Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible malware infection?


  • This topic is locked This topic is locked
3 replies to this topic

#1 po6pwn

po6pwn

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 PM

Posted 08 January 2017 - 10:06 AM

I had a few problems with my system lately, It was being extremely slow and when I checked task manager I found 'promoutil.exe' which didn't allow me to end the task. Ran a few scans of my own, log files from combofix and adwcleaner are posted below. Is my system clean or is there persistent malware? 
PS: I also ran Malwarebytes and used it to fix all the errors found. I cannot use HitmanPro as the free trial ran out. Should I also run tdsskiller?

 

Combofix

 

ComboFix 17-01-04.01 - Armaan 08-Jan-17  14:26:38.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16239.11294 [GMT 5.5:30]
Running from: d:\users\Armaan\Desktop\ComboFix.exe
AV: 360 Total Security *Disabled/Updated* {0371CA44-3F80-A1D3-BECE-910620B58D50}
SP: 360 Total Security *Disabled/Updated* {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Armaan\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINISOCDBUS
-------\Service_WinisoCDBus
.
.
(((((((((((((((((((((((((   Files Created from 2016-12-08 to 2017-01-08  )))))))))))))))))))))))))))))))
.
.
2017-01-08 09:36 . 2017-01-08 09:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-01-08 08:51 . 2016-12-14 07:25 77416 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-01-08 08:51 . 2017-01-08 08:51 -------- d-----w- c:\program files\Malwarebytes
2017-01-06 21:39 . 2017-01-06 21:39 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{332DEE86-93A2-49B2-870C-5146965C579E}\offreg.3544.dll
2017-01-06 14:57 . 2016-11-10 07:44 11781064 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{332DEE86-93A2-49B2-870C-5146965C579E}\mpengine.dll
2017-01-01 19:19 . 2017-01-01 19:19 -------- d-----w- c:\users\Armaan\AppData\Local\IW
2017-01-01 19:19 . 2017-01-01 19:20 -------- d-----w- c:\program files (x86)\Enigma Recovery
2017-01-01 19:18 . 2017-01-01 19:22 -------- d-----w- c:\users\Armaan\AppData\Local\EnigmaDigital
2017-01-01 19:10 . 2017-01-01 19:10 -------- d-----w- c:\users\Armaan\AppData\Local\FonePaw
2016-12-31 21:56 . 2016-12-31 21:56 -------- d-----w- c:\users\Armaan\AppData\Local\iMobie_Inc
2016-12-31 21:56 . 2016-12-31 21:56 -------- d-----w- c:\users\Armaan\AppData\Roaming\iMobie
2016-12-31 21:56 . 2017-01-01 12:57 -------- d-----w- c:\program files (x86)\iMobie
2016-12-27 20:48 . 2016-12-27 20:51 -------- d-----w- c:\users\Armaan\AppData\Local\Plex Media Server
2016-12-27 20:43 . 2016-12-27 20:43 -------- d-----w- c:\program files (x86)\VirusTotalUploader2
2016-12-27 20:25 . 2016-12-27 20:28 -------- d-----w- c:\users\Armaan\AppData\Roaming\Trillian
2016-12-27 20:24 . 2016-12-27 20:40 -------- d-----w- c:\program files (x86)\Trillian
2016-12-27 18:51 . 2016-12-27 19:05 -------- d-----w- c:\users\Armaan\AppData\Local\vsixinstaller
2016-12-27 02:46 . 2016-12-27 02:52 589792 ----a-w- c:\programdata\Microsoft\Blend\14.0\1033\ResourceCache.dll
2016-12-27 02:26 . 2016-12-27 02:26 -------- d-----w- c:\users\Armaan\.dnx
2016-12-27 02:09 . 2016-12-27 18:10 2004320 ----a-w- c:\programdata\Microsoft\VisualStudio\14.0\1033\ResourceCache.dll
2016-12-27 02:08 . 2016-12-27 02:08 -------- d-----w- c:\windows\SysWow64\Visual Studio 2015
2016-12-27 01:42 . 2016-12-27 01:42 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2016-12-27 01:37 . 2016-12-27 01:37 -------- d-----w- c:\programdata\Microsoft DNX
2016-12-27 01:29 . 2016-12-27 01:30 -------- d-----w- c:\program files\IIS Express
2016-12-27 01:29 . 2016-12-27 01:30 -------- d-----w- c:\program files (x86)\IIS Express
