - 2015-10-31 00:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-12 15:52 - 2015-10-31 00:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-12 15:52 - 2015-10-31 00:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-12 15:52 - 2015-10-31 00:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-12 15:52 - 2015-10-31 00:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-12 15:52 - 2015-10-31 00:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-12 15:52 - 2015-10-31 00:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-12 15:52 - 2015-10-31 00:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-12 15:52 - 2015-10-31 00:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-12 15:52 - 2015-10-31 00:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-12 15:52 - 2015-10-31 00:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-12 15:52 - 2015-10-31 00:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-12 15:52 - 2015-10-31 00:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-12 15:52 - 2015-10-31 00:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-12 15:52 - 2015-10-31 00:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-12 15:52 - 2015-10-31 00:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-12 15:52 - 2015-10-31 00:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-12 15:52 - 2015-10-31 00:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-12 15:52 - 2015-10-31 00:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-12 15:52 - 2015-10-31 00:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-12 15:52 - 2015-10-31 00:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-12 15:52 - 2015-10-31 00:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-12 15:52 - 2015-10-31 00:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-12 15:52 - 2015-10-31 00:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-12 15:52 - 2015-10-31 00:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-12 15:52 - 2015-10-31 00:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-12 15:52 - 2015-10-31 00:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-12 15:52 - 2015-10-31 00:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-12 15:52 - 2015-10-31 00:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-12 15:52 - 2015-10-31 00:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-12 15:52 - 2015-10-31 00:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-12 15:52 - 2015-10-31 00:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-12 15:52 - 2015-10-31 00:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-12 15:52 - 2015-10-31 00:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-12 15:52 - 2015-10-30 23:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-12 15:52 - 2015-10-30 23:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-12 15:52 - 2015-10-30 23:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-12 15:52 - 2015-10-30 23:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-11 19:44 - 2015-12-11 19:44 - 00000092 _____ C:\Users\Danielta\Desktop\MustDo.txt
2015-12-11 19:32 - 2015-12-11 19:32 - 01577769 _____ C:\Users\Danielta\Desktop\Migrating_To_SDN_and_NFV_FINAL.pdf
2015-12-11 18:52 - 2015-12-11 18:52 - 00000000 ____D C:\Users\Public\Foxit Software
2015-12-11 18:52 - 2015-12-11 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-12-10 10:46 - 2015-12-10 10:46 - 00030204 _____ C:\Users\Danielta\Documents\ReporterExcel1.xlsm
2015-12-10 00:05 - 2015-12-14 12:31 - 00000324 _____ C:\Users\Danielta\Desktop\L3 replanning.txt
2015-12-09 22:52 - 2015-12-09 23:23 - 00030268 _____ C:\Users\Danielta\Documents\report-sample.xlsm
2015-12-09 11:47 - 2015-12-09 11:47 - 00101577 _____ C:\Users\Danielta\Desktop\753684_305_30405.pdf
2015-12-08 19:24 - 2015-12-08 19:24 - 04385026 _____ C:\Users\Danielta\Desktop\Transformation Pre-Mortem- Navigating Through the Pitfalls.pdf
2015-12-08 18:03 - 2015-12-08 18:05 - 00455680 _____ C:\Users\Danielta\Desktop\eLynk Modelling.vsd
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-06 22:29 - 2014-11-23 10:02 - 00000000 ____D C:\FRST
2016-01-06 22:29 - 2013-01-17 04:13 - 00000000 ____D C:\Users\Danielta\Documents\Outlook Files
2016-01-06 22:28 - 2013-05-14 14:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-06 22:23 - 2013-01-15 01:34 - 00000232 _____ C:\Windows\system32\config\netlogon.ftl
2016-01-06 22:19 - 2014-01-01 21:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-06 21:56 - 2013-01-15 11:45 - 00000000 __SHD C:\Wanova Volume Information
2016-01-06 21:54 - 2013-01-15 10:35 - 00017234 __RSH C:\Users\Danielta\ntuser.pol
2016-01-06 21:54 - 2013-01-15 10:35 - 00000000 ____D C:\Users\Danielta
2016-01-06 21:33 - 2014-04-02 17:29 - 00000544 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-143744227-174999600-642189945-264072.job
2016-01-06 21:27 - 2013-01-14 15:51 - 00056628 __RSH C:\ProgramData\ntuser.pol
