Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Possible Virus/malware

This is a discussion on Possible Virus/malware within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hello, I started experiencing an issue with audio ads running in the background. These ads pop up randomly and I


Closed Thread
 
Thread Tools Search this Thread
Old 08-02-2016, 05:23 AM   #1
Registered Member
 
Join Date: Aug 2016
Posts: 2
OS: Windows 7 64 bit



Hello,

I started experiencing an issue with audio ads running in the background. These ads pop up randomly and I cannot figure out where they originate. I have two processes named balling.exe in task manager and if I force end them, they re-appear instantly. I have run a couple scans and have quarantined threats but the audio ads remain.

Here are the results of the dds and I have attached the attach file as well.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18377
Run by Priya at 7:18:23 on 2016-08-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8064.4006 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\AT&T Global Network Client\NetAutoconnectFocusSvc.exe
C:\Program Files (x86)\AT&T Global Network Client\netcfgsvr.exe
C:\Program Files (x86)\AT&T Global Network Client\NetClientSvc.exe
C:\Program Files (x86)\AT&T Global Network Client\NetLogSvc.exe
C:\Windows\system32\o2flash.exe
C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files (x86)\Videodriver\WindowService.exe
C:\Program Files (x86)\winrule\WinRuleSync.exe
C:\Program Files (x86)\winrule\WinRuleSync_.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\healing\pm.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\merrick\balling.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\AT&T Global Network Client\CellularPlugInController\CellularPlugInController.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\regedit.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\WinRule\WinRule_.exe
C:\Program Files (x86)\WinRule\WinRule_.exe
C:\Program Files (x86)\WinRule\WinRule_.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\WinRule\WinRule.exe
C:\Program Files (x86)\WinRule\WinRule.exe
C:\Program Files (x86)\WinRule\WinRule.exe
C:\Program Files (x86)\merrick\balling.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = Dell Official Site
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [NetSP - restore settings on power failure] "C:\Program Files (x86)\AT&T Global Network Client\NetSP.exe" -show
uRun: [MPOptimizer] "C:\Program Files\MaxPerforma Optimizer\MaxPerforma.exe" /scan
uRun: [hulls] "C:\Program Files (x86)\merrick\balling.exe"
uRun: [cylindrical] "C:\Program Files (x86)\merrick\balling.exe"
uRun: [pm] "C:\Program Files (x86)\healing\pm.exe"
uRun: [sketchily] "C:\Program Files (x86)\merrick\balling.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
mRun: [ic-0.7d3c7e1b42927.exe -start] C:\Users\Priya\AppData\Local\Temp\436036834\ic-0.7d3c7e1b42927.exe -start
mRun: [homes] "C:\Program Files (x86)\merrick\balling.exe"
StartupFolder: C:\Users\Priya\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MCCRAC~1.LNK - C:\Program Files (x86)\merrick\balling.exe
StartupFolder: C:\Users\Priya\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AT&TGL~1.LNK - C:\Program Files (x86)\AT&T Global Network Client\NetClient.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Windows\System: EnableSmartScreen = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
Trusted Zone: rhsco.local
Trusted Zone: rhsco.local
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T30L10NSP3EP1-10049/webex/ieatgpc1.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{B46EBFBB-1F28-4939-8970-A60E8448397A} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{FF1B043D-9002-4D48-9DD1-929C951BEF7A} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{FF1B043D-9002-4D48-9DD1-929C951BEF7A}\0586F6E64727F6E6963637 : DHCPNameServer = 64.233.207.8 64.233.207.9
TCP: Interfaces\{FF1B043D-9002-4D48-9DD1-929C951BEF7A}\25847457563747 : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{FF1B043D-9002-4D48-9DD1-929C951BEF7A}\2656C6B696E6E2232643 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{FF1B043D-9002-4D48-9DD1-929C951BEF7A}\2656C6B696E6E233635646 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{FF1B043D-9002-4D48-9DD1-929C951BEF7A}\358656070716274602D416E63796F6E6 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{FF1B043D-9002-4D48-9DD1-929C951BEF7A}\55E696475646F57596D26496 : DHCPNameServer = 172.27.1.1
TCP: Interfaces\{FF1B043D-9002-4D48-9DD1-929C951BEF7A}\83531584B4 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages = msv1_0 wvauth
mASetup: {AC76BA86-0000-0000-7760-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat DC\Esl\Aiod.dll",CreateAcroUserSettings
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [dhahran] "C:\Program Files (x86)\merrick\balling.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.82\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 10.0.94.136 esbx-uts
Hosts: 128.1.222.135 Server05vm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Priya\AppData\Roaming\Mozilla\Firefox\Profiles\zu2ytgbj.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Priya\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Priya\AppData\Roaming\Mozilla\plugins\npatgpc.dll
.
---- FIREFOX POLICIES ----
user_pref(plugin.state.npconduitfirefoxplugin,0);
.
user_pref(extensions.autoDisableScopes,8);
.
user_pref(xpinstall.signatures.required,false);
.
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2015-9-24 16152]
R1 df55e8d33527ea46bcda5aecc8cc068b;disqbus;C:\Windows\System32\drivers\df55e8d33527ea46bcda5aecc8cc068b.sys [2016-7-28 85088]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-9-4 2021592]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-10-7 77104]
R2 DFEPService;Dell Feature Enhancement Pack Service;C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2011-8-24 2279320]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 EmbassyService;EmbassyService;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2012-1-17 218504]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2015-9-24 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2015-9-24 161560]
R2 NetAutoconnectFocusSvc;AT&T Autoconnect Focus Reporting Service;C:\Program Files (x86)\AT&T Global Network Client\NetAutoconnectFocusSvc.exe [2016-4-13 304552]
R2 NetClientSvc;AT&T Global Network Client Service;C:\Program Files (x86)\AT&T Global Network Client\NetClientSvc.exe [2016-4-13 416168]