2016-12-27 01:28 . 2016-12-27 01:28 -------- d-----w- c:\program files\IIS
2016-12-27 01:28 . 2016-12-27 01:28 -------- d-----w- c:\program files (x86)\IIS
2016-12-27 01:23 . 2016-12-27 18:11 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 12.0
2016-12-27 01:18 . 2016-12-27 01:18 -------- d-----w- c:\program files (x86)\Microsoft Help Viewer
2016-12-27 01:16 . 2016-12-27 19:08 -------- d-----w- c:\windows\SysWow64\1033
2016-12-27 01:15 . 2016-12-27 01:53 -------- d-----w- c:\program files\Microsoft SQL Server
2016-12-27 01:15 . 2016-12-27 01:53 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2016-12-27 01:06 . 2016-12-27 19:18 -------- d-----w- c:\windows\system32\1033
2016-12-27 01:05 . 2016-12-27 19:15 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 14.0
2016-12-27 00:59 . 2016-12-27 19:09 -------- d-----w- c:\program files (x86)\Windows Kits
2016-12-27 00:59 . 2016-12-27 19:10 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2016-12-26 23:52 . 2016-12-27 00:25 -------- d-----w- C:\ESD
2016-12-26 23:52 . 2017-01-08 08:00 -------- d-----w- C:\$WINDOWS.~BT
2016-12-26 23:51 . 2016-12-26 23:51 -------- d-----w- C:\$Windows.~WS
2016-12-26 00:29 . 2016-12-26 00:29 -------- d-----w- c:\program files (x86)\WinDirStat
2016-12-25 21:36 . 2016-12-25 21:36 -------- d-----w- c:\users\Armaan\.android
2016-12-25 13:06 . 2016-12-25 13:06 -------- d-----w- c:\programdata\ByteFence
2016-12-25 12:58 . 2016-12-25 12:58 -------- d-----w- c:\program files\iPod
2016-12-25 12:50 . 2016-12-25 12:50 -------- d-----w- c:\users\Armaan\AppData\Local\Setup7135626
2016-12-25 12:50 . 2016-12-25 12:50 -------- d-----w- c:\programdata\{A9786C1B-233A-E6DD-A5FC-789F3FBEF351}
2016-12-25 12:50 . 2016-12-25 12:50 -------- d-----w- c:\users\Armaan\AppData\Local\sece
2016-12-25 12:50 . 2017-01-08 05:04 -------- d-----w- c:\program files\ByteFence
2016-12-25 12:49 . 2016-12-25 12:49 -------- d-----w- c:\users\Armaan\AppData\Local\Buyhatke
2016-12-24 20:21 . 2016-12-24 20:21 -------- d-----w- c:\programdata\NCH Software
2016-12-24 20:21 . 2016-12-24 20:21 -------- d-----w- c:\program files (x86)\NCH Software
2016-12-24 20:21 . 2016-12-24 20:21 43472 ----a-w- c:\windows\system32\drivers\voxaldriverx64.sys
2016-12-24 20:21 . 2016-12-24 20:21 -------- d-----w- c:\users\Armaan\AppData\Roaming\NCH Software
2016-12-23 18:29 . 2016-12-23 18:53 -------- d-----w- c:\program files (x86)\Counter-Strike 1.6 OMONAS
2016-12-23 18:24 . 2016-12-23 18:24 21656 ----a-w- c:\windows\system32\drivers\evolve.sys
2016-12-23 18:22 . 2016-12-23 18:22 -------- d-----w- c:\program files\Echobit
2016-12-23 18:20 . 2016-12-23 18:20 -------- d-----w- c:\programdata\Echobit
2016-12-23 18:20 . 2016-12-23 18:20 -------- d-----w- c:\users\Armaan\AppData\Local\Echobit
2016-12-20 11:52 . 2016-12-27 13:47 -------- d-----w- c:\users\Armaan\VirtualBox VMs
2016-12-20 11:48 . 2017-01-08 08:00 -------- d-----w- c:\users\Armaan\.VirtualBox
2016-12-20 11:47 . 2016-11-21 12:15 933088 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2016-12-20 11:47 . 2016-11-21 12:14 150280 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2016-12-20 11:47 . 2016-12-20 11:47 -------- d-----w- c:\program files\Oracle
2016-12-17 16:56 . 2016-12-17 16:56 -------- d-----w- c:\program files\ParkControl
2016-12-17 15:12 . 2016-12-17 15:12 -------- d-----w- c:\programdata\TurboVPN
2016-12-17 15:10 . 2015-05-29 04:15 33248 ----a-w- c:\windows\system32\drivers\gwdrv.sys
2016-12-17 15:10 . 2016-12-17 15:10 -------- d-----w- c:\program files (x86)\GlassWire
2016-12-17 15:08 . 2016-12-13 08:50 36736 ----a-w- c:\windows\system32\drivers\pwftap.sys
2016-12-16 20:38 . 2016-12-16 20:41 -------- d-----w- c:\users\Armaan\AppData\Roaming\FILEminimizerPictures