2016-01-06 21:01 - 2009-07-14 06:45 - 00023824 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-06 21:01 - 2009-07-14 06:45 - 00023824 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-06 20:50 - 2015-06-02 03:20 - 00000640 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-143744227-174999600-642189945-264072.job
2016-01-06 20:03 - 2009-07-14 07:13 - 00835786 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-06 20:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-01-06 19:56 - 2013-09-21 10:01 - 00000000 ____D C:\Users\Danielta\AppData\Local\BD62ADDE-A1AD-409B-8176-DE3A05B6BD92.aplzod
2016-01-06 19:55 - 2015-10-27 18:12 - 00004970 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for NTNET-DANIELTA DANIELTA01.corp.amdocs.com
2016-01-06 19:55 - 2014-06-24 15:05 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-06 19:55 - 2011-10-03 20:42 - 00000569 _____ C:\Windows\SMSCFG.INI
2016-01-06 19:54 - 2013-05-14 14:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-06 19:54 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-06 19:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows
2016-01-06 12:01 - 2013-01-16 15:55 - 00000000 ____D C:\Users\Danielta\Documents\DOX
2016-01-06 11:47 - 2013-01-21 08:35 - 00000000 ____D C:\Users\Danielta\Documentum
2016-01-05 17:15 - 2015-07-20 06:58 - 00000000 ____D C:\pcd_tmpl32
2016-01-04 12:57 - 2015-02-15 21:28 - 00000000 ____D C:\Users\Danielta\AppData\LocalLow\LastPass
2016-01-03 19:50 - 2015-02-20 12:46 - 00000000 ____D C:\Users\Danielta\Downloads\Tornado
2016-01-03 15:32 - 2013-01-17 09:23 - 00000000 ____D C:\Users\Danielta\AppData\Roaming\Skype
2016-01-03 14:10 - 2013-10-06 07:23 - 00000438 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-01-03 08:36 - 2014-06-02 12:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-02 12:24 - 2013-01-22 18:08 - 00003420 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2015-12-31 12:32 - 2013-03-05 03:11 - 00000600 _____ C:\Users\Danielta\AppData\Local\PUTTY.RND
2015-12-30 22:51 - 2015-06-02 03:20 - 00003670 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-143744227-174999600-642189945-264072
2015-12-30 22:51 - 2014-04-02 17:29 - 00003574 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-143744227-174999600-642189945-264072
2015-12-30 19:30 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2015-12-30 08:11 - 2014-05-12 20:35 - 00000000 ____D C:\Windows\Minidump
2015-12-30 08:11 - 2013-01-14 15:51 - 00000000 ____D C:\Windows\wlansvc
2015-12-29 09:30 - 2015-02-15 21:42 - 00000000 ____D C:\Users\Danielta\Downloads\Hola
2015-12-29 08:57 - 2014-05-19 09:46 - 00000000 ____D C:\Users\Danielta\AppData\Local\Skype
2015-12-29 08:57 - 2013-01-17 09:23 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-29 08:57 - 2013-01-17 09:23 - 00000000 ____D C:\ProgramData\Skype
2015-12-28 21:19 - 2014-01-01 21:47 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-28 21:19 - 2013-08-13 17:08 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-28 21:19 - 2013-08-13 17:08 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-28 09:36 - 2014-12-14 16:02 - 00000000 ____D C:\ProgramData\HP
2015-12-28 08:39 - 2014-02-17 16:30 - 00000000 ____D C:\Windows\ccmcache
2015-12-28 08:20 - 2014-09-22 07:08 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-28 08:19 - 2014-09-22 07:09 - 00000000 ____D C:\Program Files (x86)\Aternity Information Systems
2015-12-28 08:19 - 2013-10-07 06:58 - 00000000 ____D C:\ProgramData\Aternity
2015-12-28 08:17 - 2015-01-07 11:55 - 00000000 ____D C:\Windows\discagnt
2015-12-28 08:17 - 2011-10-03 20:42 - 00000000 ____D C:\Windows\ccmsetup
2015-12-28 08:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Registration
2015-12-27 09:25 - 2013-01-30 22:49 - 00000227 _____ C:\Windows\mercury.ini
2015-12-26 08:05 - 2014-11-22 19:08 - 00000000 ____D C:\Users\Danielta\AppData\Local\Hola
2015-12-24 08:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Branding
2015-12-23 10:31 - 2013-12-20 22:56 - 00000000 ____D C:\Users\Danielta\AppData\Local\ElevatedDiagnostics
2015-12-23 10:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-23 08:26 - 2009-07-14 05:20 - 00000000 __RSD C:\Windows\Media
2015-12-22 08:18 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Performance
2015-12-20 11:38 - 2013-09-16 20:35 - 00000000 ____D C:\Users\Danielta\AppData\Roaming\vlc
2015-12-20 11:21 - 2013-01-14 15:50 - 00000000 ____D C:\temp
2015-12-20 08:31 - 2010-11-21 08:30 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2015-12-17 10:12 - 2013-05-23 14:02 - 00000000 ____D C:\Users\Danielta\AppData\Roaming\dvdcss
2015-12-13 01:01 - 2015-10-22 03:21 - 00000000 ____D C:\Windows\rescache
2015-12-12 22:13 - 2010-11-21 08:30 - 00000000 ____D C:\Program Files\Windows Journal
2015-12-09 07:48 - 2013-01-16 16:00 - 00000000 ____D C:\Users\Danielta\AppData\Roaming\Launchy
2015-12-09 07:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\TAPI
2015-12-07 22:14 - 2014-12-31 11:47 - 00742696 _____ C:\Windows\scan.exe
2015-12-07 22:14 - 2014-12-31 11:47 - 00002537 _____ C:\Windows\scan.cxz
2015-12-07 16:22 - 2013-01-16 18:00 - 00000000 ____D C:\Users\Danielta\AppData\Local\Deployment
 