R2 NetLogSvc;AT&T Global Network Client Logging Service;C:\Program Files (x86)\AT&T Global Network Client\NetLogSvc.exe [2016-4-13 83368]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2013-2-1 332104]
R2 TeamViewer;TeamViewer 11;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-4-7 7032080]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2015-9-24 363800]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2014-6-10 561064]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2012-1-5 1679872]
R2 WindowService;WindowService;C:\Program Files (x86)\Videodriver\WindowService.exe [2016-7-25 8192]
R2 WinRuleSvc;Window Rules Manager;C:\Program Files (x86)\winrule\WinRuleSync.exe [2016-7-26 141000]
R2 WinRuleSvc2;Window Rules Manager2;C:\Program Files (x86)\winrule\WinRuleSync_.exe [2016-7-26 134856]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2015-9-24 134696]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2015-9-24 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2015-9-24 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2015-9-24 788760]
R3 NxDrv;SonicWALL NetExtender Adapter;C:\Windows\System32\drivers\NxDrv.sys [2014-11-10 26584]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2015-9-24 84712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-5-23 324224]
S2 TorchCrashHandler;Torch Crash Handler;C:\Users\Priya\AppData\Local\Torch\Update\TorchCrashHandler.exe --> C:\Users\Priya\AppData\Local\Torch\Update\TorchCrashHandler.exe [?]
S2 TunMirror;TunMirror;C:\Users\Priya\AppData\Local\Temp\1304.tmp\TunMirror.exe [2015-12-7 10752]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2013-12-12 112496]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-7-13 114688]
S3 irstrtdv;Intel(R) Rapid Start Technology Driver;C:\Windows\System32\drivers\irstrtdv.sys [2015-9-24 26504]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2015-9-24 44992]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2014-8-16 23040]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-2-28 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-2-28 180736]
S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2015-9-24 72808]
S3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2015-9-24 74984]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2016-7-27 31800]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 ST7007;ST7007;C:\Windows\System32\drivers\ST7007.sys [2015-9-24 67696]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 tapse01;SurfEasy TAP-Windows Adapter V9;C:\Windows\System32\drivers\tapse01.sys [2016-2-29 39096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-17 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2015-10-7 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S3 WvPCR;WvPCR;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [2012-1-16 198144]
.
=============== Created Last 30 ================
.
2016-08-01 18:17:46 -------- d-----w- C:\ProgramData\TorchCrashHandler
2016-08-01 17:05:37 -------- d-----w- C:\ProgramData\Sophos
2016-08-01 16:41:44 -------- d-----w- C:\Program Files (x86)\Sophos
2016-08-01 16:28:17 -------- d-----w- C:\ProgramData\Avira
2016-08-01 16:28:17 -------- d-----w- C:\Program Files (x86)\Avira
2016-08-01 16:05:44 -------- d-----w- C:\Users\Priya\AppData\Local\Consumer Input
2016-08-01 16:05:36 -------- d-----w- C:\Program Files (x86)\4C4C4544-1470067536-4B10-8046-C7C04F5A5731
2016-08-01 16:04:26 -------- d--h--w- C:\Program Files (x86)\merrick
2016-08-01 16:04:26 -------- d--h--w- C:\Program Files (x86)\healing
2016-08-01 16:04:16 -------- d-----w- C:\Users\Priya\AppData\Roaming\AVSoftware
2016-08-01 16:04:00 -------- d-----w- C:\Users\Priya\AppData\Local\Shortcut Installer
2016-08-01 16:03:25 -------- d-----w- C:\Users\Priya\AppData\Local\FASTExtensions
2016-08-01 16:03:25 -------- d-----w- C:\Program Files (x86)\Videodriver
2016-08-01 16:02:45 -------- d-----w- C:\Program Files (x86)\winrule
2016-08-01 16:01:30 815312 ---h--w- C:\Program Files (x86)\Internet Explorer\i??pl?r?.b?t.exe
2016-08-01 16:01:30 392872 ---h--w- C:\Program Files (x86)\Mozilla Firefox\fir?f??.b?t.exe
2016-08-01 15:52:56 6656 ----a-w- C:\Windows\settings.dll
2016-08-01 15:52:56 10240 ----a-w- C:\Windows\parcelled.exe
2016-07-29 22:08:21 12007136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{97718EF0-3065-42FC-B22F-2FE8F669C891}\mpengine.dll
2016-07-28 17:46:12 85088 ----a-w- C:\Windows\System32\drivers\df55e8d33527ea46bcda5aecc8cc068b.sys
2016-07-27 14:57:32 -------- d-----w- C:\Users\Priya\AppData\Local\VS Revo Group
2016-07-27 14:57:31 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2016-07-27 14:57:31 -------- d-----w- C:\ProgramData\VS Revo Group
2016-07-27 14:57:30 -------- d-----w- C:\Program Files\VS Revo Group
2016-07-27 08:00:14 -------- d-s---w- C:\Windows\SysWow64\GWX
2016-07-27 08:00:14 -------- d-s---w- C:\Windows\System32\GWX
2016-07-25 13:08:31 -------- d-----w- C:\Users\Priya\AppData\Local\AGNS
2016-07-25 13:08:30 -------- d-----w- C:\Users\Priya\AppData\Local\AT&T
2016-07-25 13:08:18 -------- d-----w- C:\ProgramData\Sierra Wireless
2016-07-25 13:08:09 -------- d-----w- C:\ProgramData\AGNS
2016-07-25 13:08:09 -------- d-----w- C:\Program Files (x86)\Sierra Wireless Inc
2016-07-25 13:08:09 -------- d-----w- C:\Program Files (x86)\AT&T Global Network Client
2016-07-15 14:07:03 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2016-07-14 17:04:46 -------- d-----w- C:\Program Files\Infor Global Solutions
2016-07-14 17:04:35 -------- d-----w- C:\Program Files (x86)\Infor CloudSuite Financial Reporting Tool Excel Add-In(64-Bits)
2016-07-13 15:14:29 970240 ----a-w- C:\Windows\System32\localspl.dll
2016-07-13 15:13:45 76800 ----a-w- C:\Windows\System32\acmigration.dll
2016-07-13 15:13:45 571904 ----a-w- C:\Windows\System32\generaltel.dll
2016-07-13 15:13:45 544256 ----a-w- C:\Windows\System32\devinv.dll
2016-07-13 15:13:45 41704 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-07-13 15:13:45 294912 ----a-w- C:\Windows\System32\invagent.dll
2016-07-13 15:13:45 268800 ----a-w- C:\Windows\System32\centel.dll
2016-07-13 15:13:45 219136 ----a-w- C:\Windows\System32\aepic.dll
2016-07-13 15:13:45 1490432 ----a-w- C:\Windows\System32\appraiser.dll
2016-07-13 15:13:45 1208320 ----a-w- C:\Windows\System32\aeinv.dll
2016-07-13 15:13:42 3217408 ----a-w- C:\Windows\System32\win32k.sys
2016-07-11 12:57:55 -------- d-----w- C:\Users\Priya\AppData\Local\Avanquest North America