2016-12-16 20:38 . 2016-12-16 20:38 -------- d-----w- c:\program files (x86)\FILEminimizer Pictures
2016-12-14 10:53 . 2016-12-10 02:09 2267088 ----a-w- c:\windows\system32\Wacom_Touch_Tablet.dll
2016-12-14 10:53 . 2016-12-10 02:09 1781200 ----a-w- c:\windows\SysWow64\Wacom_Touch_Tablet.dll
2016-12-14 10:53 . 2016-12-10 02:09 1787856 ----a-w- c:\windows\SysWow64\Wacom_Tablet.dll
2016-12-14 10:53 . 2016-12-10 02:09 2273744 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2016-12-11 16:42 . 2016-09-17 00:12 44144 ----a-w- c:\windows\system32\drivers\rzpmgrk.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-08 00:30 . 2012-07-17 09:07 24800 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2016-12-14 19:15 . 2016-10-16 12:08 135632432 -c--a-w- c:\windows\system32\MRT.exe
2016-12-10 02:09 . 2015-11-03 12:04 2111440 ----a-w- c:\windows\system32\Wintab32.dll
2016-12-10 02:09 . 2015-11-03 12:04 2172880 ----a-w- c:\windows\system32\WacomMT.dll
2016-12-10 02:09 . 2015-11-03 12:04 1632208 ----a-w- c:\windows\SysWow64\Wintab32.dll
2016-12-10 02:09 . 2015-11-03 12:04 1672656 ----a-w- c:\windows\SysWow64\WacomMT.dll
2016-12-07 13:52 . 2016-12-08 02:09 387856 ----a-w- c:\windows\SysWow64\EasyAntiCheat.exe
2016-12-03 12:53 . 2016-02-24 18:05 348360 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2016-12-03 12:53 . 2015-11-01 17:05 348360 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2016-12-03 12:53 . 2015-11-01 17:05 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2016-12-02 20:42 . 2016-12-08 18:12 46024 ----a-w- c:\windows\system32\nvhdap64.dll
2016-12-02 20:42 . 2016-12-08 18:12 212936 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2016-12-02 20:42 . 2016-09-23 17:39 1595456 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2016-12-01 19:52 . 2016-12-08 18:12 9151400 ----a-w- c:\windows\SysWow64\nvopencl.dll
2016-12-01 19:52 . 2016-12-08 18:12 8913328 ----a-w- c:\windows\SysWow64\nvptxJitCompiler.dll
2016-12-01 19:52 . 2016-12-08 18:12 491536 ----a-w- c:\windows\system32\nvumdshimx.dll
2016-12-01 19:52 . 2016-12-08 18:12 438208 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2016-12-01 19:52 . 2016-12-08 18:12 407064 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2016-12-01 19:52 . 2016-12-08 18:12 390200 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2016-12-01 19:52 . 2016-12-08 18:12 34703416 ----a-w- c:\windows\system32\nvoglv64.dll
2016-12-01 19:52 . 2016-12-08 18:12 28137920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2016-12-01 19:52 . 2016-12-08 18:12 17373312 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2016-12-01 19:52 . 2016-12-08 18:12 170872 ----a-w- c:\windows\system32\nvinitx.dll
2016-12-01 19:52 . 2016-12-08 18:12 153184 ----a-w- c:\windows\system32\nvoglshim64.dll
2016-12-01 19:52 . 2016-12-08 18:12 148200 ----a-w- c:\windows\SysWow64\nvinit.dll
2016-12-01 19:52 . 2016-12-08 18:12 14055360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2016-12-01 19:52 . 2016-12-08 18:12 131536 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2016-12-01 19:52 . 2016-12-08 18:12 10912744 ----a-w- c:\windows\system32\nvptxJitCompiler.dll
2016-12-01 19:52 . 2016-12-08 18:12 10795312 ----a-w- c:\windows\system32\nvopencl.dll
2016-12-01 19:52 . 2016-12-08 18:12 974272 ----a-w- c:\windows\SysWow64\NvFBC.dll
2016-12-01 19:52 . 2016-12-08 18:12 943552 ----a-w- c:\windows\system32\NvIFR64.dll
2016-12-01 19:52 . 2016-12-08 18:12 895424 ----a-w- c:\windows\SysWow64\NvIFR.dll
2016-12-01 19:52 . 2016-12-08 18:12 8754160 ----a-w- c:\windows\SysWow64\nvcuda.dll
2016-12-01 19:52 . 2016-12-08 18:12 683824 ----a-w- c:\windows\system32\nvfatbinaryLoader.dll
2016-12-01 19:52 . 2016-12-08 18:12 573072 ----a-w- c:\windows\SysWow64\nvfatbinaryLoader.dll
