Solved goinf.ru and other redirect sites

[LeSupport]

Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\ProgramData\Digi Net Mobile\OnlineUpdate\ouc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(HPP) C:\Program Files (x86)\HPProtector\HPProtectorSrv.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\nope\Downloads\adwcleaner_5.200.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-x64-V5.37.exe
(Microsoft Corporation) C:\Windows\System32\MRT.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3857512 2015-11-16] (Synaptics Incorporated)
HKU\S-1-5-21-3689709291-3500409165-2341359289-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd)
HKU\S-1-5-21-3689709291-3500409165-2341359289-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53130368 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3689709291-3500409165-2341359289-1000\...\MountPoints2: {2ae80ffe-318d-11e6-8879-002713b20253} - F:\AutoRun.exe
HKU\S-1-5-21-3689709291-3500409165-2341359289-1000\...\MountPoints2: {be0ba0fa-2f24-11e6-9507-0026c6b142b4} - E:\AutoRun.exe
HKU\S-1-5-21-3689709291-3500409165-2341359289-1000\...\MountPoints2: {be0ba10d-2f24-11e6-9507-0026c6b142b4} - F:\AutoRun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3689709291-3500409165-2341359289-1000] => cache.ase.ro:8080
Tcpip\Parameters: [DhcpNameServer] 193.231.252.1 213.154.124.1
Tcpip\..\Interfaces\{2F36780C-CC95-495A-B3A4-5376940CE737}: [NameServer]  
Tcpip\..\Interfaces\{3DEF25E2-F306-490C-96CD-7909F7CF85F5}: [NameServer]  
Tcpip\..\Interfaces\{9E15EEA7-7493-4640-A140-C10607B255E3}: [DhcpNameServer] 193.231.252.1 213.154.124.1