==================== Files in the root of some directories =======
 
2015-06-01 15:14 - 2015-06-01 15:14 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-05-16 01:58 - 2013-05-16 01:58 - 0038475 _____ () C:\Users\Danielta\AppData\Roaming\Comma Separated Values (DOS).ADR
2014-11-24 22:19 - 2014-11-24 23:03 - 0000199 _____ () C:\Users\Danielta\AppData\Roaming\wfcwin32.log
2015-11-30 21:18 - 2015-12-02 03:13 - 0045363 _____ () C:\Users\Danielta\AppData\Local\brand screensaver 2015 english.swf
2016-01-04 14:27 - 2016-01-06 21:14 - 0041356 _____ () C:\Users\Danielta\AppData\Local\Corp brand screensaver 2015-5.swf
2013-02-20 01:00 - 2013-03-18 01:00 - 0004608 _____ () C:\Users\Danielta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-13 16:37 - 2014-07-13 16:37 - 0004096 ____H () C:\Users\Danielta\AppData\Local\keyfile3.drm
2013-03-05 03:11 - 2015-12-31 12:32 - 0000600 _____ () C:\Users\Danielta\AppData\Local\PUTTY.RND
2013-05-11 17:19 - 2013-05-11 17:19 - 0007660 _____ () C:\Users\Danielta\AppData\Local\Resmon.ResmonCfg
2016-01-04 14:27 - 2016-01-06 21:14 - 0000766 _____ () C:\Users\Danielta\AppData\Local\scrcfg.ini
2015-02-21 16:55 - 2015-02-22 18:36 - 0021606 _____ () C:\Users\Danielta\AppData\Local\Values Screensaver V1 Full Screen.swf
2015-02-25 13:11 - 2015-02-25 13:11 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
C:\Users\BOPCADMIN\AppData\Local\Temp\qwinsta.exe
C:\Users\Danielta\AppData\Local\Temp\proxy_vole8573235923331335182.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-30 11:56
 