2016-12-01 19:52 . 2016-12-08 18:12 521096 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2016-12-01 19:52 . 2016-12-08 18:12 435904 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2016-12-01 19:52 . 2016-12-08 18:12 40125496 ----a-w- c:\windows\system32\nvcompiler.dll
2016-12-01 19:52 . 2016-12-08 18:12 3645496 ----a-w- c:\windows\system32\nvcuvid.dll
2016-12-01 19:52 . 2016-12-08 18:12 35222976 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2016-12-01 19:52 . 2016-12-08 18:12 3206592 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2016-12-01 19:52 . 2016-12-08 18:12 1951680 ----a-w- c:\windows\system32\nvdispco6437619.dll
2016-12-01 19:52 . 2016-12-08 18:12 1586744 ----a-w- c:\windows\system32\nvdispgenco6437619.dll
2016-12-01 19:52 . 2016-12-08 18:12 1036736 ----a-w- c:\windows\system32\NvFBC64.dll
2016-12-01 19:52 . 2016-12-08 18:12 10346208 ----a-w- c:\windows\system32\nvcuda.dll
2016-12-01 19:52 . 2016-11-10 20:15 17440744 ----a-w- c:\windows\system32\nvd3dumx.dll
2016-12-01 19:52 . 2016-05-29 10:19 19948848 ----a-w- c:\windows\system32\nvwgf2umx.dll
2016-12-01 19:52 . 2016-05-29 10:19 3941536 ----a-w- c:\windows\system32\nvapi64.dll
2016-12-01 19:52 . 2016-05-29 10:19 3479560 ----a-w- c:\windows\SysWow64\nvapi.dll
2016-12-01 19:52 . 2016-05-29 10:19 14410120 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2016-12-01 17:33 . 2016-12-08 18:14 1951 ----a-w- c:\windows\NvContainerRecovery.bat
2016-12-01 17:32 . 2016-05-29 10:21 6384576 ----a-w- c:\windows\system32\nvcpl.dll
2016-12-01 17:32 . 2016-05-29 10:21 2475968 ----a-w- c:\windows\system32\nvsvc64.dll
2016-12-01 17:32 . 2016-05-29 10:21 83512 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-12-01 17:32 . 2016-05-29 10:21 69568 ----a-w- c:\windows\system32\nvshext.dll
2016-12-01 17:32 . 2016-05-29 10:21 546752 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-12-01 17:32 . 2016-05-29 10:21 393784 ----a-w- c:\windows\system32\nvmctray.dll
2016-12-01 17:32 . 2016-05-29 10:21 1762752 ----a-w- c:\windows\system32\nvsvcr.dll
2016-12-01 17:04 . 2016-12-08 18:15 134712 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2016-11-30 09:34 . 2016-05-29 10:21 7607057 ----a-w- c:\windows\system32\nvcoproc.bin
2016-11-29 17:04 . 2016-11-29 17:04 28352 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2016-11-29 17:04 . 2016-11-29 17:04 19112 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2016-11-29 17:04 . 2016-11-29 17:04 19112 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2016-11-29 17:04 . 2016-11-29 17:04 19112 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2016-11-29 16:57 . 2016-11-29 16:57 30400 ----a-w- c:\windows\system32\aspnet_counters.dll
2016-11-29 16:57 . 2016-11-29 16:57 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2016-11-29 16:57 . 2016-11-29 16:57 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2016-11-29 16:57 . 2016-11-29 16:57 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2016-11-26 15:04 . 2016-11-26 15:04 8107 ----a-w- c:\windows\w7dsd.reg
2016-11-26 15:04 . 2016-11-26 15:04 8089 ----a-w- c:\windows\w7dse.reg
2016-11-26 15:04 . 2016-11-26 15:04 275360 ----a-w- c:\windows\system32\DreamScene.dll
2016-11-25 22:13 . 2015-11-01 17:04 76152 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2016-11-25 12:35 . 2015-12-17 16:38 86248 ----a-w- c:\windows\SysWow64\drivers\360AvFlt.sys
2016-11-25 12:35 . 2015-05-05 17:30 330472 ----a-w- c:\windows\system32\drivers\360Box64.sys
2016-11-25 12:35 . 2015-05-05 17:29 86248 ----a-w- c:\windows\system32\drivers\360AvFlt.sys
2016-11-21 12:14 . 2016-11-21 12:14 206416 ----a-w- c:\windows\system32\drivers\VBoxNetLwf.sys
