Hello,
I started experiencing an issue with audio ads running in the background. These ads pop up randomly and I cannot figure out where they originate. I have two processes named balling.exe in task manager and if I force end them, they re-appear instantly. I have run a couple scans and have quarantined threats but the audio ads remain.
Here are the results of the dds and I have attached the attach file as well.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18377
Run by Priya at 7:18:23 on 2016-08-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8064.4006 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\AT&T Global Network Client\NetAutoconnectFocusSvc.exe
C:\Program Files (x86)\AT&T Global Network Client\netcfgsvr.exe
C:\Program Files (x86)\AT&T Global Network Client\NetClientSvc.exe
C:\Program Files (x86)\AT&T Global Network Client\NetLogSvc.exe
C:\Windows\system32\o2flash.exe
C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files (x86)\Videodriver\WindowService.exe
C:\Program Files (x86)\winrule\WinRuleSync.exe
C:\Program Files (x86)\winrule\WinRuleSync_.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\healing\pm.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\merrick\balling.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\AT&T Global Network Client\CellularPlugInController\CellularPlugInController.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\regedit.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\WinRule\WinRule_.exe
C:\Program Files (x86)\WinRule\WinRule_.exe
C:\Program Files (x86)\WinRule\WinRule_.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\WinRule\WinRule.exe
C:\Program Files (x86)\WinRule\WinRule.exe
C:\Program Files (x86)\WinRule\WinRule.exe
C:\Program Files (x86)\merrick\balling.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = Dell Official Site
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [NetSP - restore settings on power failure] "C:\Program Files (x86)\AT&T Global Network Client\NetSP.exe" -show
uRun: [MPOptimizer] "C:\Program Files\MaxPerforma Optimizer\MaxPerforma.exe" /scan
uRun: [hulls] "C:\Program Files (x86)\merrick\balling.exe"
uRun: [cylindrical] "C:\Program Files (x86)\merrick\balling.exe"
uRun: [pm] "C:\Program Files (x86)\healing\pm.exe"
uRun: [sketchily] "C:\Program Files (x86)\merrick\balling.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
mRun: [ic-0.7d3c7e1b42927.exe -start] C:\Users\Priya\AppData\Local\Temp\436036834\ic-0.7d3c7e1b42927.exe -start
mRun: [homes] "C:\Program Files (x86)\merrick\balling.exe"
StartupFolder: C:\Users\Priya\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MCCRAC~1.LNK - C:\Program Files (x86)\merrick\balling.exe
StartupFolder: C:\Users\Priya\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AT&TGL~1.LNK - C:\Program Files (x86)\AT&T Global Network Client\NetClient.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Windows\System: EnableSmartScreen = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
Trusted Zone: rhsco.local
Trusted Zone: rhsco.local
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T30L10NSP3EP1-10049/webex/ieatgpc1.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{B46EBFBB-1F28-4939-8970-A60E8448397A} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{FF1B043D-9002-4D48-9DD1-929C951BEF7A} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{FF1B043D-9002-4D48-9DD1-929C951BEF7A}\0586F6E64727F6E6963637 : DHCPNameServer = 64.233.207.8 64.233.207.9
TCP: Interfaces\{FF1B043D-9002-4D48-9DD1-929C951BEF7A}\25847457563747 : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{FF1B043D-9002-4D48-9DD1-929C951BEF7A}\2656C6B696E6E2232643 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{FF1B043D-9002-4D48-9DD1-929C951BEF7A}\2656C6B696E6E233635646 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{FF1B043D-9002-4D48-9DD1-929C951BEF7A}\358656070716274602D416E63796F6E6 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{FF1B043D-9002-4D48-9DD1-929C951BEF7A}\55E696475646F57596D26496 : DHCPNameServer = 172.27.1.1
TCP: Interfaces\{FF1B043D-9002-4D48-9DD1-929C951BEF7A}\83531584B4 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages = msv1_0 wvauth
mASetup: {AC76BA86-0000-0000-7760-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat DC\Esl\Aiod.dll",CreateAcroUserSettings
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [dhahran] "C:\Program Files (x86)\merrick\balling.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.82\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 10.0.94.136 esbx-uts
Hosts: 128.1.222.135 Server05vm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Priya\AppData\Roaming\Mozilla\Firefox\Profiles\zu2ytgbj.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Priya\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Priya\AppData\Roaming\Mozilla\plugins\npatgpc.dll
.
---- FIREFOX POLICIES ----
user_pref(plugin.state.npconduitfirefoxplugin,0);
.
user_pref(extensions.autoDisableScopes,8);
.
user_pref(xpinstall.signatures.required,false);
.