Internet Explorer:
==================
HKU\S-1-5-21-3689709291-3500409165-2341359289-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.ro/
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-10] (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://[URL="http://www.google.ca/"]www.google.ca/[/URL]
CHR StartupUrls: Default -> "hxxps://[URL="http://www.google.ro/"]www.google.ro/[/URL]"
CHR Profile: C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-10]
CHR Extension: (Google Docs) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-10]
CHR Extension: (Google Drive) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-10]
CHR Extension: (YouTube) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-10]
CHR Extension: (Google Sheets) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-10]
CHR Extension: (Google Docs Offline) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-11]
CHR Extension: (AdBlock) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-10]
CHR Extension: (Gmail) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Digi Net Mobile. RunOuc; C:\Program Files (x86)\Digi Net Mobile\UpdateDog\ouc.exe [655712 2012-03-16] ()
R2 HPProtector Service; C:\Program Files (x86)\HPProtector\HPProtectorSrv.exe [2294432 2016-06-13] (HPP)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-12-03] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386160 2012-12-03] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2016-06-12] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [238080 2012-04-23] (Huawei Technologies Co., Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [41576 2015-11-16] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2016-06-16] (SlimWare Utilities, Inc.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-16 18:41 - 2016-06-16 18:42 - 00009434 _____ C:\Users\nope\Downloads\FRST.txt
2016-06-16 18:41 - 2016-06-16 18:41 - 00000000 ____D C:\FRST
2016-06-16 18:40 - 2016-06-16 18:40 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-16 18:40 - 2016-06-16 18:40 - 02385920 _____ (Farbar) C:\Users\nope\Downloads\FRST64.exe
2016-06-16 18:40 - 2016-06-16 18:40 - 00000000 ____D C:\Windows\system32\MRT
2016-06-16 18:40 - 2016-06-16 18:40 - 00000000 ____D C:\Windows\LastGood
2016-06-16 18:22 - 2016-06-16 18:22 - 00007168 _____ (Microsoft Corporation) C:\Users\nope\Downloads\DllHost.exe
2016-06-16 18:17 - 2016-06-16 18:17 - 00388608 _____ (Trend Micro Inc.) C:\Users\nope\Downloads\HijackThis.exe
2016-06-16 18:14 - 2012-06-03 01:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-06-16 18:14 - 2012-06-03 01:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-06-16 18:14 - 2012-06-03 01:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-06-16 18:14 - 2012-06-03 01:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-06-16 18:14 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-06-16 18:14 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-06-16 18:12 - 2016-06-16 18:13 - 00002004 _____ C:\Users\nope\Desktop\Rkill.txt
2016-06-16 18:10 - 2016-06-16 18:11 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\nope\Downloads\rkill.exe
2016-06-16 17:52 - 2016-06-16 17:52 - 00016056 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2016-06-16 17:52 - 2016-06-16 17:52 - 00000000 ____D C:\Users\nope\AppData\Local\SlimWare Utilities Inc
2016-06-16 17:41 - 2016-06-16 18:39 - 00000000 ____D C:\AdwCleaner
2016-06-16 17:41 - 2016-06-16 17:41 - 03703360 _____ C:\Users\nope\Downloads\adwcleaner_5.200.exe
2016-06-16 17:36 - 2016-06-16 17:36 - 00000000 ____D C:\KVRT_Data
2016-06-16 17:04 - 2016-06-16 17:14 - 98217296 _____ (Kaspersky Lab ZAO) C:\Users\nope\Downloads\KVRT.exe
2016-06-16 17:01 - 2016-06-16 17:01 - 00002318 _____ C:\Users\nope\Downloads\KMSpico Activator for Windows 8-7-Vista + Office 2013-2010 - MDL (2).torrent
2016-06-16 17:00 - 2016-06-16 17:00 - 00039068 _____ C:\Users\nope\Downloads\Microsoft Office 2013 SP1 Professional Plus 15.0.4719.1000.torrent
2016-06-16 17:00 - 2016-06-16 17:00 - 00000000 ____D C:\Users\nope\AppData\LocalLow\uTorrent
2016-06-16 15:58 - 2016-06-16 15:58 - 01089536 _____ C:\Users\nope\Downloads\MACRO Curs Indicatori macro si fluxul circular al venitului.ppt
2016-06-16 15:58 - 2016-06-16 15:58 - 01089536 _____ C:\Users\nope\Downloads\MACRO Curs Indicatori macro si fluxul circular al venitului (1).ppt
2016-06-16 15:42 - 2016-06-16 15:42 - 00007610 _____ C:\Users\nope\AppData\Local\Resmon.ResmonCfg
2016-06-14 22:16 - 2016-06-16 17:53 - 00000000 ____D C:\Users\nope\AppData\Roaming\Skype
2016-06-14 22:15 - 2016-06-14 22:15 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-06-14 22:15 - 2016-06-14 22:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-14 22:15 - 2016-06-14 22:15 - 00000000 ____D C:\ProgramData\Skype
2016-06-14 22:15 - 2016-06-14 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-06-14 22:14 - 2016-06-14 22:14 - 41774720 _____ (Skype Technologies S.A.) C:\Users\nope\Downloads\SkypeSetupFull.exe
2016-06-14 15:05 - 2016-06-16 17:01 - 00000000 ____D C:\cacaturi
2016-06-14 15:05 - 2016-06-14 15:05 - 00002318 _____ C:\Users\nope\Downloads\KMSpico Activator for Windows 8-7-Vista + Office 2013-2010 - MDL (1).torrent
2016-06-14 15:04 - 2016-06-14 15:04 - 00000000 ___SD C:\Users\nope\AppData\LocalLow\Temp
2016-06-14 15:03 - 2016-06-14 15:03 - 00002640 _____ C:\Users\nope\Desktop\µTorrent.lnk
2016-06-14 15:03 - 2016-06-14 15:03 - 00002640 _____ C:\Users\nope\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-06-14 15:02 - 2016-06-16 17:33 - 00000000 ____D C:\Users\nope\AppData\Roaming\uTorrent
2016-06-14 15:01 - 2016-06-14 15:01 - 02530304 _____ (BitTorrent Inc.) C:\Users\nope\Downloads\uTorrent.exe
2016-06-14 15:01 - 2016-06-14 15:01 - 00002318 _____ C:\Users\nope\Downloads\KMSpico Activator for Windows 8-7-Vista + Office 2013-2010 - MDL.torrent
2016-06-14 12:54 - 2016-06-14 12:54 - 340297097 _____ C:\Windows\MEMORY.DMP
2016-06-14 12:54 - 2016-06-14 12:54 - 01653984 _____ C:\Windows\Minidump\061416-23056-01.dmp