2016-11-21 12:14 . 2016-11-21 12:14 132120 ----a-w- c:\windows\system32\drivers\VBoxNetAdp6.sys
2016-11-10 10:46 . 2016-11-10 10:46 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2016-11-02 15:36 . 2016-11-09 06:42 382696 ----a-w- c:\windows\system32\atmfd.dll
2016-11-02 15:32 . 2016-11-09 06:42 41472 ----a-w- c:\windows\system32\lpk.dll
2016-11-02 15:32 . 2016-11-09 06:42 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-11-02 15:32 . 2016-11-09 06:42 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-11-02 15:32 . 2016-11-09 06:42 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-11-02 15:22 . 2016-11-09 06:42 308456 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-11-02 15:16 . 2016-11-09 06:42 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-11-02 15:16 . 2016-11-09 06:42 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-11-02 15:16 . 2016-11-09 06:42 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-11-02 14:53 . 2016-11-09 06:42 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-10-26 10:59 . 2010-11-21 03:27 485032 ------w- c:\windows\system32\MpSigStub.exe
2016-10-25 21:39 . 2016-11-10 20:15 1953336 ----a-w- c:\windows\system32\nvdispco6437570.dll
2016-10-25 21:39 . 2016-11-10 20:15 1586744 ----a-w- c:\windows\system32\nvdispgenco6437570.dll
2016-10-18 07:25 . 2016-10-18 07:25 48760 ----a-w- c:\windows\SysWow64\RzAPIChromaSDK.dll
2016-10-18 07:25 . 2016-10-18 07:25 114288 ----a-w- c:\windows\system32\RzChromaSDK64.dll
2016-10-18 07:25 . 2016-10-18 07:25 105072 ----a-w- c:\windows\SysWow64\RzChromaSDK.dll
2016-10-16 13:13 . 2015-05-05 14:35 401 ----a-w- c:\windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-10-15 15:31 . 2016-11-09 06:42 976896 ----a-w- c:\windows\system32\inetcomm.dll
2016-10-15 15:31 . 2016-11-09 06:42 84480 ----a-w- c:\windows\system32\INETRES.dll
2016-10-15 15:13 . 2016-11-09 06:42 741888 ----a-w- c:\windows\SysWow64\inetcomm.dll
2016-10-15 15:13 . 2016-11-09 06:42 84480 ----a-w- c:\windows\SysWow64\INETRES.dll
2016-10-11 15:31 . 2016-11-09 06:42 1068544 ----a-w- c:\windows\system32\msctf.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 211264 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 211264 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 211264 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 211264 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 211264 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 211264 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 211264 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 211264 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2016-01-20 8547320]
"Steam"="d:\program files\Steam\steam.exe" [2016-12-20 2876704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QHSafeTray"="c:\program files (x86)\360\Total Security\safemon\QHSafeTray.exe" [2016-12-09 1921448]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-02-21 292848]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2016-11-04 596640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" -atboottime
"Dropbox"="c:\program files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Origin Web Helper Service;Origin Web Helper Service;c:\program files (x86)\Origin\OriginWebHelperService.exe;c:\program files (x86)\Origin\OriginWebHelperService.exe [x]
R3 360AntiHacker;360Safe Anti Hacker Service;c:\windows\system32\Drivers\360AntiHacker64.sys;c:\windows\SYSNATIVE\Drivers\360AntiHacker64.sys [x]
R3 360AvFlt;360AvFlt mini-filter driver;c:\windows\system32\DRIVERS\360AvFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360AvFlt.sys [x]
R3 360Camera;360Safe Camera Filter Service;c:\windows\system32\Drivers\360Camera64.sys;c:\windows\SYSNATIVE\Drivers\360Camera64.sys [x]