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2015-9-24 16152]
R1 df55e8d33527ea46bcda5aecc8cc068b;disqbus;C:\Windows\System32\drivers\df55e8d33527ea46bcda5aecc8cc068b.sys [2016-7-28 85088]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-9-4 2021592]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-10-7 77104]
R2 DFEPService;Dell Feature Enhancement Pack Service;C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2011-8-24 2279320]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 EmbassyService;EmbassyService;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2012-1-17 218504]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2015-9-24 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2015-9-24 161560]
R2 NetAutoconnectFocusSvc;AT&T Autoconnect Focus Reporting Service;C:\Program Files (x86)\AT&T Global Network Client\NetAutoconnectFocusSvc.exe [2016-4-13 304552]
R2 NetClientSvc;AT&T Global Network Client Service;C:\Program Files (x86)\AT&T Global Network Client\NetClientSvc.exe [2016-4-13 416168]
R2 NetLogSvc;AT&T Global Network Client Logging Service;C:\Program Files (x86)\AT&T Global Network Client\NetLogSvc.exe [2016-4-13 83368]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2013-2-1 332104]
R2 TeamViewer;TeamViewer 11;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-4-7 7032080]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2015-9-24 363800]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2014-6-10 561064]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2012-1-5 1679872]
R2 WindowService;WindowService;C:\Program Files (x86)\Videodriver\WindowService.exe [2016-7-25 8192]
R2 WinRuleSvc;Window Rules Manager;C:\Program Files (x86)\winrule\WinRuleSync.exe [2016-7-26 141000]
R2 WinRuleSvc2;Window Rules Manager2;C:\Program Files (x86)\winrule\WinRuleSync_.exe [2016-7-26 134856]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2015-9-24 134696]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2015-9-24 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2015-9-24 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2015-9-24 788760]
R3 NxDrv;SonicWALL NetExtender Adapter;C:\Windows\System32\drivers\NxDrv.sys [2014-11-10 26584]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2015-9-24 84712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-5-23 324224]
S2 TorchCrashHandler;Torch Crash Handler;C:\Users\Priya\AppData\Local\Torch\Update\TorchCrashHandler.exe --> C:\Users\Priya\AppData\Local\Torch\Update\TorchCrashHandler.exe [?]
S2 TunMirror;TunMirror;C:\Users\Priya\AppData\Local\Temp\1304.tmp\TunMirror.exe [2015-12-7 10752]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2013-12-12 112496]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-7-13 114688]
S3 irstrtdv;Intel(R) Rapid Start Technology Driver;C:\Windows\System32\drivers\irstrtdv.sys [2015-9-24 26504]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2015-9-24 44992]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2014-8-16 23040]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-2-28 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-2-28 180736]
S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2015-9-24 72808]
S3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2015-9-24 74984]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2016-7-27 31800]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 ST7007;ST7007;C:\Windows\System32\drivers\ST7007.sys [2015-9-24 67696]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 tapse01;SurfEasy TAP-Windows Adapter V9;C:\Windows\System32\drivers\tapse01.sys [2016-2-29 39096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-17 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2015-10-7 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S3 WvPCR;WvPCR;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [2012-1-16 198144]