==================== End of FRST.txt ============================
 
 
Here is the Addition.txt log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-01-2015
Ran by DANIELTA (2016-01-06 22:29:45)
Running from C:\Users\Danielta\Desktop
Windows 7 Enterprise Service Pack 1 (X64) (2013-01-14 13:38:03)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2052783435-2297677196-4228755123-500 - Administrator - Enabled)
Guest (S-1-5-21-2052783435-2297677196-4228755123-501 - Limited - Disabled)
PCManager (S-1-5-21-2052783435-2297677196-4228755123-1003 - Administrator - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 17.2.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Amdocs Connection Manager (Seamless) (HKLM-x32\...\{2536B0FB-0389-4CE3-8BDA-45BE0CCE4D2F}) (Version: 2.4.6.0 - Amdocs)
Amdocs Outlook Add-In (HKLM-x32\...\{6740E5FA-9AD1-4304-A395-31CF46A937E7}) (Version: 2.22.0.0 - Amdocs Ltd.)
Amdocs PC Maintenance Pack - May 2013 (HKLM-x32\...\PCMP) (Version:  - Amdocs)
Amdocs Screen Saver 2012 (x32 Version: 1.0.0 - Amdocs) Hidden
Amdocs Software Catalog (HKLM-x32\...\{45B24212-C887-4CB2-8605-7FFC4655EEE3}) (Version: 3.9.5.0 - Amdocs)
APM Monitor 8.3.0.pb00_hf04 (HKU\S-1-5-21-143744227-174999600-642189945-264072\...\APM Monitor 8.3.0.pb00_hf04) (Version:  - Amdocs Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Array SSL VPN (HKLM\...\SSL VPN Client) (Version: 9.3.0.0 - Array Networks)
AT&T Conferencing Outlook Add-in v10.5.15 (HKLM-x32\...\{B13278C5-66E9-4BE6-97A5-C025CDC2F6BA}) (Version: 10.5.15 - AT&T Inc.)
AT&T Connect Participant Application v9.5.51 (HKLM-x32\...\{E42E8753-9A8E-48E9-9829-B3571D91A945}) (Version: 9.5.51 - AT&T Inc.)
AT&T Connect Recording Converter Utility v1.0.51 (HKLM-x32\...\{71F8B03E-D6B6-416F-8BD3-A93ED8770F31}) (Version: 1.0.51 - AT&T Inc.)
Aternity Agent (x32 Version: 8.08.15 - Aternity Information Systems Ltd.) Hidden
Aternity Agent Pack (x32 Version: 8.0.8.84 - Aternity Information Systems Ltd.) Hidden
Aternity Assistant (x32 Version: 1.76.38 - Aternity Information Systems Ltd.) Hidden
Babylon-Enterprise Client (HKLM-x32\...\{19D9F11A-F5B9-4F5D-BE2D-A3EC80A8BF8E}) (Version: 9.00.0355 - Babylon Ltd.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BrowserTraySwitch 2.05.01 (HKLM-x32\...\BrowserTraySwitch_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
Citrix XenApp Plugin for Hosted Apps (HKLM-x32\...\{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
Configuration Manager Client (Version: 5.00.7958.1000 - Microsoft Corporation) Hidden
Dropbox (HKU\S-1-5-21-143744227-174999600-642189945-264072\...\Dropbox) (Version: 1.6.17 - Dropbox, Inc.)
DST 2014 Chile (x32 Version: 1.0 - Amdocs) Hidden
ECAT Agent (Version: 4.0.0.5 - EMC Corporation) Hidden
Enterprise Architect 9.2 (HKLM-x32\...\{CC98E8B3-FAAA-4D09-A813-A44C9FA1A3EE}) (Version: 9.2.920.108 - Sparx Systems)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.8.1124 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Talk (remove only) (HKU\S-1-5-21-143744227-174999600-642189945-264072\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 7.8.1.4190 (HKU\S-1-5-21-143744227-174999600-642189945-264072\...\GoToMeeting) (Version: 7.8.1.4190 - CitrixOnline)
Hola™ 1.10.994 - Better Internet (HKU\S-1-5-21-143744227-174999600-642189945-264072\...\Hola) (Version: 1.10.994 - Hola Networks Ltd.)
HP Deskjet 4640 series Basic Device Software (HKLM\...\{81DC7FEB-87CF-4E3E-8A1C-83C837215DC7}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
iPass Open Mobile (HKLM-x32\...\{341DEA27-2A38-4FC5-A1B0-20FF3B8E73D4}) (Version:  - iPass)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Java™ 6 Update 27 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216027FF}) (Version: 6.0.270 - Oracle)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version:  - Code Jelly)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Patch Utility (HKLM-x32\...\{A7BB9BBD-DFE4-4276-820A-7CD141FC09E6}) (Version: 1.3.0.007 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{1C83CB66-D345-4D6C-95A2-63A03269ADA0}) (Version: 1.3.0.007 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MDOP MBAM (HKLM\...\{E3223BF7-23F4-4EEA-AD30-39F362FD9ED7}) (Version: 2.1.0117.0 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Lync 2013 (HKLM-x32\...\Office15.LYNC) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{530923FF-A970-4952-9D2F-5FF3C874B50A}) (Version: 15.8.8308.920 - Microsoft Corporation)
Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1105-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1024 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Facebook 32-bit (HKLM-x32\...\{95140000-007C-0409-0000-0000000FF1CE}) (Version: 14.0.6114.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visio Viewer 2013 (HKLM\...\{95150000-0052-0409-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 43.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.3 (x86 en-US)) (Version: 43.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.3.5835 - Mozilla)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.24.00 - )
Oracle WebLogic (HKLM-x32\...\Oracle WebLogic) (Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Popcorn Time (HKU\S-1-5-21-143744227-174999600-642189945-264072\...\Popcorn Time) (Version:  - Popcorn Official)
Product Improvement Study for HP Deskjet 4640 series (HKLM\...\{D4AE800D-93CD-4F38-8897-ED2FCF6FF8F3}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Proxy Switcher (HKLM-x32\...\{47EB8A2A-84C1-4CC7-B5F4-9EFC344D0D20}) (Version: 1.9.11 - OnyxBox Software)
Pushbullet version 312 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 312 - Pushbullet Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6617 - Realtek Semiconductor Corp.)
Reflector (HKLM\...\{755B7570-F3BB-45DE-B6CB-20A607AB760B}) (Version: 1.2.6 - Squirrels)
RSA SecurID Software Token (HKLM-x32\...\{24C4AC5A-67A4-4E1D-B30C-8C7A01712607}) (Version: 4.1.0 - RSA, The Security Division of EMC)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Snagit 10 (HKLM-x32\...\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}) (Version: 10.0.0 - TechSmith Corporation)
SoapUI 5.2.1 5.2.1 (HKLM\...\5517-2803-0637-4585) (Version: 5.2.1 - SmartBear Software)
SubWiji (HKU\S-1-5-21-143744227-174999600-642189945-264072\...\31e6f982f8118abc) (Version: 1.5.5.53 - SubWiji)
Symantec Endpoint Protection (HKLM\...\{B53661DC-CD94-4B14-B15F-D9DDCFF72558}) (Version: 12.1.4013.4013 - Symantec Corporation)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