R3 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R3 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
R3 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
R3 GPU-Z;GPU-Z;c:\users\Armaan\AppData\Local\Temp\GPU-Z.sys;c:\users\Armaan\AppData\Local\Temp\GPU-Z.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 KINONI_Wave;Kinoni Audio Source;c:\windows\system32\drivers\kinonivad.sys;c:\windows\SYSNATIVE\drivers\kinonivad.sys [x]
R3 kinonivd;Kinoni Video Source;c:\windows\system32\DRIVERS\kinonivd.sys;c:\windows\SYSNATIVE\DRIVERS\kinonivd.sys [x]
R3 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
R3 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 PAExec;PAExec;c:\windows\PAExec.exe;c:\windows\PAExec.exe [x]
R3 PornTime Updater;PornTime Updater;c:\users\Armaan\AppData\Roaming\PT\updater.exe;c:\users\Armaan\AppData\Roaming\PT\updater.exe [x]
R3 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VSStandardCollectorService140;Visual Studio Standard Collector Service;c:\program files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe;c:\program files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 dbupdate;Dropbox Update Service (dbupdate);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R4 dbupdatem;Dropbox Update Service (dbupdatem);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R4 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 360Box64;360Box mini-filter driver;c:\windows\system32\DRIVERS\360Box64.sys;c:\windows\SYSNATIVE\DRIVERS\360Box64.sys [x]
S1 360FsFlt;360FsFlt mini-filter driver;c:\windows\system32\DRIVERS\360FsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360FsFlt.sys [x]
S1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV64.sys;c:\windows\SYSNATIVE\DRIVERS\BAPIDRV64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrvx64.sys;c:\windows\SYSNATIVE\drivers\rsdrvx64.sys [x]
S1 gwdrv;GlassWire Driver;c:\windows\system32\DRIVERS\gwdrv.sys;c:\windows\SYSNATIVE\DRIVERS\gwdrv.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service;c:\windows\system32\DRIVERS\VBoxNetAdp6.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp6.sys [x]
S1 VBoxNetLwf;VirtualBox NDIS6 Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetLwf.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetLwf.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 ByteFenceService;ByteFence Anti-Malware Service;c:\program files\ByteFence\ByteFenceService.exe;c:\program files\ByteFence\ByteFenceService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DisplayFusionService;DisplayFusionService;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe [x]
S2 GlassWire;GlassWire Control Service;c:\program files (x86)\GlassWire\GWCtlSrv.exe;c:\program files (x86)\GlassWire\GWCtlSrv.exe [x]
S2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 IWRecoveryService;IWRecoveryService;c:\program files (x86)\Enigma Recovery\RecoveryService.exe;c:\program files (x86)\Enigma Recovery\RecoveryService.exe [x]
S2 LGCoreTemp;Logitech CPU Core Tempurature;c:\program files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys;c:\program files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [x]
S2 LogiRegistryService;Logitech Gaming Registry Service;c:\program files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe;c:\program files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [x]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 QHActiveDefense;360 Total Security;c:\program files (x86)\360\Total Security\safemon\QHActiveDefense.exe;c:\program files (x86)\360\Total Security\safemon\QHActiveDefense.exe [x]
S2 Razer Chroma SDK Service;Razer Chroma SDK Service;c:\program files (x86)\Razer Chroma SDK\bin\RzSDKService.exe;c:\program files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [x]