2016-07-11 12:56:12 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2016-07-08 19:55:35 -------- d-----w- C:\ProgramData\Logs
.
==================== Find3M ====================
.
2016-07-26 19:24:24 504488 ------w- C:\Windows\System32\MpSigStub.exe
2016-07-14 11:34:19 796352 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-07-14 11:34:19 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-06-26 00:27:39 756736 ----a-w- C:\Windows\System32\win32spl.dll
2016-06-26 00:27:32 344576 ----a-w- C:\Windows\System32\ntprint.dll
2016-06-26 00:27:25 22528 ----a-w- C:\Windows\System32\inetppui.dll
2016-06-26 00:27:25 166400 ----a-w- C:\Windows\System32\inetpp.dll
2016-06-25 19:54:03 497152 ----a-w- C:\Windows\SysWow64\win32spl.dll
2016-06-25 19:53:56 297472 ----a-w- C:\Windows\SysWow64\ntprint.dll
2016-06-25 19:53:05 48640 ----a-w- C:\Windows\System32\wpnpinst.exe
2016-06-25 19:53:04 61952 ----a-w- C:\Windows\System32\ntprint.exe
2016-06-25 19:41:53 61952 ----a-w- C:\Windows\SysWow64\ntprint.exe
2016-06-23 13:43:42 478128 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2016-06-14 15:21:17 2560 ----a-w- C:\Windows\apppatch\AcRes.dll
2016-06-10 21:38:26 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-06-10 21:38:13 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-06-10 21:20:37 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-06-10 21:19:33 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-06-10 21:19:24 417792 ----a-w- C:\Windows\System32\html.iec
2016-06-10 21:18:57 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-06-10 21:18:48 572416 ----a-w- C:\Windows\System32\vbscript.dll
2016-06-10 21:03:14 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-06-10 21:03:13 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-06-10 21:02:53 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-06-10 20:53:59 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-06-10 20:49:29 6047744 ----a-w- C:\Windows\System32\jscript9.dll
2016-06-10 20:40:41 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-06-10 20:11:27 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-06-10 20:10:46 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-06-10 19:44:23 2869248 ----a-w- C:\Windows\System32\wininet.dll
2016-06-10 19:09:24 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-06-10 18:54:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-06-10 18:53:35 497664 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-06-10 18:53:30 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-06-10 18:53:13 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-06-10 18:52:06 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-06-10 18:41:44 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-06-10 18:41:22 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-06-10 18:27:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-06-10 18:14:52 4608000 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-06-10 18:09:13 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-06-10 18:09:07 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-06-10 17:45:19 2392576 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-05-18 16:10:23 312832 ----a-w- C:\Windows\SysWow64\gdi32.dll
2016-05-18 16:09:22 405504 ----a-w- C:\Windows\System32\gdi32.dll
2016-05-13 22:15:24 382184 ----a-w- C:\Windows\System32\atmfd.dll
2016-05-13 22:09:19 41472 ----a-w- C:\Windows\System32\lpk.dll
2016-05-13 22:09:16 100864 ----a-w- C:\Windows\System32\fontsub.dll
2016-05-13 22:09:13 14336 ----a-w- C:\Windows\System32\dciman32.dll
2016-05-13 22:09:10 46080 ----a-w- C:\Windows\System32\atmlib.dll
2016-05-13 21:54:26 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2016-05-13 21:50:05 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2016-05-13 21:49:48 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2016-05-13 21:49:46 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2016-05-13 21:27:06 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2016-05-12 17:20:14 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-05-12 17:20:14 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-05-12 17:15:04 105472 ----a-w- C:\Windows\System32\winipsec.dll
2016-05-12 17:15:03 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2016-05-12 17:15:03 210432 ----a-w- C:\Windows\System32\wdigest.dll
2016-05-12 17:15:03 2048 ----a-w- C:\Windows\System32\tzres.dll
2016-05-12 17:15:02 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2016-05-12 17:15:02 135680 ----a-w- C:\Windows\System32\sspicli.dll
2016-05-12 15:18:40 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-05-12 1556 25600 ----a-w- C:\Windows\System32\gpscript.exe
2016-05-12 15:05:40 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-05-12 14:58:45 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-05-12 14:58:32 464896 ----a-w- C:\Windows\System32\drivers\srv.sys
2016-05-12 14:58:25 405504 ----a-w- C:\Windows\System32\drivers\srv2.sys
2016-05-12 14:58:18 168960 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2016-05-12 14:58:12 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-05-12 14:58:10 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-05-12 14:57:27 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-05-12 14:57:00 30720 ----a-w- C:\Windows\SysWow64\gpscript.dll
2016-05-12 14:57:00 24576 ----a-w- C:\Windows\SysWow64\gpscript.exe
2016-05-12 14:56:15 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-05-12 14:51:38 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-05-12 13:05:59 459640 ----a-w- C:\Windows\System32\drivers\cng.sys
2016-05-12 13:05:59 297984 ----a-w- C:\Windows\System32\bcryptprimitives.dll
2016-05-12 13:04:55 249352 ----a-w- C:\Windows\SysWow64\bcryptprimitives.dll
2016-05-11 17:02:50 296448 ----a-w- C:\Windows\System32\ws2_32.dll
2016-05-11 17:02:49 444928 ----a-w- C:\Windows\System32\winhttp.dll
2016-05-11 17:02:48 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2016-05-11 17:02:42 327168 ----a-w- C:\Windows\System32\mswsock.dll
2016-05-11 15:19:26 206336 ----a-w- C:\Windows\SysWow64\ws2_32.dll
2016-05-11 15:19:25 351744 ----a-w- C:\Windows\SysWow64\winhttp.dll
2016-05-11 15:19:24 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2016-05-11 15:19:16 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2016-05-11 15:11:34 25088 ----a-w- C:\Windows\System32\netbtugc.exe
2016-05-11 15:01:19 26624 ----a-w- C:\Windows\SysWow64\netbtugc.exe
2016-05-11 14:58:23 262144 ----a-w- C:\Windows\System32\drivers\netbt.sys
.
============= FINISH: 7:18:33.47 ===============