TeamPlayer (HKU\S-1-5-21-143744227-174999600-642189945-264072\...\174f0619f139f297) (Version: 34.0.0.0 - Amdocs IMIS)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.24 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.65.05.20 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.2 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.10 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.74 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.09 - Lenovo)
Tivoli Challenge Response (HKLM-x32\...\Tivoli Challenge Response) (Version: 1.0.0.0 - IBM)
UltraEdit 16.20 (HKLM-x32\...\{B235AB91-08A9-4DED-9DE0-B9594A5F7DCF}) (Version: 16.20.10 - IDM Computer Solutions, Inc.)
Viber (HKU\S-1-5-21-143744227-174999600-642189945-264072\...\Viber) (Version: 3.0.0.134193 - Viber Media Inc)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware Mirage Client (HKLM\...\{92AB68FE-99A1-4C91-87E8-24DBDFD2D94A}) (Version: 5.2.0.21788 - VMware, Inc.)
WinZip 15.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}) (Version: 15.5.9579 - WinZip Computing, S.L. )
Yammer Notifier (HKU\S-1-5-21-143744227-174999600-642189945-264072\...\8c3c8c06fefda92b) (Version: 1.0.0.498 - Microsoft Corporation)
כלי ההגהה של Microsoft Office 2013 - עברית (HKLM-x32\...\{90150000-001F-040D-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-143744227-174999600-642189945-264072_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Danielta\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-143744227-174999600-642189945-264072_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll ()
CustomCLSID: HKU\S-1-5-21-143744227-174999600-642189945-264072_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Danielta\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-143744227-174999600-642189945-264072_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Danielta\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-143744227-174999600-642189945-264072_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Danielta\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-143744227-174999600-642189945-264072_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Danielta\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00F21E9E-565E-43BF-B3C2-7626D0631F45} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {030760F9-52C9-4F5F-A80A-5533EE7F9D5E} - System32\Tasks\Amdocs Seamless Access => C:\Program Files (x86)\Amdocs Connection Manager\ACMLite.exe [2015-03-22] (amdocs)
Task: {0E7378DB-5691-4025-900D-95CE4726CD14} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [2013-09-11] (Microsoft Corporation)
Task: {25FF604F-542B-486F-8F60-8578469D7325} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {363A9DEE-FD98-427A-BBDF-2714895AD41F} - System32\Tasks\G2MUploadTask-S-1-5-21-143744227-174999600-642189945-264072 => C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mupload.exe [2015-12-30] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {477FCC3F-A001-4834-AACB-E221A2826D34} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {4B5AEE68-BCA9-4BA0-B4DD-8DEB88AB65AD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {4E26DC1B-B0A8-47C6-8C85-E176B6A1F8CD} - System32\Tasks\HPCustParticipation HP Deskjet 4640 series => C:\Program Files\HP\HP Deskjet 4640 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {78980C7C-EF17-4FED-8CC1-2E3E8DC1ED05} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {8855F333-2C98-4887-AB3A-3741EBF82CF2} - System32\Tasks\{8EB3FA07-01DF-43F0-9B83-9206A050EACF} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.1.0.129.272&amp;LastError=12002
Task: {8986D34C-9B61-4A8F-8E09-3AFF3CDC317D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {90888E7E-BCD2-4E72-B362-951E9AA7408D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {B54C32FE-7F87-46FE-BD2C-E3B31096091A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for NTNET-DANIELTA DANIELTA01.corp.amdocs.com => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {B5E005C3-8CB2-47FB-AC9C-A88E1C39746F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {BC503944-872E-481D-8747-3D284CAC0E71} - System32\Tasks\G2MUpdateTask-S-1-5-21-143744227-174999600-642189945-264072 => C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mupdate.exe [2015-12-30] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {BE6838D0-FDBB-4D78-931C-DE6A2DCD984C} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-04-26] (Apple Inc.)
Task: {D4854B74-35DF-4947-AD44-46066962705D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-28] (Adobe Systems Incorporated)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {EBA85C1B-0350-4F64-965E-4F665A821EFD} - System32\Tasks\Mirage => cmd.exe /c "C:\Program Files\Wanova\Mirage Service\task.cmd"
Task: {F7A3900F-1D86-43E1-AA0F-99FA9ADBE5D4} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {2da2d40b-84ab-45a6-a9cd-f3f62bedab91} DANIELTA01.corp.amdocs.com => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {FF5895D8-A5D8-4BD5-A661-C112DCD8951A} - System32\Tasks\{1F41459C-A08E-4C17-841F-8A0CA69FB811} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.1.0.129.272&amp;LastError=12002
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-143744227-174999600-642189945-264072.job => C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-143744227-174999600-642189945-264072.job => C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Danielta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amdocs CRM Launcher 1.6\AmdocsCRM SmartClient Launcher 1.6.lnk -> C:\Windows\SysWOW64\javaws.exe (Sun Microsystems, Inc.) -> -localfile -J-Djnlp.application.href=hxxp://apssjnlpsrv/smartclient/CRM/LaunchCrm2.jnlp "C:\Users\Danielta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\1648ba19-4c7992ca"
ShortcutWithArgument: C:\Users\Danielta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amdocs ASMS\Amdocs OSS Service Management.lnk -> C:\Windows\SysWOW64\javaws.exe (Sun Microsystems, Inc.) -> -localfile -J-Djnlp.application.href=hxxp://illin859:53601/AmdocsOSSsm/CRM/Crm.jnlp "C:\Users\Danielta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\24ac1220-6873e3e4"
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-12-17 23:53 - 2010-12-17 23:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 13:25 - 2015-09-15 13:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-26 08:15 - 2015-06-26 08:15 - 01000200 _____ () C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
2015-06-26 08:16 - 2015-06-26 08:16 - 00649480 _____ () C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe
2014-11-30 21:32 - 2014-11-30 21:32 - 00434176 _____ () C:\Program Files\Wanova\Mirage Service\Wanova.Common.SerializedObjects.XmlSerializers.dll
2012-10-01 20:34 - 2012-10-01 20:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-07-17 13:28 - 2012-03-19 14:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-16 16:00 - 2010-11-10 19:38 - 00380928 _____ () C:\Program Files (x86)\Launchy\Launchy.exe