.
=============== Created Last 30 ================
.
2016-08-01 18:17:46 -------- d-----w- C:\ProgramData\TorchCrashHandler
2016-08-01 17:05:37 -------- d-----w- C:\ProgramData\Sophos
2016-08-01 16:41:44 -------- d-----w- C:\Program Files (x86)\Sophos
2016-08-01 16:28:17 -------- d-----w- C:\ProgramData\Avira
2016-08-01 16:28:17 -------- d-----w- C:\Program Files (x86)\Avira
2016-08-01 16:05:44 -------- d-----w- C:\Users\Priya\AppData\Local\Consumer Input
2016-08-01 16:05:36 -------- d-----w- C:\Program Files (x86)\4C4C4544-1470067536-4B10-8046-C7C04F5A5731
2016-08-01 16:04:26 -------- d--h--w- C:\Program Files (x86)\merrick
2016-08-01 16:04:26 -------- d--h--w- C:\Program Files (x86)\healing
2016-08-01 16:04:16 -------- d-----w- C:\Users\Priya\AppData\Roaming\AVSoftware
2016-08-01 16:04:00 -------- d-----w- C:\Users\Priya\AppData\Local\Shortcut Installer
2016-08-01 16:03:25 -------- d-----w- C:\Users\Priya\AppData\Local\FASTExtensions
2016-08-01 16:03:25 -------- d-----w- C:\Program Files (x86)\Videodriver
2016-08-01 16:02:45 -------- d-----w- C:\Program Files (x86)\winrule
2016-08-01 16:01:30 815312 ---h--w- C:\Program Files (x86)\Internet Explorer\i??pl?r?.b?t.exe
2016-08-01 16:01:30 392872 ---h--w- C:\Program Files (x86)\Mozilla Firefox\fir?f??.b?t.exe
2016-08-01 15:52:56 6656 ----a-w- C:\Windows\settings.dll
2016-08-01 15:52:56 10240 ----a-w- C:\Windows\parcelled.exe
2016-07-29 22:08:21 12007136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{97718EF0-3065-42FC-B22F-2FE8F669C891}\mpengine.dll
2016-07-28 17:46:12 85088 ----a-w- C:\Windows\System32\drivers\df55e8d33527ea46bcda5aecc8cc068b.sys
2016-07-27 14:57:32 -------- d-----w- C:\Users\Priya\AppData\Local\VS Revo Group
2016-07-27 14:57:31 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2016-07-27 14:57:31 -------- d-----w- C:\ProgramData\VS Revo Group
2016-07-27 14:57:30 -------- d-----w- C:\Program Files\VS Revo Group
2016-07-27 08:00:14 -------- d-s---w- C:\Windows\SysWow64\GWX
2016-07-27 08:00:14 -------- d-s---w- C:\Windows\System32\GWX
2016-07-25 13:08:31 -------- d-----w- C:\Users\Priya\AppData\Local\AGNS
2016-07-25 13:08:30 -------- d-----w- C:\Users\Priya\AppData\Local\AT&T
2016-07-25 13:08:18 -------- d-----w- C:\ProgramData\Sierra Wireless
2016-07-25 13:08:09 -------- d-----w- C:\ProgramData\AGNS
2016-07-25 13:08:09 -------- d-----w- C:\Program Files (x86)\Sierra Wireless Inc
2016-07-25 13:08:09 -------- d-----w- C:\Program Files (x86)\AT&T Global Network Client
2016-07-15 14:07:03 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2016-07-14 17:04:46 -------- d-----w- C:\Program Files\Infor Global Solutions
2016-07-14 17:04:35 -------- d-----w- C:\Program Files (x86)\Infor CloudSuite Financial Reporting Tool Excel Add-In(64-Bits)
2016-07-13 15:14:29 970240 ----a-w- C:\Windows\System32\localspl.dll
2016-07-13 15:13:45 76800 ----a-w- C:\Windows\System32\acmigration.dll
2016-07-13 15:13:45 571904 ----a-w- C:\Windows\System32\generaltel.dll
2016-07-13 15:13:45 544256 ----a-w- C:\Windows\System32\devinv.dll
2016-07-13 15:13:45 41704 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-07-13 15:13:45 294912 ----a-w- C:\Windows\System32\invagent.dll
2016-07-13 15:13:45 268800 ----a-w- C:\Windows\System32\centel.dll
2016-07-13 15:13:45 219136 ----a-w- C:\Windows\System32\aepic.dll
2016-07-13 15:13:45 1490432 ----a-w- C:\Windows\System32\appraiser.dll
2016-07-13 15:13:45 1208320 ----a-w- C:\Windows\System32\aeinv.dll
2016-07-13 15:13:42 3217408 ----a-w- C:\Windows\System32\win32k.sys
2016-07-11 12:57:55 -------- d-----w- C:\Users\Priya\AppData\Local\Avanquest North America
2016-07-11 12:56:12 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2016-07-08 19:55:35 -------- d-----w- C:\ProgramData\Logs
.
==================== Find3M ====================
.