Thank you in advance for any feedback/suggestions.
Attached Files
File Type: txt attach.txt (12.0 KB, 23 views)
bellavida is offline  
Sponsored Links
Advertisement
 
Old 08-02-2016, 03:45 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Why does your machine only have 1 system restore point(8/1)?

------------------------------------------------------

Please explain why this computer has no antivirus program installed and running. This is an open invitation for infection.

It can take as little as eight seconds to infect an unprotected computer.

Please keep this computer offline except when downloading tools and posting in the forum until we get one installed.

Let me know your intentions for an antivirus program, and/or if you need a suggestion.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-03-2016, 10:38 AM   #3
Registered Member
 
Join Date: Aug 2016
Posts: 2
OS: Windows 7 64 bit



Hello Chemist,

Thanks for your quick response! I am subscribed to this thread. I am not sure why it only shows 1 restore point - which I tried to restore it to and failed.

Since my initial post, I now have Malwarebytes Anti-Malware Installed. I have tried both Avast and Avira and recently uninstalled due to the constant pop-up ads and notifications. Avira also slowed down system resources. I am open to suggestions for an effective virus protection program (even paid versions) which does not slow down the system or have pop-up notifications.

Here are the ComboFix results:

ComboFix 16-08-03.01 - Priya 08/03/2016 12:23:25.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8064.3495 [GMT -5:00]
Running from: c:\users\Priya\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\programdata\ntuser.pol
c:\users\Priya\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijkhbldkmlcglldopamjfhalfbohfja
c:\users\Priya\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijkhbldkmlcglldopamjfhalfbohfja\4.4.5_0\_metadata\computed_hashes.json
c:\users\Priya\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijkhbldkmlcglldopamjfhalfbohfja\4.4.5_0\_metadata\verified_contents.json
c:\users\Priya\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijkhbldkmlcglldopamjfhalfbohfja\4.4.5_0\background.js
c:\users\Priya\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijkhbldkmlcglldopamjfhalfbohfja\4.4.5_0\icons\128x128.png
c:\users\Priya\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijkhbldkmlcglldopamjfhalfbohfja\4.4.5_0\icons\16x16.png
c:\users\Priya\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijkhbldkmlcglldopamjfhalfbohfja\4.4.5_0\icons\favicon.ico
c:\users\Priya\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijkhbldkmlcglldopamjfhalfbohfja\4.4.5_0\manifest.json
c:\users\Priya\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijkhbldkmlcglldopamjfhalfbohfja\4.4.5_0\sitecontent.js
c:\users\Priya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eijkhbldkmlcglldopamjfhalfbohfja_0.localstorage-journal
c:\users\Priya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eijkhbldkmlcglldopamjfhalfbohfja_0.localstorage
c:\users\Priya\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\msdownld.tmp
c:\windows\security\logs\scecomp.log
.
.
((((((((((((((((((((((((( Files Created from 2016-07-03 to 2016-08-03 )))))))))))))))))))))))))))))))
.
.
2016-08-03 17:27 . 2016-08-03 17:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-08-02 14:31 . 2016-08-03 17:28 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-08-02 14:31 . 2016-08-02 14:31 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-08-02 14:31 . 2016-08-02 14:31 -------- d-----w- c:\programdata\Malwarebytes
2016-08-02 14:31 . 2016-03-10 19:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-08-02 14:31 . 2016-03-10 19:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-08-02 14:31 . 2016-03-10 19:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-08-01 18:17 . 2016-08-02 03:56 -------- d-----w- c:\programdata\TorchCrashHandler
2016-08-01 17:05 . 2016-08-01 17:05 -------- d-----w- c:\programdata\Sophos
2016-08-01 16:41 . 2016-08-01 16:41 -------- d-----w- c:\program files (x86)\Sophos
2016-08-01 16:28 . 2016-08-02 11:39 -------- d-----w- c:\programdata\Avira
2016-08-01 16:28 . 2016-08-02 11:39 -------- d-----w- c:\program files (x86)\Avira
2016-08-01 16:04 . 2016-08-03 17:28 -------- d--h--w- c:\program files (x86)\merrick
2016-08-01 16:04 . 2016-08-01 16:04 -------- d--h--w- c:\program files (x86)\healing
2016-08-01 16:04 . 2016-08-01 16:04 -------- d-----w- c:\users\Priya\AppData\Roaming\AVSoftware
2016-08-01 16:04 . 2016-08-01 16:04 -------- d-----w- c:\users\Priya\AppData\Local\Shortcut Installer
2016-08-01 16:03 . 2016-08-02 11:51 -------- d-----w- c:\program files (x86)\Videodriver
2016-08-01 16:02 . 2016-08-01 16:03 -------- d-----w- c:\program files (x86)\winrule
2016-08-01 16:01 . 2016-06-11 04:48 815312 ---h--w-.exe c:\progra~2\INTERN~1\IPLRBT~1.EXE
2016-08-01 16:01 . 2015-10-30 02:22 392872 ---h--w-.exe c:\progra~2\MOZILL~1\FIRFBT~1.EXE
2016-07-29 22:08 . 2016-06-21 22:04 12007136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97718EF0-3065-42FC-B22F-2FE8F669C891}\mpengine.dll
2016-07-28 17:46 . 2016-07-28 17:46 85088 ----a-w- c:\windows\system32\drivers\df55e8d33527ea46bcda5aecc8cc068b.sys
2016-07-27 14:58 . 2016-07-27 14:58 -------- d-----w- c:\users\Admin
2016-07-27 14:57 . 2016-07-27 14:57 -------- d-----w- c:\users\Priya\AppData\Local\VS Revo Group
2016-07-27 14:57 . 2016-07-27 14:57 -------- d-----w- c:\programdata\VS Revo Group
2016-07-27 14:57 . 2009-12-30 16:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2016-07-27 14:57 . 2016-07-27 14:57 -------- d-----w- c:\program files\VS Revo Group
2016-07-27 08:00 . 2016-07-27 08:00 -------- d-s---w- c:\windows\system32\GWX
2016-07-27 08:00 . 2016-07-27 08:00 -------- d-s---w- c:\windows\SysWow64\GWX
2016-07-25 13:08 . 2016-07-25 13:08 -------- d-----w- c:\users\Priya\AppData\Local\AGNS