S2 rtop;ByteFence Security Real-time Protection;c:\program files\ByteFence\rtop\bin\rtop_svc.exe;c:\program files\ByteFence\rtop\bin\rtop_svc.exe [x]
S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Cortex\RzKLService.exe;c:\program files (x86)\Razer\Razer Cortex\RzKLService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 TurboVpnSvc;TurboVpnSvc;c:\program files (x86)\360\TurboVPN\vpn\VpnProc.exe;c:\program files (x86)\360\TurboVPN\vpn\VpnProc.exe [x]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGJoyXlCore;Logitech Translation Layer Driver (LGS);c:\windows\system32\drivers\LGJoyXlCore.sys;c:\windows\SYSNATIVE\drivers\LGJoyXlCore.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 pwftap;PRIVATE WiFi Adapter;c:\windows\system32\DRIVERS\pwftap.sys;c:\windows\SYSNATIVE\DRIVERS\pwftap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzdaendpt.sys [x]
S3 rzjstk;Razer Virtual Joystick Driver;c:\windows\system32\DRIVERS\rzjstk.sys;c:\windows\SYSNATIVE\DRIVERS\rzjstk.sys [x]
S3 rzkeypadendpt;Razer Keypad Endpoint;c:\windows\system32\DRIVERS\rzkeypadendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzkeypadendpt.sys [x]
S3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
S3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys;c:\windows\SYSNATIVE\DRIVERS\rzvkeyboard.sys [x]
S3 ScpVBus;Scp Virtual Bus Driver;c:\windows\system32\DRIVERS\ScpVBus.sys;c:\windows\SYSNATIVE\DRIVERS\ScpVBus.sys [x]
S3 voxaldriver;Voxal Filter Driver 2.12.01;c:\windows\system32\DRIVERS\voxaldriverx64.sys;c:\windows\SYSNATIVE\DRIVERS\voxaldriverx64.sys [x]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-11-30 11:29 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-11-30 11:29 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-11-30 11:29 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 255296 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 255296 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 255296 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 255296 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 255296 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 255296 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 255296 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 255296 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-05-02 2398776]
"Malwarebytes TrayApp"="c:\program files\Malwarebytes\Anti-Malware\mbamtray.exe" [2016-12-14 2776528]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: hola.org
TCP: Interfaces\{A8F55055-B156-4232-BC99-183A5CD27C30}: NameServer = 125.22.47.125,208.67.220.220
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher_v1013.cab
FF - ProfilePath - c:\users\Armaan\AppData\Roaming\Mozilla\Firefox\Profiles\8k4r9otw.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Powered
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-MBAMService
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Tablet\Wacom\WacomHost.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files\Tablet\Wacom\WacomHost.exe
c:\program files (x86)\360\Total Security\safemon\QHWatchdog.exe
c:\program files (x86)\GlassWire\GWIdlMon.exe
c:\program files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\ByteFence\rtop\bin\rtop_bg.exe
c:\program files\Tablet\Pen\WacomHost.exe
.
**************************************************************************
.
Completion time: 2017-01-08  19:23:37 - machine was rebooted
ComboFix-quarantined-files.txt  2017-01-08 13:53
.
Pre-Run: 143,619,911,680 bytes free
Post-Run: 142,302,224,384 bytes free
.
- - End Of File - - 30BDCEEBB407356F7EB4F4C48AFAFE17
A36C5E4F47E84449FF07ED3517B43A31