2016-07-26 19:24:24 504488 ------w- C:\Windows\System32\MpSigStub.exe
2016-07-14 11:34:19 796352 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-07-14 11:34:19 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-06-26 00:27:39 756736 ----a-w- C:\Windows\System32\win32spl.dll
2016-06-26 00:27:32 344576 ----a-w- C:\Windows\System32\ntprint.dll
2016-06-26 00:27:25 22528 ----a-w- C:\Windows\System32\inetppui.dll
2016-06-26 00:27:25 166400 ----a-w- C:\Windows\System32\inetpp.dll
2016-06-25 19:54:03 497152 ----a-w- C:\Windows\SysWow64\win32spl.dll
2016-06-25 19:53:56 297472 ----a-w- C:\Windows\SysWow64\ntprint.dll
2016-06-25 19:53:05 48640 ----a-w- C:\Windows\System32\wpnpinst.exe
2016-06-25 19:53:04 61952 ----a-w- C:\Windows\System32\ntprint.exe
2016-06-25 19:41:53 61952 ----a-w- C:\Windows\SysWow64\ntprint.exe
2016-06-23 13:43:42 478128 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2016-06-14 15:21:17 2560 ----a-w- C:\Windows\apppatch\AcRes.dll
2016-06-10 21:38:26 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-06-10 21:38:13 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-06-10 21:20:37 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-06-10 21:19:33 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-06-10 21:19:24 417792 ----a-w- C:\Windows\System32\html.iec
2016-06-10 21:18:57 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-06-10 21:18:48 572416 ----a-w- C:\Windows\System32\vbscript.dll
2016-06-10 21:03:14 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-06-10 21:03:13 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-06-10 21:02:53 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-06-10 20:53:59 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-06-10 20:49:29 6047744 ----a-w- C:\Windows\System32\jscript9.dll
2016-06-10 20:40:41 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-06-10 20:11:27 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-06-10 20:10:46 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-06-10 19:44:23 2869248 ----a-w- C:\Windows\System32\wininet.dll
2016-06-10 19:09:24 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-06-10 18:54:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-06-10 18:53:35 497664 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-06-10 18:53:30 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-06-10 18:53:13 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-06-10 18:52:06 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-06-10 18:41:44 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-06-10 18:41:22 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-06-10 18:27:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-06-10 18:14:52 4608000 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-06-10 18:09:13 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-06-10 18:09:07 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-06-10 17:45:19 2392576 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-05-18 16:10:23 312832 ----a-w- C:\Windows\SysWow64\gdi32.dll
2016-05-18 16:09:22 405504 ----a-w- C:\Windows\System32\gdi32.dll
2016-05-13 22:15:24 382184 ----a-w- C:\Windows\System32\atmfd.dll
2016-05-13 22:09:19 41472 ----a-w- C:\Windows\System32\lpk.dll
2016-05-13 22:09:16 100864 ----a-w- C:\Windows\System32\fontsub.dll
2016-05-13 22:09:13 14336 ----a-w- C:\Windows\System32\dciman32.dll
2016-05-13 22:09:10 46080 ----a-w- C:\Windows\System32\atmlib.dll
2016-05-13 21:54:26 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2016-05-13 21:50:05 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2016-05-13 21:49:48 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2016-05-13 21:49:46 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2016-05-13 21:27:06 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2016-05-12 17:20:14 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-05-12 17:20:14 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-05-12 17:15:04 105472 ----a-w- C:\Windows\System32\winipsec.dll
2016-05-12 17:15:03 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2016-05-12 17:15:03 210432 ----a-w- C:\Windows\System32\wdigest.dll
2016-05-12 17:15:03 2048 ----a-w- C:\Windows\System32\tzres.dll
2016-05-12 17:15:02 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2016-05-12 17:15:02 135680 ----a-w- C:\Windows\System32\sspicli.dll
2016-05-12 15:18:40 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-05-12 15:06:56 25600 ----a-w- C:\Windows\System32\gpscript.exe
2016-05-12 15:05:40 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-05-12 14:58:45 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-05-12 14:58:32 464896 ----a-w- C:\Windows\System32\drivers\srv.sys
2016-05-12 14:58:25 405504 ----a-w- C:\Windows\System32\drivers\srv2.sys
2016-05-12 14:58:18 168960 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2016-05-12 14:58:12 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-05-12 14:58:10 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-05-12 14:57:27 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-05-12 14:57:00 30720 ----a-w- C:\Windows\SysWow64\gpscript.dll
2016-05-12 14:57:00 24576 ----a-w- C:\Windows\SysWow64\gpscript.exe
2016-05-12 14:56:15 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-05-12 14:51:38 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-05-12 13:05:59 459640 ----a-w- C:\Windows\System32\drivers\cng.sys
2016-05-12 13:05:59 297984 ----a-w- C:\Windows\System32\bcryptprimitives.dll
2016-05-12 13:04:55 249352 ----a-w- C:\Windows\SysWow64\bcryptprimitives.dll
2016-05-11 17:02:50 296448 ----a-w- C:\Windows\System32\ws2_32.dll
2016-05-11 17:02:49 444928 ----a-w- C:\Windows\System32\winhttp.dll
2016-05-11 17:02:48 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2016-05-11 17:02:42 327168 ----a-w- C:\Windows\System32\mswsock.dll
2016-05-11 15:19:26 206336 ----a-w- C:\Windows\SysWow64\ws2_32.dll
2016-05-11 15:19:25 351744 ----a-w- C:\Windows\SysWow64\winhttp.dll
2016-05-11 15:19:24 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2016-05-11 15:19:16 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2016-05-11 15:11:34 25088 ----a-w- C:\Windows\System32\netbtugc.exe
2016-05-11 15:01:19 26624 ----a-w- C:\Windows\SysWow64\netbtugc.exe
2016-05-11 14:58:23 262144 ----a-w- C:\Windows\System32\drivers\netbt.sys
.
============= FINISH: 7:18:33.47 ===============
Thank you in advance for any feedback/suggestions.