2016-07-25 13:08 . 2016-07-25 13:08 -------- d-----w- c:\users\Priya\AppData\Local\AT&T
2016-07-25 13:08 . 2016-07-25 13:08 -------- d-----w- c:\programdata\Sierra Wireless
2016-07-25 13:08 . 2016-07-25 13:08 -------- d-----w- c:\program files (x86)\AT&T Global Network Client
2016-07-25 13:08 . 2016-07-25 13:08 -------- d-----w- c:\programdata\AGNS
2016-07-25 13:08 . 2016-07-25 13:08 -------- d-----w- c:\program files (x86)\Sierra Wireless Inc
2016-07-15 14:07 . 2016-07-15 14:07 -------- d-s---w- c:\windows\SysWow64\Microsoft
2016-07-14 17:04 . 2016-07-14 17:04 -------- d-----w- c:\program files\Infor Global Solutions
2016-07-14 17:04 . 2016-07-14 17:04 -------- d-----w- c:\program files (x86)\Infor CloudSuite Financial Reporting Tool Excel Add-In(64-Bits)
2016-07-13 15:14 . 2016-06-26 00:27 756736 ----a-w- c:\windows\system32\win32spl.dll
2016-07-13 15:13 . 2016-06-26 00:35 41704 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-07-13 15:13 . 2016-06-26 00:27 1208320 ----a-w- c:\windows\system32\aeinv.dll
2016-07-13 15:13 . 2016-06-22 13:06 268800 ----a-w- c:\windows\system32\centel.dll
2016-07-13 15:13 . 2016-06-17 18:24 571904 ----a-w- c:\windows\system32\generaltel.dll
2016-07-13 15:13 . 2016-06-17 18:24 544256 ----a-w- c:\windows\system32\devinv.dll
2016-07-13 15:13 . 2016-06-17 18:24 294912 ----a-w- c:\windows\system32\invagent.dll
2016-07-13 15:13 . 2016-06-17 18:24 76800 ----a-w- c:\windows\system32\acmigration.dll
2016-07-13 15:13 . 2016-06-17 18:24 219136 ----a-w- c:\windows\system32\aepic.dll
2016-07-13 15:13 . 2016-06-17 18:24 1490432 ----a-w- c:\windows\system32\appraiser.dll
2016-07-13 15:13 . 2016-06-14 15:03 3217408 ----a-w- c:\windows\system32\win32k.sys
2016-07-11 12:57 . 2016-07-11 12:57 -------- d-----w- c:\users\Priya\AppData\Local\Avanquest North America
2016-07-11 12:56 . 2016-07-11 12:56 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2016-07-08 19:55 . 2016-07-08 19:55 -------- d-----w- c:\programdata\Logs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-07-26 19:24 . 2010-11-21 03:27 504488 ------w- c:\windows\system32\MpSigStub.exe
2016-07-14 11:34 . 2015-10-06 21:38 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-07-14 11:34 . 2015-10-06 21:38 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-07-14 09:59 . 2010-06-24 16:33 24800 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2016-06-23 13:43 . 2016-06-23 13:43 478128 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2016-06-14 15:21 . 2016-07-13 15:13 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2016-05-18 16:10 . 2016-06-15 13:36 312832 ----a-w- c:\windows\SysWow64\gdi32.dll
2016-05-18 16:09 . 2016-06-15 13:36 405504 ----a-w- c:\windows\system32\gdi32.dll
2016-05-13 22:15 . 2016-06-15 13:36 382184 ----a-w- c:\windows\system32\atmfd.dll
2016-05-13 22:09 . 2016-06-15 13:36 41472 ----a-w- c:\windows\system32\lpk.dll
2016-05-13 22:09 . 2016-06-15 13:36 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-05-13 22:09 . 2016-06-15 13:36 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-05-13 22:09 . 2016-06-15 13:36 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-05-13 21:54 . 2016-06-15 13:36 308456 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-05-13 21:50 . 2016-06-15 13:36 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-05-13 21:49 . 2016-06-15 13:36 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-05-13 21:49 . 2016-06-15 13:36 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-05-13 21:27 . 2016-06-15 13:36 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-05-12 17:20 . 2016-06-15 13:36 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-05-12 17:20 . 2016-06-15 13:36 154856 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-05-12 17:15 . 2016-06-15 13:36 105472 ----a-w- c:\windows\system32\winipsec.dll
2016-05-12 17:15 . 2016-06-15 13:36 2048 ----a-w- c:\windows\system32\tzres.dll
2016-05-12 17:15 . 2016-06-15 13:36 86528 ----a-w- c:\windows\system32\TSpkg.dll
2016-05-12 17:15 . 2016-06-15 13:36 210432 ----a-w- c:\windows\system32\wdigest.dll
2016-05-12 17:15 . 2016-06-15 13:36 135680 ----a-w- c:\windows\system32\sspicli.dll
2016-05-12 17:15 . 2016-06-15 13:36 28672 ----a-w- c:\windows\system32\sspisrv.dll
2016-05-12 17:14 . 2016-06-15 13:36 344064 ----a-w- c:\windows\system32\schannel.dll
2016-05-12 17:14 . 2016-06-15 13:36 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-05-12 17:14 . 2016-06-15 13:36 1212928 ----a-w- c:\windows\system32\rpcrt4.dll
2016-05-12 17:14 . 2016-06-15 13:36 28160 ----a-w- c:\windows\system32\secur32.dll
2016-05-12 17:14 . 2016-06-15 13:36 373760 ----a-w- c:\windows\system32\polstore.dll
2016-05-12 17:14 . 2016-06-15 13:36 312320 ----a-w- c:\windows\system32\ncrypt.dll
2016-05-12 17:14 . 2016-06-15 13:36 316416 ----a-w- c:\windows\system32\msv1_0.dll
2016-05-12 17:14 . 2016-06-15 13:36 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-05-12 17:14 . 2016-06-15 13:36 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-05-12 17:14 . 2016-06-15 13:36 1464320 ----a-w- c:\windows\system32\lsasrv.dll
2016-05-12 17:14 . 2016-06-15 13:36 730624 ----a-w- c:\windows\system32\kerberos.dll
2016-05-12 17:14 . 2016-06-15 13:36 502272 ----a-w- c:\windows\system32\IPSECSVC.DLL
2016-05-12 17:14 . 2016-06-15 13:36 96256 ----a-w- c:\windows\system32\gpapi.dll
2016-05-12 17:14 . 2016-06-15 13:36 794624 ----a-w- c:\windows\system32\gpsvc.dll
2016-05-12 17:14 . 2016-06-15 13:36 793088 ----a-w- c:\windows\system32\gpprefcl.dll
2016-05-12 17:14 . 2016-06-15 13:36 75776 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2016-05-12 17:14 . 2016-06-15 13:36 32768 ----a-w- c:\windows\system32\gpscript.dll
2016-05-12 17:14 . 2016-06-15 13:36 43520 ----a-w- c:\windows\system32\cryptbase.dll
2016-05-12 17:14 . 2016-06-15 13:36 22016 ----a-w- c:\windows\system32\credssp.dll
2016-05-12 17:14 . 2016-06-15 13:36 463872 ----a-w- c:\windows\system32\certcli.dll