2015-06-26 08:16 - 2015-06-26 08:16 - 00188680 _____ () C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe
2013-02-26 22:59 - 2009-07-14 15:48 - 00217088 _____ () C:\Program Files (x86)\BrowserTraySwitch\BrowserTraySwitch.exe
2014-11-12 17:17 - 2014-11-12 17:17 - 06484128 _____ () C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconv.exe
2011-03-04 22:49 - 2011-03-04 22:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2013-01-15 11:16 - 2010-03-12 21:23 - 00222208 _____ () C:\Oracle\Middleware\jrockit_160_17_R28.0.0-679\jre\bin\osal.dll
2013-01-15 11:16 - 2010-03-12 21:23 - 00188928 _____ () C:\Oracle\Middleware\jrockit_160_17_R28.0.0-679\jre\bin\util.dll
2013-01-15 11:16 - 2010-03-12 21:23 - 00152576 _____ () C:\Oracle\Middleware\jrockit_160_17_R28.0.0-679\jre\bin\jfr.dll
2013-01-15 11:14 - 2013-01-15 11:14 - 00053248 _____ () C:\Oracle\Middleware\wlserver_10.3\server\native\win\32\nodemanager.dll
2015-11-08 15:26 - 2015-11-08 15:26 - 00284192 _____ () C:\Program Files (x86)\Aternity Information Systems\Agent\LocalResourcesWin32Wrapper.dll
2015-11-08 15:26 - 2015-11-08 15:26 - 00092704 _____ () C:\Program Files (x86)\Aternity Information Systems\Agent\ExceptionDumper.dll
2015-11-08 15:26 - 2015-11-08 15:26 - 00134688 _____ () C:\Program Files (x86)\Aternity Information Systems\Agent\ManagedIPCConsumer.dll
2013-08-20 16:02 - 2013-08-20 16:02 - 00092456 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2012-07-03 18:48 - 2012-07-03 18:48 - 00886272 _____ () C:\Program Files (x86)\iPass\Open Mobile\bin\System.Data.SQLite.dll
2012-07-03 18:59 - 2012-07-03 18:59 - 01105920 _____ () C:\Program Files (x86)\iPass\Open Mobile\bin\NDISAPI.dll
2012-07-03 19:08 - 2012-07-03 19:08 - 00173056 _____ () C:\Program Files (x86)\iPass\Open Mobile\bin\net_libConnect.dll
2015-09-15 13:25 - 2015-09-15 13:25 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-11-12 14:29 - 2013-11-12 14:29 - 00030720 _____ () C:\Program Files (x86)\ATT Connect\Participant\IwRegVC90.dll
2013-11-12 14:22 - 2013-11-12 14:22 - 00010240 _____ () C:\Program Files (x86)\ATT Connect\Participant\exchndl.dll
2013-11-12 14:29 - 2013-11-12 14:29 - 00097280 _____ () C:\Program Files (x86)\ATT Connect\Participant\IWhttpClientVC90.dll
2013-01-16 16:00 - 2009-12-16 22:13 - 08314880 _____ () C:\Program Files (x86)\Launchy\QtGui4.dll
2013-01-16 16:00 - 2009-12-16 21:54 - 02236416 _____ () C:\Program Files (x86)\Launchy\QtCore4.dll
2013-01-16 16:00 - 2009-12-16 21:56 - 00712704 _____ () C:\Program Files (x86)\Launchy\QtNetwork4.dll
2013-01-16 16:00 - 2009-12-17 00:18 - 00233472 _____ () C:\Program Files (x86)\Launchy\imageformats\qmng4.dll
2013-01-16 16:00 - 2010-11-10 19:39 - 00081920 _____ () C:\Program Files (x86)\Launchy\plugins\calcy.dll
2013-01-16 16:00 - 2010-11-10 19:39 - 00090112 _____ () C:\Program Files (x86)\Launchy\plugins\controly.dll
2013-01-16 16:00 - 2010-11-10 19:38 - 00024064 _____ () C:\Program Files (x86)\Launchy\plugins\gcalc.dll
2013-01-16 16:00 - 2010-11-10 19:38 - 00094208 _____ () C:\Program Files (x86)\Launchy\plugins\runner.dll
2013-01-16 16:00 - 2010-11-10 19:38 - 00057344 _____ () C:\Program Files (x86)\Launchy\plugins\verby.dll
2013-01-16 16:00 - 2010-11-10 19:38 - 00122880 _____ () C:\Program Files (x86)\Launchy\plugins\weby.dll
2005-09-21 13:57 - 2005-09-21 13:57 - 04325376 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\qt-mt335.dll
2014-11-12 17:17 - 2014-11-12 17:17 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\Office15\tmpod.dll
2014-01-23 06:55 - 2014-01-23 06:55 - 01030312 _____ () C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2014-04-25 12:23 - 2014-04-25 12:23 - 00022696 _____ () C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconvpxy.dll
2015-11-08 15:26 - 2015-11-08 15:26 - 00045088 _____ () C:\Program Files (x86)\Aternity Information Systems\Agent\ManagedWatchdogCommunicator.dll
2015-11-08 15:26 - 2015-11-08 15:26 - 00058912 _____ () C:\Program Files (x86)\Aternity Information Systems\Agent\VCMonitoring.dll
2015-12-16 21:39 - 2015-12-11 05:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-16 21:39 - 2015-12-11 05:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2010-08-31 16:20 - 2010-08-31 16:20 - 00966144 _____ () C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\uejs.dll
2010-08-31 16:20 - 2010-08-31 16:20 - 00303104 _____ () C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\idm_tidylib.dll
2010-08-31 16:20 - 2010-08-31 16:20 - 00059904 _____ () C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\GNU\zlib1.dll
2010-08-31 16:20 - 2010-08-31 16:20 - 02266112 _____ () C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\GNU\libxml2.dll
2009-11-04 20:14 - 2009-11-04 20:14 - 02028280 _____ () C:\Program Files (x86)\RSA SecurID Token Common\QtCore4.dll
2009-11-04 20:14 - 2009-11-04 20:14 - 07275256 _____ () C:\Program Files (x86)\RSA SecurID Token Common\QtGui4.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:D8999815
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VPNInstallManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VPNService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vpntdi => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VPNInstallManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VPNService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vpntdi => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-143744227-174999600-642189945-264072\...\amadeus.com -> amadeus.com
IE trusted site: HKU\S-1-5-21-143744227-174999600-642189945-264072\...\azure-mobile.net -> hxxps://bo-mobileenrollment.azure-mobile.net
IE trusted site: HKU\S-1-5-21-143744227-174999600-642189945-264072\...\cbgnl -> hxxp://cbgnl
IE trusted site: HKU\S-1-5-21-143744227-174999600-642189945-264072\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-143744227-174999600-642189945-264072\...\microsoftonline.com -> hxxps://login.microsoftonline.com
IE trusted site: HKU\S-1-5-21-143744227-174999600-642189945-264072\...\salespoint -> hxxp://salespoint
IE trusted site: HKU\S-1-5-21-143744227-174999600-642189945-264072\...\service-now.com -> service-now.com
IE trusted site: HKU\S-1-5-21-143744227-174999600-642189945-264072\...\servicenow.com -> servicenow.com
IE trusted site: HKU\S-1-5-21-143744227-174999600-642189945-264072\...\sharepoint.com -> hxxps://amdocs-public.sharepoint.com
IE trusted site: HKU\S-1-5-21-143744227-174999600-642189945-264072\...\successfactors.com -> hxxps://performancemanager4.successfactors.com
IE trusted site: HKU\S-1-5-21-143744227-174999600-642189945-264072\...\windows.net -> hxxps://login.windows.net
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2015-12-21 13:00 - 00001112 ____A C:\Windows\system32\Drivers\etc\hosts
 