I started experiencing an issue with audio ads running in the background. These ads pop up randomly and I cannot figure out where they originate. I have two processes named balling.exe in task manager and if I force end them, they re-appear instantly. I have run a couple scans and have quarantined threats but the audio ads remain.
Here are the results of the dds and I have attached the attach file as well.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18377
Run by Priya at 7:18:23 on 2016-08-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8064.4006 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\AT&T Global Network Client\NetAutoconnectFocusSvc.exe
C:\Program Files (x86)\AT&T Global Network Client\netcfgsvr.exe
C:\Program Files (x86)\AT&T Global Network Client\NetClientSvc.exe
C:\Program Files (x86)\AT&T Global Network Client\NetLogSvc.exe
C:\Windows\system32\o2flash.exe
C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files (x86)\Videodriver\WindowService.exe
C:\Program Files (x86)\winrule\WinRuleSync.exe
C:\Program Files (x86)\winrule\WinRuleSync_.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\healing\pm.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\merrick\balling.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\AT&T Global Network Client\CellularPlugInController\CellularPlugInController.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\regedit.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\WinRule\WinRule_.exe
C:\Program Files (x86)\WinRule\WinRule_.exe
C:\Program Files (x86)\WinRule\WinRule_.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\WinRule\WinRule.exe
C:\Program Files (x86)\WinRule\WinRule.exe
C:\Program Files (x86)\WinRule\WinRule.exe
C:\Program Files (x86)\merrick\balling.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = Dell Official Site
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [NetSP - restore settings on power failure] "C:\Program Files (x86)\AT&T Global Network Client\NetSP.exe" -show
uRun: [MPOptimizer] "C:\Program Files\MaxPerforma Optimizer\MaxPerforma.exe" /scan
uRun: [hulls] "C:\Program Files (x86)\merrick\balling.exe"
uRun: [cylindrical] "C:\Program Files (x86)\merrick\balling.exe"
uRun: [pm] "C:\Program Files (x86)\healing\pm.exe"
uRun: [sketchily] "C:\Program Files (x86)\merrick\balling.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
mRun: [ic-0.7d3c7e1b42927.exe -start] C:\Users\Priya\AppData\Local\Temp\436036834\ic-0.7d3c7e1b42927.exe -start
mRun: [homes] "C:\Program Files (x86)\merrick\balling.exe"
StartupFolder: C:\Users\Priya\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MCCRAC~1.LNK - C:\Program Files (x86)\merrick\balling.exe
StartupFolder: C:\Users\Priya\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AT&TGL~1.LNK - C:\Program Files (x86)\AT&T Global Network Client\NetClient.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Windows\System: EnableSmartScreen = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
Trusted Zone: rhsco.local
Trusted Zone: rhsco.local
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T30L10NSP3EP1-10049/webex/ieatgpc1.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{B46EBFBB-1F28-4939-8970-A60E8448397A} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{FF1B043D-9002-4D48-9DD1-929C951BEF7A} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{FF1B043D-9002-4D48-9DD1-929C951BEF7A}\0586F6E64727F6E6963637 : DHCPNameServer = 64.233.207.8 64.233.207.9
TCP: Interfaces\{FF1B043D-9002-4D48-9DD1-929C951BEF7A}\25847457563747 : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{FF1B043D-9002-4D48-9DD1-929C951BEF7A}\2656C6B696E6E2232643 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{FF1B043D-9002-4D48-9DD1-929C951BEF7A}\2656C6B696E6E233635646 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{FF1B043D-9002-4D48-9DD1-929C951BEF7A}\358656070716274602D416E63796F6E6 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{FF1B043D-9002-4D48-9DD1-929C951BEF7A}\55E696475646F57596D26496 : DHCPNameServer = 172.27.1.1
TCP: Interfaces\{FF1B043D-9002-4D48-9DD1-929C951BEF7A}\83531584B4 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages = msv1_0 wvauth
mASetup: {AC76BA86-0000-0000-7760-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat DC\Esl\Aiod.dll",CreateAcroUserSettings
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [dhahran] "C:\Program Files (x86)\merrick\balling.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.82\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 10.0.94.136 esbx-uts
Hosts: 128.1.222.135 Server05vm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Priya\AppData\Roaming\Mozilla\Firefox\Profiles\zu2ytgbj.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Priya\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Priya\AppData\Roaming\Mozilla\plugins\npatgpc.dll
.
---- FIREFOX POLICIES ----
user_pref(plugin.state.npconduitfirefoxplugin,0);
.
user_pref(extensions.autoDisableScopes,8);
.
user_pref(xpinstall.signatures.required,false);
.