2016-05-12 17:14 . 2016-06-15 13:36 690688 ----a-w- c:\windows\system32\adtschema.dll
2016-05-12 15:18 . 2016-06-15 13:36 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2016-05-12 15:18 . 2016-06-15 13:36 666112 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2016-05-12 15:18 . 2016-06-15 13:36 70144 ----a-w- c:\windows\SysWow64\winipsec.dll
2016-05-12 15:18 . 2016-06-15 13:36 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2016-05-12 15:18 . 2016-06-15 13:36 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2016-05-12 15:18 . 2016-06-15 13:36 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2016-05-12 15:18 . 2016-06-15 13:36 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-05-12 15:18 . 2016-06-15 13:36 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2016-05-12 15:18 . 2016-06-15 13:36 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-05-12 15:18 . 2016-06-15 13:36 274944 ----a-w- c:\windows\SysWow64\polstore.dll
2016-05-12 15:18 . 2016-06-15 13:36 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2016-05-12 15:18 . 2016-06-15 13:36 260608 ----a-w- c:\windows\SysWow64\msv1_0.dll
2016-05-12 15:18 . 2016-06-15 13:36 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2016-05-12 15:18 . 2016-06-15 13:36 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2016-05-12 15:18 . 2016-06-15 13:36 553472 ----a-w- c:\windows\SysWow64\kerberos.dll
2016-05-12 15:18 . 2016-06-15 13:36 591872 ----a-w- c:\windows\SysWow64\gpprefcl.dll
2016-05-12 15:18 . 2016-06-15 13:36 79360 ----a-w- c:\windows\SysWow64\gpapi.dll
2016-05-12 15:18 . 2016-06-15 13:36 44032 ----a-w- c:\windows\SysWow64\FwRemoteSvr.dll
2016-05-12 15:18 . 2016-06-15 13:36 342528 ----a-w- c:\windows\SysWow64\certcli.dll
2016-05-12 15:18 . 2016-06-15 13:36 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2016-05-12 15:18 . 2016-06-15 13:36 690688 ----a-w- c:\windows\SysWow64\adtschema.dll
2016-05-12 15:06 . 2016-06-15 13:36 25600 ----a-w- c:\windows\system32\gpscript.exe
2016-05-12 15:05 . 2016-06-15 13:36 64000 ----a-w- c:\windows\system32\auditpol.exe
2016-05-12 14:58 . 2016-06-15 13:36 159744 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2016-05-12 14:58 . 2016-06-15 13:36 464896 ----a-w- c:\windows\system32\drivers\srv.sys
2016-05-12 14:58 . 2016-06-15 13:36 405504 ----a-w- c:\windows\system32\drivers\srv2.sys
2016-05-12 14:58 . 2016-06-15 13:36 168960 ----a-w- c:\windows\system32\drivers\srvnet.sys
2016-05-12 14:58 . 2016-06-15 13:36 291328 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2016-05-12 14:58 . 2016-06-15 13:36 129536 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2016-05-12 14:57 . 2016-06-15 13:36 30720 ----a-w- c:\windows\system32\lsass.exe
2016-05-12 14:57 . 2016-06-15 13:36 30720 ----a-w- c:\windows\SysWow64\gpscript.dll
2016-05-12 14:57 . 2016-06-15 13:36 24576 ----a-w- c:\windows\SysWow64\gpscript.exe
2016-05-12 14:56 . 2016-06-15 13:36 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2016-05-12 14:51 . 2016-06-15 13:36 36352 ----a-w- c:\windows\SysWow64\cryptbase.dll
2016-05-12 13:05 . 2016-06-15 13:36 459640 ----a-w- c:\windows\system32\drivers\cng.sys
2016-05-12 13:05 . 2016-06-15 13:36 297984 ----a-w- c:\windows\system32\bcryptprimitives.dll
2016-05-12 13:04 . 2016-06-15 13:36 249352 ----a-w- c:\windows\SysWow64\bcryptprimitives.dll
2016-05-11 17:02 . 2016-06-15 13:36 296448 ----a-w- c:\windows\system32\ws2_32.dll
2016-05-11 17:02 . 2016-06-15 13:36 444928 ----a-w- c:\windows\system32\winhttp.dll
2016-05-11 17:02 . 2016-06-15 13:36 483840 ----a-w- c:\windows\system32\StructuredQuery.dll
2016-05-11 17:02 . 2016-06-15 13:36 327168 ----a-w- c:\windows\system32\mswsock.dll
2016-05-11 15:19 . 2016-06-15 13:36 206336 ----a-w- c:\windows\SysWow64\ws2_32.dll
2016-05-11 15:19 . 2016-06-15 13:36 351744 ----a-w- c:\windows\SysWow64\winhttp.dll
2016-05-11 15:19 . 2016-06-15 13:36 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll
2016-05-11 15:19 . 2016-06-15 13:36 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2016-05-11 15:11 . 2016-06-15 13:36 25088 ----a-w- c:\windows\system32\netbtugc.exe
2016-05-11 15:01 . 2016-06-15 13:36 26624 ----a-w- c:\windows\SysWow64\netbtugc.exe
2016-05-11 14:58 . 2016-06-15 13:36 262144 ----a-w- c:\windows\system32\drivers\netbt.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-05-03 13:14 1602248 ----a-w- c:\users\Priya\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-05-03 13:14 1602248 ----a-w- c:\users\Priya\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-05-03 13:14 1602248 ----a-w- c:\users\Priya\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-05-03 13:14 1602248 ----a-w- c:\users\Priya\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-05-03 13:14 1602248 ----a-w- c:\users\Priya\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-06-14 17:41 1741104 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-06-14 17:41 1741104 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-06-14 17:41 1741104 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" [2016-06-30 884920]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2016-06-29 26424960]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2015-11-30 60688]
"NetSP - restore settings on power failure"="c:\program files (x86)\AT&T Global Network Client\NetSP.exe" [2016-04-13 56232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe" [2016-06-30 1867448]
.
c:\users\Priya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Send to OneNote.lnk - c:\program files\Microsoft Office\Office15\ONENOTEM.EXE /tsr [2015-12-8 222384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AT&T Global Network Client.lnk - c:\program files (x86)\AT&T Global Network Client\NetClient.exe -netgm [2016-4-13 1623464]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 TorchCrashHandler;Torch Crash Handler;c:\users\Priya\AppData\Local\Torch\Update\TorchCrashHandler.exe;c:\users\Priya\AppData\Local\Torch\Update\TorchCrashHandler.exe [x]