10.232.148.68     ossvm.corp.amdocs.com ossvm
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-143744227-174999600-642189945-264072\Control Panel\Desktop\\Wallpaper -> C:\Users\Danielta\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: ) (EnableLUA: )
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Box Sync.lnk => C:\Windows\pss\Box Sync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Proxy Switcher.lnk => C:\Windows\pss\Proxy Switcher.lnk.CommonStartup
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BoxSyncHelper => "C:\Program Files\Box Sync\BoxSyncHelper.exe"
MSCONFIG\startupreg: BrowserPlugInHelper => C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe
MSCONFIG\startupreg: googletalk => C:\Users\Danielta\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{526FB851-9CBB-4604-880D-CC38693D314C}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{9EC7E9D5-B07E-4F57-BBAD-D9EFD305FCF8}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{F39F2589-A12C-4BDA-BB21-05B49513FDC0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{850B2FD2-918B-43B3-A148-F6EC0D065619}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{125B7551-73E0-42DB-9E90-4BA6C37359E7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{48A5999B-06E5-4743-B021-06194FE9D5D5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{19D1427C-67B5-4903-9132-6FD09CA283FF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{53542B4E-1D84-4DC4-9D6F-BB5403139F89}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{59AE1394-9854-4A6F-8D7C-F7AD58220C12}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{E3E5621D-A975-41BA-A986-BE8ACD2B77E9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
FirewallRules: [{B34E87D2-87AB-4901-9C60-7082E86E7062}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
FirewallRules: [{AF80A882-328C-4A09-8D69-69D76FEC94E2}] => (Allow) C:\Users\Danielta\AppData\Local\Viber\Viber.exe
FirewallRules: [{8C512EA6-EB43-4B83-BF38-4A79AE674A02}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
FirewallRules: [{561F4AFA-BFCA-4D51-8CBE-BFF291ECB78D}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
FirewallRules: [{DE3BFC2B-47F4-4974-8D7C-A6546FB2ADC9}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe
FirewallRules: [{8540560A-92A3-49BF-B0B4-16D352F6532E}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe
FirewallRules: [{6D56F9F6-8241-4DF1-88BF-9C432F24C3D6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{406B91EF-09DE-4243-AC4D-DC24A09E904F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{E3E290E7-E555-4BC8-B3CB-0DCEC9E4B1CC}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2756862D-4B8F-4D10-9D17-7DF0252AF380}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8B7F5459-8B04-4E6F-917D-295F85A323CB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{D8E8DDCD-644B-40DA-8DB7-F170A15A396C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{6ABAA398-F800-4F93-B1CF-C6D9D9E3CA62}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6270E18D-C286-4096-BEC2-FCFF3E0AB30A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9A449C15-7B57-4B8C-9A5C-AE1A862563E2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B2A05CD6-A51C-41E6-BF65-2B9B67AC572D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4C8012BF-3584-4B5A-8ACC-A4FDDF51964C}] => (Allow) C:\Program Files\HP\HP Deskjet 4640 series\bin\FaxApplications.exe
FirewallRules: [{3946B511-6C28-4A49-8C8A-B4D8D1A03CEC}] => (Allow) C:\Program Files\HP\HP Deskjet 4640 series\bin\DigitalWizards.exe
FirewallRules: [{4AEED7C1-A740-4479-BD6D-B6D0B95865A2}] => (Allow) C:\Program Files\HP\HP Deskjet 4640 series\bin\SendAFax.exe
FirewallRules: [{4C2A0609-289C-47B7-AC23-656F6B8129A4}] => (Allow) C:\Program Files\HP\HP Deskjet 4640 series\Bin\DeviceSetup.exe
FirewallRules: [{945AF787-F7C0-4C2C-835F-8EE08669DA55}] => (Allow) LPort=5357
FirewallRules: [{2AC1B825-03A0-47EC-8F25-B3B203A1568E}] => (Allow) C:\Program Files\HP\HP Deskjet 4640 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{A5AAA207-31CB-4325-978A-27AE8EBB1E90}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
FirewallRules: [{8CD45683-160B-4E96-8A27-15363B84A917}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
FirewallRules: [{9208FDEC-C0BD-4BFE-AD2A-C57229B1AAAF}] => (Allow) C:\Program Files\Leo\Leo.exe
FirewallRules: [{6F5988FA-445B-40CF-B51E-1E0E688927A8}] => (Allow) C:\Users\Danielta\AppData\Local\Hola\firefox\app\hola_plugin.exe
FirewallRules: [{0831D498-9839-449E-8890-455989E7F1BE}] => (Allow) C:\Users\Danielta\AppData\Local\Hola\firefox\app\hola_plugin.exe
FirewallRules: [{1615D324-DF99-47D5-A31E-8BE7BEBC98A5}] => (Allow) C:\Windows\CCM\RemCtrl\CmRcService.exe
FirewallRules: [{787BB4E6-DF5E-4F77-84B0-E7998E25088A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3118435A-3816-43E3-8CA0-55337BDF0CF7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7B29E9D1-1870-482C-905E-7C5CF3D15B81}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{14D2E15C-B72E-4BE3-BA41-3C77B3A158A9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5EF4F7FD-8D6B-4DC3-904B-F604A010331C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E6FEE67A-B925-4845-8F5B-2B0DA25CC9D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C4E67266-F109-4CBA-B472-D61066CF92BA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2BC225F2-4EBC-44AD-BD7F-A278D51A19BC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Array Networks VPN Adapter
Description: Array Networks SSL VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Array Networks
Service: ATP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 4000 Series
Description: HP LaserJet 4000 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 2200
Description: HP LaserJet 2200
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Symantec Iron Driver
Description: Symantec Iron Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SymIRON
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: HP Color LaserJet CP4520 Series
Description: HP Color LaserJet CP4520 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: BHDrvx64
Description: BHDrvx64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: BHDrvx64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: HP Color LaserJet 4700
Description: HP Color LaserJet 4700
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP LaserJet 4000 Series
Description: HP LaserJet 4000 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 4000 Series
Description: HP LaserJet 4000 Series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: StorLib bus (virtual storages support)
Description: StorLib bus (virtual storages support)
Class Guid: {1378e71b-ab4d-4348-af26-cba56b12969e}
Manufacturer: SugarSync
Service: SSCBFS3
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: HP LaserJet MFP M630
Description: HP LaserJet MFP M630
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: hp LaserJet 4350
Description: hp LaserJet 4350
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP LaserJet 4050 Series
Description: HP LaserJet 4050 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 4050 Series
Description: HP LaserJet 4050 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet MFP M630
Description: HP LaserJet MFP M630
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP Color LaserJet CP5225n
Description: HP Color LaserJet CP5225n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet MFP M630
Description: HP LaserJet MFP M630
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP Color LaserJet CP5225n
Description: HP Color LaserJet CP5225n
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: hp LaserJet 4350
Description: hp LaserJet 4350
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 700 color MFP M775
Description: HP LaserJet 700 color MFP M775
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Color LaserJet 4700
Description: HP Color LaserJet 4700
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 4000 Series
Description: HP LaserJet 4000 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 4000 Series
Description: HP LaserJet 4000 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 4000 Series
Description: HP LaserJet 4000 Series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Color LaserJet CP5225n
Description: HP Color LaserJet CP5225n
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP LaserJet 700 color MFP M775
Description: HP LaserJet 700 color MFP M775
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 4050 Series
Description: HP LaserJet 4050 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/06/2016 10:13:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=88, authorId=0, vendorId=0, vendorType=0
 