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2015-9-24 16152]
R1 df55e8d33527ea46bcda5aecc8cc068b;disqbus;C:\Windows\System32\drivers\df55e8d33527ea46bcda5aecc8cc068b.sys [2016-7-28 85088]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-9-4 2021592]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-10-7 77104]
R2 DFEPService;Dell Feature Enhancement Pack Service;C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2011-8-24 2279320]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 EmbassyService;EmbassyService;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2012-1-17 218504]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2015-9-24 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2015-9-24 161560]
R2 NetAutoconnectFocusSvc;AT&T Autoconnect Focus Reporting Service;C:\Program Files (x86)\AT&T Global Network Client\NetAutoconnectFocusSvc.exe [2016-4-13 304552]
R2 NetClientSvc;AT&T Global Network Client Service;C:\Program Files (x86)\AT&T Global Network Client\NetClientSvc.exe [2016-4-13 416168]
R2 NetLogSvc;AT&T Global Network Client Logging Service;C:\Program Files (x86)\AT&T Global Network Client\NetLogSvc.exe [2016-4-13 83368]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2013-2-1 332104]
R2 TeamViewer;TeamViewer 11;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-4-7 7032080]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2015-9-24 363800]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2014-6-10 561064]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2012-1-5 1679872]
R2 WindowService;WindowService;C:\Program Files (x86)\Videodriver\WindowService.exe [2016-7-25 8192]
R2 WinRuleSvc;Window Rules Manager;C:\Program Files (x86)\winrule\WinRuleSync.exe [2016-7-26 141000]
R2 WinRuleSvc2;Window Rules Manager2;C:\Program Files (x86)\winrule\WinRuleSync_.exe [2016-7-26 134856]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2015-9-24 134696]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2015-9-24 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2015-9-24 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2015-9-24 788760]
R3 NxDrv;SonicWALL NetExtender Adapter;C:\Windows\System32\drivers\NxDrv.sys [2014-11-10 26584]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2015-9-24 84712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-5-23 324224]
S2 TorchCrashHandler;Torch Crash Handler;C:\Users\Priya\AppData\Local\Torch\Update\TorchCrashHandler.exe --> C:\Users\Priya\AppData\Local\Torch\Update\TorchCrashHandler.exe [?]
S2 TunMirror;TunMirror;C:\Users\Priya\AppData\Local\Temp\1304.tmp\TunMirror.exe [2015-12-7 10752]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2013-12-12 112496]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-7-13 114688]
S3 irstrtdv;Intel(R) Rapid Start Technology Driver;C:\Windows\System32\drivers\irstrtdv.sys [2015-9-24 26504]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2015-9-24 44992]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2014-8-16 23040]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-2-28 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-2-28 180736]
S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2015-9-24 72808]
S3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2015-9-24 74984]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2016-7-27 31800]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 ST7007;ST7007;C:\Windows\System32\drivers\ST7007.sys [2015-9-24 67696]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 tapse01;SurfEasy TAP-Windows Adapter V9;C:\Windows\System32\drivers\tapse01.sys [2016-2-29 39096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-17 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2015-10-7 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S3 WvPCR;WvPCR;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [2012-1-16 198144]
.
=============== Created Last 30 ================
.
2016-08-01 18:17:46 -------- d-----w- C:\ProgramData\TorchCrashHandler
2016-08-01 17:05:37 -------- d-----w- C:\ProgramData\Sophos
2016-08-01 16:41:44 -------- d-----w- C:\Program Files (x86)\Sophos
2016-08-01 16:28:17 -------- d-----w- C:\ProgramData\Avira
2016-08-01 16:28:17 -------- d-----w- C:\Program Files (x86)\Avira
2016-08-01 16:05:44 -------- d-----w- C:\Users\Priya\AppData\Local\Consumer Input
2016-08-01 16:05:36 -------- d-----w- C:\Program Files (x86)\4C4C4544-1470067536-4B10-8046-C7C04F5A5731
2016-08-01 16:04:26 -------- d--h--w- C:\Program Files (x86)\merrick
2016-08-01 16:04:26 -------- d--h--w- C:\Program Files (x86)\healing
2016-08-01 16:04:16 -------- d-----w- C:\Users\Priya\AppData\Roaming\AVSoftware
2016-08-01 16:04:00 -------- d-----w- C:\Users\Priya\AppData\Local\Shortcut Installer
2016-08-01 16:03:25 -------- d-----w- C:\Users\Priya\AppData\Local\FASTExtensions
2016-08-01 16:03:25 -------- d-----w- C:\Program Files (x86)\Videodriver
2016-08-01 16:02:45 -------- d-----w- C:\Program Files (x86)\winrule
2016-08-01 16:01:30 815312 ---h--w- C:\Program Files (x86)\Internet Explorer\i??pl?r?.b?t.exe
2016-08-01 16:01:30 392872 ---h--w- C:\Program Files (x86)\Mozilla Firefox\fir?f??.b?t.exe
2016-08-01 15:52:56 6656 ----a-w- C:\Windows\settings.dll
2016-08-01 15:52:56 10240 ----a-w- C:\Windows\parcelled.exe
2016-07-29 22:08:21 12007136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{97718EF0-3065-42FC-B22F-2FE8F669C891}\mpengine.dll
2016-07-28 17:46:12 85088 ----a-w- C:\Windows\System32\drivers\df55e8d33527ea46bcda5aecc8cc068b.sys
2016-07-27 14:57:32 -------- d-----w- C:\Users\Priya\AppData\Local\VS Revo Group
2016-07-27 14:57:31 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2016-07-27 14:57:31 -------- d-----w- C:\ProgramData\VS Revo Group
2016-07-27 14:57:30 -------- d-----w- C:\Program Files\VS Revo Group
2016-07-27 08:00:14 -------- d-s---w- C:\Windows\SysWow64\GWX
2016-07-27 08:00:14 -------- d-s---w- C:\Windows\System32\GWX
2016-07-25 13:08:31 -------- d-----w- C:\Users\Priya\AppData\Local\AGNS
2016-07-25 13:08:30 -------- d-----w- C:\Users\Priya\AppData\Local\AT&T
2016-07-25 13:08:18 -------- d-----w- C:\ProgramData\Sierra Wireless
2016-07-25 13:08:09 -------- d-----w- C:\ProgramData\AGNS
2016-07-25 13:08:09 -------- d-----w- C:\Program Files (x86)\Sierra Wireless Inc
2016-07-25 13:08:09 -------- d-----w- C:\Program Files (x86)\AT&T Global Network Client
2016-07-15 14:07:03 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2016-07-14 17:04:46 -------- d-----w- C:\Program Files\Infor Global Solutions
2016-07-14 17:04:35 -------- d-----w- C:\Program Files (x86)\Infor CloudSuite Financial Reporting Tool Excel Add-In(64-Bits)
2016-07-13 15:14:29 970240 ----a-w- C:\Windows\System32\localspl.dll
2016-07-13 15:13:45 76800 ----a-w- C:\Windows\System32\acmigration.dll
2016-07-13 15:13:45 571904 ----a-w- C:\Windows\System32\generaltel.dll
2016-07-13 15:13:45 544256 ----a-w- C:\Windows\System32\devinv.dll
2016-07-13 15:13:45 41704 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-07-13 15:13:45 294912 ----a-w- C:\Windows\System32\invagent.dll
2016-07-13 15:13:45 268800 ----a-w- C:\Windows\System32\centel.dll
2016-07-13 15:13:45 219136 ----a-w- C:\Windows\System32\aepic.dll
2016-07-13 15:13:45 1490432 ----a-w- C:\Windows\System32\appraiser.dll
2016-07-13 15:13:45 1208320 ----a-w- C:\Windows\System32\aeinv.dll
2016-07-13 15:13:42 3217408 ----a-w- C:\Windows\System32\win32k.sys
2016-07-11 12:57:55 -------- d-----w- C:\Users\Priya\AppData\Local\Avanquest North America
2016-07-11 12:56:12 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2016-07-08 19:55:35 -------- d-----w- C:\ProgramData\Logs
.
==================== Find3M ====================
.
2016-07-26 19:24:24 504488 ------w- C:\Windows\System32\MpSigStub.exe
2016-07-14 11:34:19 796352 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-07-14 11:34:19 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-06-26 00:27:39 756736 ----a-w- C:\Windows\System32\win32spl.dll
2016-06-26 00:27:32 344576 ----a-w- C:\Windows\System32\ntprint.dll
2016-06-26 00:27:25 22528 ----a-w- C:\Windows\System32\inetppui.dll
2016-06-26 00:27:25 166400 ----a-w- C:\Windows\System32\inetpp.dll
2016-06-25 19:54:03 497152 ----a-w- C:\Windows\SysWow64\win32spl.dll
2016-06-25 19:53:56 297472 ----a-w- C:\Windows\SysWow64\ntprint.dll
2016-06-25 19:53:05 48640 ----a-w- C:\Windows\System32\wpnpinst.exe
2016-06-25 19:53:04 61952 ----a-w- C:\Windows\System32\ntprint.exe
2016-06-25 19:41:53 61952 ----a-w- C:\Windows\SysWow64\ntprint.exe
2016-06-23 13:43:42 478128 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2016-06-14 15:21:17 2560 ----a-w- C:\Windows\apppatch\AcRes.dll
2016-06-10 21:38:26 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-06-10 21:38:13 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-06-10 21:20:37 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-06-10 21:19:33 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-06-10 21:19:24 417792 ----a-w- C:\Windows\System32\html.iec
2016-06-10 21:18:57 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-06-10 21:18:48 572416 ----a-w- C:\Windows\System32\vbscript.dll
2016-06-10 21:03:14 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-06-10 21:03:13 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-06-10 21:02:53 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-06-10 20:53:59 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-06-10 20:49:29 6047744 ----a-w- C:\Windows\System32\jscript9.dll
2016-06-10 20:40:41 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-06-10 20:11:27 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-06-10 20:10:46 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-06-10 19:44:23 2869248 ----a-w- C:\Windows\System32\wininet.dll
2016-06-10 19:09:24 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-06-10 18:54:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-06-10 18:53:35 497664 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-06-10 18:53:30 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-06-10 18:53:13 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-06-10 18:52:06 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-06-10 18:41:44 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-06-10 18:41:22 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-06-10 18:27:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-06-10 18:14:52 4608000 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-06-10 18:09:13 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-06-10 18:09:07 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-06-10 17:45:19 2392576 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-05-18 16:10:23 312832 ----a-w- C:\Windows\SysWow64\gdi32.dll
2016-05-18 16:09:22 405504 ----a-w- C:\Windows\System32\gdi32.dll
2016-05-13 22:15:24 382184 ----a-w- C:\Windows\System32\atmfd.dll
2016-05-13 22:09:19 41472 ----a-w- C:\Windows\System32\lpk.dll
2016-05-13 22:09:16 100864 ----a-w- C:\Windows\System32\fontsub.dll
2016-05-13 22:09:13 14336 ----a-w- C:\Windows\System32\dciman32.dll
2016-05-13 22:09:10 46080 ----a-w- C:\Windows\System32\atmlib.dll
2016-05-13 21:54:26 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2016-05-13 21:50:05 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2016-05-13 21:49:48 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2016-05-13 21:49:46 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2016-05-13 21:27:06 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2016-05-12 17:20:14 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-05-12 17:20:14 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-05-12 17:15:04 105472 ----a-w- C:\Windows\System32\winipsec.dll
2016-05-12 17:15:03 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2016-05-12 17:15:03 210432 ----a-w- C:\Windows\System32\wdigest.dll
2016-05-12 17:15:03 2048 ----a-w- C:\Windows\System32\tzres.dll
2016-05-12 17:15:02 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2016-05-12 17:15:02 135680 ----a-w- C:\Windows\System32\sspicli.dll
2016-05-12 15:18:40 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-05-12 15:06:56 25600 ----a-w- C:\Windows\System32\gpscript.exe
2016-05-12 15:05:40 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-05-12 14:58:45 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-05-12 14:58:32 464896 ----a-w- C:\Windows\System32\drivers\srv.sys
2016-05-12 14:58:25 405504 ----a-w- C:\Windows\System32\drivers\srv2.sys
2016-05-12 14:58:18 168960 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2016-05-12 14:58:12 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-05-12 14:58:10 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-05-12 14:57:27 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-05-12 14:57:00 30720 ----a-w- C:\Windows\SysWow64\gpscript.dll
2016-05-12 14:57:00 24576 ----a-w- C:\Windows\SysWow64\gpscript.exe
2016-05-12 14:56:15 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-05-12 14:51:38 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-05-12 13:05:59 459640 ----a-w- C:\Windows\System32\drivers\cng.sys
2016-05-12 13:05:59 297984 ----a-w- C:\Windows\System32\bcryptprimitives.dll
2016-05-12 13:04:55 249352 ----a-w- C:\Windows\SysWow64\bcryptprimitives.dll
2016-05-11 17:02:50 296448 ----a-w- C:\Windows\System32\ws2_32.dll
2016-05-11 17:02:49 444928 ----a-w- C:\Windows\System32\winhttp.dll
2016-05-11 17:02:48 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2016-05-11 17:02:42 327168 ----a-w- C:\Windows\System32\mswsock.dll
2016-05-11 15:19:26 206336 ----a-w- C:\Windows\SysWow64\ws2_32.dll
2016-05-11 15:19:25 351744 ----a-w- C:\Windows\SysWow64\winhttp.dll
2016-05-11 15:19:24 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2016-05-11 15:19:16 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2016-05-11 15:11:34 25088 ----a-w- C:\Windows\System32\netbtugc.exe
2016-05-11 15:01:19 26624 ----a-w- C:\Windows\SysWow64\netbtugc.exe
2016-05-11 14:58:23 262144 ----a-w- C:\Windows\System32\drivers\netbt.sys
.
============= FINISH: 7:18:33.47 ===============
Thank you in advance for any feedback/suggestions.