2016-06-14 12:54 - 2016-06-14 12:54 - 00000000 ____D C:\Windows\Minidump
2016-06-14 00:16 - 2016-06-14 00:16 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\nope\Downloads\sh-remover (1).exe
2016-06-14 00:15 - 2016-06-14 00:15 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\nope\Downloads\sh-remover.exe
2016-06-14 00:05 - 2016-06-14 00:05 - 00000000 ____D C:\Windows\pss
2016-06-13 23:46 - 2016-06-13 23:46 - 00000304 _____ C:\Users\nope\Downloads\shpatch.bat
2016-06-13 23:08 - 2016-06-13 23:08 - 00000258 __RSH C:\Users\nope\ntuser.pol
2016-06-13 22:55 - 2016-06-13 22:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-13 22:54 - 2016-06-13 22:54 - 22851472 _____ (Malwarebytes ) C:\Users\nope\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-13 22:51 - 2016-06-13 22:51 - 00001536 __RSH C:\ProgramData\ntuser.pol
2016-06-13 22:50 - 2016-06-13 22:50 - 00001945 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2016-06-13 22:50 - 2016-06-13 22:50 - 00001939 _____ C:\Users\nope\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
2016-06-13 22:50 - 2016-06-13 22:50 - 00001939 _____ C:\Users\nope\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr (64-bit).lnk
2016-06-13 22:50 - 2016-06-13 22:50 - 00001933 _____ C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
2016-06-13 22:50 - 2016-06-13 22:50 - 00000000 ____D C:\Program Files (x86)\HPProtector
2016-06-13 16:41 - 2016-06-16 17:36 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-06-13 16:41 - 2016-06-13 16:41 - 02218504 _____ C:\Users\nope\Downloads\instspeedfan451.exe
2016-06-13 16:41 - 2016-06-13 16:41 - 00001011 _____ C:\Users\nope\Desktop\SpeedFan.lnk
2016-06-13 16:41 - 2016-06-13 16:41 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2016-06-13 16:41 - 2016-06-13 16:41 - 00000000 ____D C:\Users\nope\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2016-06-12 21:22 - 2016-06-12 21:22 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-06-12 21:22 - 2016-06-12 21:22 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-06-12 21:22 - 2016-06-12 21:22 - 00000000 ____D C:\Program Files\Synaptics
2016-06-12 21:21 - 2015-11-16 13:53 - 00761448 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2016-06-12 21:21 - 2015-11-16 13:53 - 00417384 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2016-06-12 21:21 - 2015-11-16 13:53 - 00263784 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2016-06-12 21:21 - 2015-11-16 13:53 - 00220776 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo20.dll
2016-06-12 21:21 - 2015-11-16 13:52 - 00585832 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2016-06-12 21:21 - 2015-11-16 13:52 - 00041576 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2016-06-12 21:21 - 2013-04-16 18:33 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2016-06-12 21:12 - 2016-06-12 21:12 - 00000000 ____D C:\SWSetup
2016-06-12 21:12 - 2016-06-12 21:12 - 00000000 ____D C:\ProgramData\HP HSPA+ Mobile Broadband
2016-06-12 21:11 - 2013-05-16 11:45 - 00552760 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2016-06-12 21:11 - 2006-01-12 15:52 - 00001904 ____N C:\Windows\system32\SetupBD.din
2016-06-12 21:08 - 2016-06-12 21:08 - 00000000 ____D C:\Intel
2016-06-12 21:08 - 2013-08-21 15:16 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2016-06-12 21:00 - 2011-10-20 11:24 - 00302296 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1y62x64.sys
2016-06-12 21:00 - 2011-09-29 01:49 - 00098496 _____ (Intel Corporation) C:\Windows\system32\NicInstY.dll
2016-06-12 21:00 - 2009-05-26 10:05 - 00036472 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll
2016-06-12 21:00 - 2009-03-05 16:52 - 00003315 _____ C:\Windows\system32\e1y62x64.din
2016-06-12 21:00 - 2007-12-14 13:06 - 00121440 _____ (Intel Corporation) C:\Windows\system32\e1000msg.dll
2016-06-12 20:42 - 2016-06-12 20:42 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2016-06-12 20:42 - 2016-06-12 20:42 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2016-06-12 20:42 - 2016-06-12 20:42 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2016-06-12 20:42 - 2016-06-12 20:42 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2016-06-12 20:41 - 2016-06-12 20:41 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2016-06-12 20:41 - 2016-06-12 20:41 - 00000000 ____D C:\Users\nope\AppData\Roaming\Intel
2016-06-12 20:40 - 2016-06-12 21:08 - 00000000 ____D C:\Program Files (x86)\Intel
2016-06-12 20:40 - 2016-06-12 20:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2016-06-12 20:40 - 2016-06-12 20:40 - 00000000 ____D C:\ProgramData\Intel
2016-06-12 20:40 - 2016-06-12 20:40 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-06-12 20:40 - 2016-06-12 20:40 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-06-12 20:39 - 2016-06-12 20:41 - 00000000 ____D C:\Program Files\Intel
2016-06-12 20:39 - 2016-06-12 20:39 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-12 20:37 - 2016-06-12 20:37 - 00000000 ____D C:\SWTOOLS
2016-06-12 19:44 - 2016-06-16 17:53 - 00002880 _____ C:\Windows\System32\Tasks\SlimDrivers Startup
2016-06-12 19:44 - 2016-06-16 17:53 - 00000432 _____ C:\Windows\Tasks\SlimDrivers Startup.job
2016-06-12 19:44 - 2016-06-12 19:44 - 00981592 _____ (SlimWare Utilities, Inc.) C:\Users\nope\Downloads\SlimDrivers-setup.exe
2016-06-12 19:44 - 2016-06-12 19:44 - 00002483 _____ C:\Users\Public\Desktop\SlimDrivers.lnk
2016-06-12 19:44 - 2016-06-12 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
2016-06-12 19:44 - 2016-06-12 19:44 - 00000000 ____D C:\Program Files (x86)\SlimDrivers
2016-06-12 19:41 - 2016-06-12 19:42 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2016-06-12 19:41 - 2016-06-12 19:41 - 00270912 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2016-06-12 19:41 - 2016-06-12 19:41 - 00001954 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-06-12 19:41 - 2016-06-12 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2016-06-12 00:24 - 2016-06-12 00:24 - 00330853 _____ C:\Users\nope\Downloads\RealTemp_370.zip