Error: (01/06/2016 10:13:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=0, vendorId=0, vendorType=0
 
Error: (01/06/2016 10:13:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=13, authorId=0, vendorId=0, vendorType=0
 
Error: (01/06/2016 10:13:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (01/06/2016 10:13:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (01/06/2016 10:13:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (01/06/2016 10:13:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0
 
Error: (01/06/2016 10:13:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=8086, vendorId=0, vendorType=0
 
Error: (01/06/2016 10:13:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=18, authorId=8086, vendorId=0, vendorType=0
 
Error: (01/06/2016 10:13:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=2526, vendorId=0, vendorType=0
 
 
System errors:
=============
Error: (01/06/2016 07:55:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{05D1D5D8-18D1-4B83-85ED-A0F99D53C885}{AD65A69D-3831-40D7-9629-9B0B50A93843}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/06/2016 07:55:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/06/2016 07:55:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (01/06/2016 07:54:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
BHDrvx64
cdrom
iastor
SymIRON
 
Error: (01/06/2016 07:54:10 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NTNET)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (01/06/2016 07:54:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{1CCB96F4-B8AD-4B43-9688-B273F58E0910}{AD65A69D-3831-40D7-9629-9B0B50A93843}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/06/2016 07:54:04 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (01/06/2016 07:54:02 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain NTNET due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (01/06/2016 07:54:01 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:51:07 PM on ‎1/‎6/‎2016 was unexpected.
 
Error: (01/06/2016 07:42:17 PM) (Source: Kerberos) (EventID: 4) (User: )
Description: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server danielta01$. The target name used was host/lndtlm01. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (CORP.AMDOCS.COM) is different from the client domain (CORP.AMDOCS.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
 
 
CodeIntegrity:
===================================
  Date: 2016-01-06 19:56:08.923
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-06 18:40:51.139
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-06 18:32:48.842
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-06 15:39:45.148
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-06 15:28:59.333
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-05 19:25:18.987
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-04 15:28:44.817
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-04 15:28:44.716
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-04 15:28:40.589
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-04 14:26:06.645
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 66%
Total physical RAM: 7887.79 MB
Available physical RAM: 2667.42 MB
Total Virtual: 15773.76 MB
Available Virtual: 9821.18 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:232.69 GB) (Free:13.54 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0000F126)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
And here is the latest MBAM.log:
 
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2016/01/06 01:51:30 +0200</date>
<logfile>mbam-log-2016-01-06 (01-51-19).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.2.0.1024</version>
<malware-database>v2016.01.05.06</malware-database>
<rootkit-database>v2016.01.05.01</rootkit-database>
<license>premium</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<hostname>DANIELTA01</hostname>
<ip>10.233.193.176, 10.0.84.226</ip>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>DANIELTA</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>491704</objects>
<time>471</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>
 


#7 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:42 PM

Posted 06 January 2016 - 04:23 PM

I need some time to check your log...

 

Please tell me is the computer part of a Domain?

 

 

Edit: I would like to test the suspicious svchost.exe can you please upload the file here: http://www.bleepingcomputer.com/submit-malware.php


Edited by SleepyDude, 06 January 2016 - 06:34 PM.
Add Upload request

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#8 dantal33

dantal33
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 06 January 2016 - 07:49 PM

Hi,

I've uploaded the file as you requested.

 

Yes, the computer is part of a domain.



#9 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:42 PM

Posted 07 January 2016 - 04:33 AM

Hi,

 

I see that the machine is from a Corporate, we don't usually work on machines belonging to companies because there are security restrictions and other specific configurations that we don't want to mess and could put you in troubles if we do.

 

The computer is centrally managed by the company and they have a software installed VMware Mirage Client that could be used to revert any change made to the system if they want.

 

I'm convinced that the svchost file on the Temp folder is generated by your company (Amdocs) and is a false positive, you should contact with the Technical Support to inform them about that or any other problem you have with the machine.

 

I hope you understand our possition.

 

 

Best Regards.

 


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users