R2 TunMirror;TunMirror;c:\users\Priya\AppData\Local\Temp\1304.tmp\TunMirror.exe;c:\users\Priya\AppData\Local\Temp\1304.tmp\TunMirror.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 irstrtdv;Intel(R) Rapid Start Technology Driver;c:\windows\system32\drivers\irstrtdv.sys;c:\windows\SYSNATIVE\drivers\irstrtdv.sys [x]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\drivers\ISCTD64.sys;c:\windows\SYSNATIVE\drivers\ISCTD64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDRw7x64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ST7007;ST7007;c:\windows\system32\drivers\ST7007.sys;c:\windows\SYSNATIVE\drivers\ST7007.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 tapse01;SurfEasy TAP-Windows Adapter V9;c:\windows\system32\DRIVERS\tapse01.sys;c:\windows\SYSNATIVE\DRIVERS\tapse01.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 WvPCR;WvPCR;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S1 df55e8d33527ea46bcda5aecc8cc068b;disqbus;c:\windows\system32\drivers\df55e8d33527ea46bcda5aecc8cc068b.sys;c:\windows\SYSNATIVE\drivers\df55e8d33527ea46bcda5aecc8cc068b.sys [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 EmbassyService;EmbassyService;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NetAutoconnectFocusSvc;AT&T Autoconnect Focus Reporting Service;c:\program files (x86)\AT&T Global Network Client\NetAutoconnectFocusSvc.exe;c:\program files (x86)\AT&T Global Network Client\NetAutoconnectFocusSvc.exe [x]
S2 NetClientSvc;AT&T Global Network Client Service;c:\program files (x86)\AT&T Global Network Client\NetClientSvc.exe;c:\program files (x86)\AT&T Global Network Client\NetClientSvc.exe [x]
S2 NetLogSvc;AT&T Global Network Client Logging Service;c:\program files (x86)\AT&T Global Network Client\NetLogSvc.exe;c:\program files (x86)\AT&T Global Network Client\NetLogSvc.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]
S2 WindowService;WindowService;c:\program files (x86)\Videodriver\WindowService.exe;c:\program files (x86)\Videodriver\WindowService.exe [x]
S2 WinRuleSvc;Window Rules Manager;c:\program files (x86)\winrule\WinRuleSync.exe;c:\program files (x86)\winrule\WinRuleSync.exe [x]
S2 WinRuleSvc2;Window Rules Manager2;c:\program files (x86)\winrule\WinRuleSync_.exe;c:\program files (x86)\winrule\WinRuleSync_.exe [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\NxDrv.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{AC76BA86-0000-0000-7760-7E8A45000000}]
2016-06-30 11:55 386232 ----a-w- c:\program files (x86)\Adobe\Acrobat DC\Esl\Aiod.dll
.
Contents of the 'Scheduled Tasks' folder
.
2016-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-06 11:34]
.
2016-08-03 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-1662030818-4240472405-214509258-1002.job
- c:\users\Priya\AppData\Local\Citrix\GoToMeeting\5174\g2mupdate.exe [2016-07-05 17:39]
.
2016-08-03 c:\windows\Tasks\G2MUploadTask-S-1-5-21-1662030818-4240472405-214509258-1002.job
- c:\users\Priya\AppData\Local\Citrix\GoToMeeting\5174\g2mupload.exe [2016-07-05 17:39]
.
2016-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-08-02 11:40]
.
2016-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-08-02 11:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-05-03 13:14 1659080 ----a-w- c:\users\Priya\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-05-03 13:14 1659080 ----a-w- c:\users\Priya\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-05-03 13:14 1659080 ----a-w- c:\users\Priya\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-05-03 13:14 1659080 ----a-w- c:\users\Priya\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-05-03 13:14 1659080 ----a-w- c:\users\Priya\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-06-14 17:37 2348848 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-06-14 17:37 2348848 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-06-14 17:37 2348848 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-12-08 15:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-12-08 15:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2012-01-26 626552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-25 170264]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-25 439064]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-12-08 381296]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2016-01-08 508128]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
Trusted Zone: infor.com\%3cutilityservername%3e.cloud
Trusted Zone: rhsco.local
TCP: DhcpNameServer = 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Priya\AppData\Roaming\Mozilla\Firefox\Profiles\zu2ytgbj.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-APSDaemon - c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-ic-0.7d3c7e1b42927.exe -start - c:\users\Priya\AppData\Local\Temp\436036834\ic-0.7d3c7e1b42927.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-SysTrayApp - c:\program files\IDT\WDM\sttray64.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_210_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_210_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.22"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\AT&T Global Network Client\netcfgsvr.exe
c:\windows\system32\o2flash.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\WinRule\WinRule.exe
c:\program files (x86)\WinRule\WinRule_.exe
c:\program files (x86)\WinRule\WinRule_.exe
c:\program files (x86)\WinRule\WinRule_.exe
c:\program files (x86)\WinRule\WinRule.exe
c:\program files (x86)\WinRule\WinRule.exe
c:\program files (x86)\AT&T Global Network Client\CellularPlugInController\CellularPlugInController.exe
.
**************************************************************************
.
Completion time: 2016-08-03 12:30:16 - machine was rebooted
ComboFix-quarantined-files.txt 2016-08-03 17:30
.
Pre-Run: 68,600,942,592 bytes free
Post-Run: 70,548,197,376 bytes free
.
- - End Of File - - 1D5AB9A3D97B393D1C20854978A6F507