 

 
ADWCLEANER
 
# AdwCleaner v6.042 - Logfile created 08/01/2017 at 19:29:30
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-06.1 [Local]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Armaan - ARMAAN-PC
# Running from : d:\Users\Armaan\Desktop\adwcleaner_6.042.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: rtop
[-] Service deleted: ByteFenceService
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Program Files\ByteFence
[-] Folder deleted: C:\ProgramData\ByteFence
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ByteFence
 
 
***** [ Files ] *****
 
[-] File deleted: d:\Users\Armaan\Desktop\ReimageRepair.exe
[-] File deleted: C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
[-] File deleted: C:\Windows\Reimage.ini
[-] File deleted: C:\Users\Armaan\AppData\Roaming\Mozilla\Firefox\Profiles\8k4r9otw.default\invalidprefs.js
[-] File deleted: C:\Users\Armaan\AppData\Roaming\Mozilla\Firefox\Profiles\8k4r9otw.default\searchplugins\yahoo! powered.xml
[#] File deleted: C:\Users\Armaan\AppData\Roaming\Mozilla\Firefox\Profiles\8k4r9otw.default\SEARCHPLUGINS\YAHOO! POWERED.XML
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
[-] Task deleted: ByteFence
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ByteFenceService
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ByteFenceService
[-] Key deleted: HKU\S-1-5-21-1351149785-2601683063-1537726602-1000\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-1351149785-2601683063-1537726602-1000\Software\csastats
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\csastats
[-] Key deleted: HKLM\SOFTWARE\ByteFence
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
[#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: [x64] HKCU\Software\csastats
[-] Key deleted: [x64] HKLM\SOFTWARE\ByteFence
[-] Key deleted: [x64] HKLM\SOFTWARE\Reimage
[-] Key deleted: HKU\S-1-5-21-1351149785-2601683063-1537726602-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD}
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
[-] Key deleted: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
 
 
***** [ Web browsers ] *****
 
[-] Chrome preferences cleaned: "browser.search.defaultenginename" -  "Yahoo! Powered"
[-] Chrome preferences cleaned: "browser.search.selectedEngine" -  "Yahoo! Powered"
[-] [C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pilplloabdedfmialnfchjomjmpjcoej
[-] [C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://start.mysearchdial.com/?f=1&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzyzy0CzztD0A0CtCyByDyCtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyDyD0AtByC0ByDtGtCzz0DtCtG0D0ByDzztGyDtB0EtAtGtB0DtAtDzz0E0AtAtDtCtA0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0A0B0F0DtDtDyCtGyE0AyByDtG0FtDtDyCtGyEtAyE0BtGtD0FyEyD0B0DyCyE0A0AyDzz2Q&cr=806343554&ir=
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [3189 Bytes] - [30/09/2016 16:22:27]
C:\AdwCleaner\AdwCleaner[C2].txt - [4361 Bytes] - [08/01/2017 19:29:30]
C:\AdwCleaner\AdwCleaner[S0].txt - [2520 Bytes] - [30/09/2016 16:00:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [2834 Bytes] - [30/09/2016 16:20:37]
C:\AdwCleaner\AdwCleaner[S2].txt - [4102 Bytes] - [08/01/2017 14:14:35]
C:\AdwCleaner\AdwCleaner[S3].txt - [4385 Bytes] - [08/01/2017 19:28:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [4726 Bytes] ##########
 
 


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:50 AM

Posted 09 January 2017 - 07:46 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.

Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***

:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***

:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***

:step3: Please download]
Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log ([b]Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

--- ---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:50 AM

Posted 12 January 2017 - 01:22 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Thread will be closed if no response after 3 days.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#4 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:50 AM

Posted 14 January 2017 - 06:01 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users