2016-06-12 00:24 - 2016-06-12 00:24 - 00000000 ____D C:\Users\nope\Downloads\RealTemp_370
2016-06-11 23:18 - 2016-04-21 15:05 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-11 05:51 - 2016-06-11 04:54 - 00000000 ____D C:\Windows\Panther
2016-06-11 04:54 - 2016-06-11 04:54 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-06-11 04:54 - 2016-06-11 04:54 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-06-10 19:19 - 2016-06-13 20:41 - 00000000 ____D C:\Users\nope\AppData\Local\Microsoft Games
2016-06-10 19:19 - 2016-06-10 19:19 - 00000000 ____D C:\Users\nope\AppData\Roaming\DAEMON Tools Lite
2016-06-10 19:19 - 2016-06-10 19:19 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-06-10 19:14 - 2016-06-10 19:14 - 00000000 ____D C:\Users\nope\AppData\Roaming\WinRAR
2016-06-10 19:14 - 2016-06-10 19:14 - 00000000 ____D C:\Users\nope\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-06-10 19:14 - 2016-06-10 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-06-10 19:13 - 2016-06-10 19:14 - 00000000 ____D C:\Program Files (x86)\WinRAR
2016-06-10 19:13 - 2016-06-10 19:13 - 01841896 _____ C:\Users\nope\Downloads\wrar531.exe
2016-06-10 19:13 - 2016-06-10 19:13 - 01337860 _____ C:\Users\nope\Downloads\KMSpico.rar
2016-06-10 19:08 - 2016-06-16 18:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-10 19:08 - 2016-06-16 17:52 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-10 19:08 - 2016-06-11 23:57 - 00000000 ____D C:\Users\nope\AppData\Local\Google
2016-06-10 19:08 - 2016-06-10 19:14 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-06-10 19:08 - 2016-06-10 19:14 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-06-10 19:08 - 2016-06-10 19:09 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-10 19:08 - 2016-06-10 19:08 - 00057560 _____ C:\Users\nope\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-10 19:08 - 2016-06-10 19:08 - 00000000 ____D C:\Users\nope\AppData\Local\Deployment
2016-06-10 19:08 - 2016-06-10 19:08 - 00000000 ____D C:\Users\nope\AppData\Local\Apps\2.0
2016-06-10 19:06 - 2016-06-10 19:06 - 00001095 _____ C:\Users\Public\Desktop\Digi Net Mobile.lnk
2016-06-10 19:06 - 2016-06-10 19:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2016-06-10 19:06 - 2016-06-10 19:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2016-06-10 19:06 - 2016-06-10 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digi Net Mobile
2016-06-10 19:05 - 2016-06-10 19:06 - 00000000 ____D C:\ProgramData\Digi Net Mobile
2016-06-10 19:05 - 2016-06-10 19:06 - 00000000 ____D C:\ProgramData\DatacardService
2016-06-10 19:05 - 2016-06-10 19:06 - 00000000 ____D C:\Program Files (x86)\Digi Net Mobile
2016-06-10 19:05 - 2016-06-10 19:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-06-10 19:05 - 2016-06-10 19:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2016-06-10 19:05 - 2012-04-26 06:04 - 00450048 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
2016-06-10 19:05 - 2012-04-23 04:58 - 00238080 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2016-06-10 19:05 - 2012-04-23 04:57 - 00104448 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2016-06-10 19:05 - 2012-04-23 04:57 - 00090112 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2016-06-10 19:05 - 2012-04-23 04:57 - 00076800 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2016-06-10 19:05 - 2012-04-23 04:57 - 00030720 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2016-06-10 19:05 - 2011-12-31 04:20 - 00225920 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2016-06-10 19:05 - 2011-08-16 11:40 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2016-06-10 19:05 - 2011-08-16 11:40 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2016-06-10 19:05 - 2010-10-08 11:59 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2016-06-10 19:05 - 2010-09-26 13:09 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2016-06-10 19:05 - 2010-08-06 02:43 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2016-06-10 19:05 - 2010-07-27 04:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2016-06-10 19:05 - 2010-03-20 07:06 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2016-06-10 19:03 - 2016-06-16 18:18 - 00000000 ____D C:\Users\nope\AppData\Local\VirtualStore
2016-06-10 19:02 - 2016-06-13 23:08 - 00000000 ____D C:\Users\nope
2016-06-10 19:02 - 2016-06-10 19:02 - 00000020 ___SH C:\Users\nope\ntuser.ini
2016-06-10 19:02 - 2016-06-10 19:02 - 00000000 _SHDL C:\Users\nope\My Documents
2016-06-10 19:02 - 2016-06-10 19:02 - 00000000 _SHDL C:\Users\nope\Documents\My Videos
2016-06-10 19:02 - 2016-06-10 19:02 - 00000000 _SHDL C:\Users\nope\Documents\My Pictures
2016-06-10 19:02 - 2016-06-10 19:02 - 00000000 _SHDL C:\Users\nope\Documents\My Music
2016-06-10 19:02 - 2009-07-14 10:45 - 00000000 ____D C:\Users\nope\AppData\Roaming\Media Center Programs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-16 18:40 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-06-16 17:56 - 2009-07-14 08:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-16 17:52 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-16 17:50 - 2009-07-14 07:45 - 00009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-16 17:50 - 2009-07-14 07:45 - 00009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-16 17:34 - 2009-07-14 07:45 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-14 16:50 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2016-06-13 22:51 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\GroupPolicy
2016-06-11 05:50 - 2009-07-14 08:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-06-11 05:50 - 2009-07-14 07:45 - 00000000 ____D C:\Windows\Setup
2016-06-11 04:54 - 2009-07-14 08:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-11 04:54 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-06-11 04:52 - 2009-07-14 10:46 - 00000000 ____D C:\Windows\CSC

==================== Files in the root of some directories =======

2016-06-16 15:42 - 2016-06-16 15:42 - 0007610 _____ () C:\Users\nope\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\nope\AppData\Local\Temp\libeay32.dll
C:\Users\nope\AppData\Local\Temp\msvcr120.dll
C:\Users\nope\AppData\Local\Temp\scp2108.tmp.exe
C:\Users\nope\AppData\Local\Temp\sfamcc00001.dll
C:\Users\nope\AppData\Local\Temp\sfareca00001.dll
C:\Users\nope\AppData\Local\Temp\sfextra.dll
C:\Users\nope\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-12 00:14

==================== End of FRST.txt ============================





# AdwCleaner v5.200 - Logfile created 16/06/2016 at 18:39:20
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-16.2 [Server]
# Operating system : Windows 7 Ultimate  (X64)
# Username : nope
# Running from : C:\Users\nope\Downloads\adwcleaner_5.200.exe
# Option : Scan
# Support : [URL="https://toolslib.net/forum"]ToolsLib[/URL]

***** [ Services ] *****

Service Found : swdumon

***** [ Folders ] *****

Folder Found : C:\Users\nope\AppData\Local\slimware utilities inc

***** [ Files ] *****

File Found : C:\Windows\SysNative\drivers\swdumon.sys

***** [ DLL ] *****


***** [ WMI ] *****'

 

[TwinHeadedEagle]

Hello,

Please upload/attach reports, do not copy/paste them.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

 

[LeSupport]

There you go

 

[TwinHeadedEagle]

Did you set this proxy?

ProxyServer: [S-1-5-21-3689709291-3500409165-2341359289-1000] => cache.ase.ro:8080

Do you have problem only with Google Chrome?

 

[LeSupport]

yes, it's for the internet at my uni.
No, I have this problem with internet explorer too.

 

[LeSupport]

I solved the problem with Zemana & MBAM.