Thanks again!
bellavida is offline  
Sponsored Links
Advertisement
 
Old 08-03-2016, 07:41 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello bellavida. You're very welcome. Did you run MBAM before running ComboFix?

Was HotSpot Shield and/or SurfEasy previous installs?

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...#1TC=windows-7

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

------------------------------------------------------

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:
https://www.techsupportforum.com/forums/f50/possible-virus-malware-1149481.html#post7171641

Collect::[154]
c:\progra~2\INTERN~1\IPLRBT~1.EXE
c:\progra~2\MOZILL~1\FIRFBT~1.EXE

ClearJavaCache::

Folder::
c:\programdata\TorchCrashHandler
c:\programdata\Sophos
c:\program files (x86)\Sophos
c:\programdata\Avira
c:\program files (x86)\Avira
c:\program files (x86)\merrick
c:\program files (x86)\healing
c:\users\Priya\AppData\Roaming\AVSoftware
c:\users\Priya\AppData\Local\Shortcut Installer
c:\program files (x86)\Videodriver
c:\program files (x86)\winrule

DirLook::
c:\program files (x86)\merrick
c:\program files (x86)\healing

Driver::
TunMirror
Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix.

If you are prompted to update ComboFix and have an internet connection, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-20-2016, 06:41 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
TCP/IP Issues following virus/malware removal
Here's the deal, I recently had the XP Home Security 2012 virus/malware on my computer. I was able to follow a youtube video to download malwarebytes.org to removed said nuisance. After removing that, I scanned my computer with SUPERAntispyware (free edition). This is where my current issue began,...
foz_124 Networking Support 4 01-04-2012 09:41 PM
Possible Virus/Malware? Win32.dialer
Hey guys, I decided it was time for a format and reinstall of windows, i had lots of issues, so i thought the need to start over. So i re-installed windows direct from my retail disk, set everything up, put in a firewall and AntiVirus combination, and then this: I recieved a high-risk warning...
user1690 Resolved HJT Threads 1 10-12-2011 10:02 AM
Google Redirect Virus/Malware
Hi, I've had this redirect virus for a couple of months now, I didn't try much removal programs other than malwarebytes anti-malware and Dr.Webs Cure It and then I read you're only chance of getting rid of it was reformatting. NOTE: due to the reformat I'm back to Windows XP Service Pack 2. A...
KFH Virus/Trojan/Spyware Help 30 05-06-2011 12:34 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:16 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts