Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
goinf.ru and other redirect sites
Message
<blockquote data-quote="LeSupport" data-source="post: 516115" data-attributes="member: 53395"><p>[code]Platform: Windows 7 Ultimate (X64) Language: English (United States)</p><p>Internet Explorer Version 8 (Default browser: Chrome)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL]</p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(Microsoft Corporation) C:\Windows\System32\wlanext.exe</p><p>() C:\ProgramData\Digi Net Mobile\OnlineUpdate\ouc.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe</p><p>(HPP) C:\Program Files (x86)\HPProtector\HPProtectorSrv.exe</p><p>() C:\ProgramData\DatacardService\HWDeviceService64.exe</p><p>(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe</p><p>(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe</p><p>(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe</p><p>(SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe</p><p>(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe</p><p>(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>() C:\Users\nope\Downloads\adwcleaner_5.200.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-x64-V5.37.exe</p><p>(Microsoft Corporation) C:\Windows\System32\MRT.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ===========================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3857512 2015-11-16] (Synaptics Incorporated)</p><p>HKU\S-1-5-21-3689709291-3500409165-2341359289-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd)</p><p>HKU\S-1-5-21-3689709291-3500409165-2341359289-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53130368 2016-05-17] (Skype Technologies S.A.)</p><p>HKU\S-1-5-21-3689709291-3500409165-2341359289-1000\...\MountPoints2: {2ae80ffe-318d-11e6-8879-002713b20253} - F:\AutoRun.exe</p><p>HKU\S-1-5-21-3689709291-3500409165-2341359289-1000\...\MountPoints2: {be0ba0fa-2f24-11e6-9507-0026c6b142b4} - E:\AutoRun.exe</p><p>HKU\S-1-5-21-3689709291-3500409165-2341359289-1000\...\MountPoints2: {be0ba10d-2f24-11e6-9507-0026c6b142b4} - F:\AutoRun.exe</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>ProxyServer: [S-1-5-21-3689709291-3500409165-2341359289-1000] => cache.ase.ro:8080</p><p>Tcpip\Parameters: [DhcpNameServer] 193.231.252.1 213.154.124.1</p><p>Tcpip\..\Interfaces\{2F36780C-CC95-495A-B3A4-5376940CE737}: [NameServer] </p><p>Tcpip\..\Interfaces\{3DEF25E2-F306-490C-96CD-7909F7CF85F5}: [NameServer] </p><p>Tcpip\..\Interfaces\{9E15EEA7-7493-4640-A140-C10607B255E3}: [DhcpNameServer] 193.231.252.1 213.154.124.1</p><p></p><p>Internet Explorer:</p><p>==================</p><p>HKU\S-1-5-21-3689709291-3500409165-2341359289-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.ro/</p><p>Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)</p><p>Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)</p><p>Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)</p><p>Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)</p><p></p><p>FireFox:</p><p>========</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-10] (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-10] (Google Inc.)</p><p></p><p>Chrome: </p><p>=======</p><p>CHR HomePage: Default -> hxxp://[URL="http://www.google.ca/"]www.google.ca/[/URL]</p><p>CHR StartupUrls: Default -> "hxxps://[URL="http://www.google.ro/"]www.google.ro/[/URL]"</p><p>CHR Profile: C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (Google Slides) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-10]</p><p>CHR Extension: (Google Docs) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-10]</p><p>CHR Extension: (Google Drive) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-10]</p><p>CHR Extension: (YouTube) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-10]</p><p>CHR Extension: (Google Sheets) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-10]</p><p>CHR Extension: (Google Docs Offline) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-11]</p><p>CHR Extension: (AdBlock) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-10]</p><p>CHR Extension: (Chrome Web Store Payments) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-10]</p><p>CHR Extension: (Gmail) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-10]</p><p></p><p>==================== Services (Whitelisted) ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S2 Digi Net Mobile. RunOuc; C:\Program Files (x86)\Digi Net Mobile\UpdateDog\ouc.exe [655712 2012-03-16] ()</p><p>R2 HPProtector Service; C:\Program Files (x86)\HPProtector\HPProtectorSrv.exe [2294432 2016-06-13] (HPP)</p><p>R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()</p><p>S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-12-03] ()</p><p>R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)</p><p>R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386160 2012-12-03] (Intel® Corporation)</p><p></p><p>===================== Drivers (Whitelisted) ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2016-06-12] (DT Soft Ltd)</p><p>S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)</p><p>S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [238080 2012-04-23] (Huawei Technologies Co., Ltd.)</p><p>R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [41576 2015-11-16] (Synaptics Incorporated)</p><p>S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2016-06-16] (SlimWare Utilities, Inc.)</p><p>S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== One Month Created files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2016-06-16 18:41 - 2016-06-16 18:42 - 00009434 _____ C:\Users\nope\Downloads\FRST.txt</p><p>2016-06-16 18:41 - 2016-06-16 18:41 - 00000000 ____D C:\FRST</p><p>2016-06-16 18:40 - 2016-06-16 18:40 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p>2016-06-16 18:40 - 2016-06-16 18:40 - 02385920 _____ (Farbar) C:\Users\nope\Downloads\FRST64.exe</p><p>2016-06-16 18:40 - 2016-06-16 18:40 - 00000000 ____D C:\Windows\system32\MRT</p><p>2016-06-16 18:40 - 2016-06-16 18:40 - 00000000 ____D C:\Windows\LastGood</p><p>2016-06-16 18:22 - 2016-06-16 18:22 - 00007168 _____ (Microsoft Corporation) C:\Users\nope\Downloads\DllHost.exe</p><p>2016-06-16 18:17 - 2016-06-16 18:17 - 00388608 _____ (Trend Micro Inc.) C:\Users\nope\Downloads\HijackThis.exe</p><p>2016-06-16 18:14 - 2012-06-03 01:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll</p><p>2016-06-16 18:14 - 2012-06-03 01:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe</p><p>2016-06-16 18:14 - 2012-06-03 01:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll</p><p>2016-06-16 18:14 - 2012-06-03 01:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll</p><p>2016-06-16 18:14 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll</p><p>2016-06-16 18:14 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe</p><p>2016-06-16 18:12 - 2016-06-16 18:13 - 00002004 _____ C:\Users\nope\Desktop\Rkill.txt</p><p>2016-06-16 18:10 - 2016-06-16 18:11 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\nope\Downloads\rkill.exe</p><p>2016-06-16 17:52 - 2016-06-16 17:52 - 00016056 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys</p><p>2016-06-16 17:52 - 2016-06-16 17:52 - 00000000 ____D C:\Users\nope\AppData\Local\SlimWare Utilities Inc</p><p>2016-06-16 17:41 - 2016-06-16 18:39 - 00000000 ____D C:\AdwCleaner</p><p>2016-06-16 17:41 - 2016-06-16 17:41 - 03703360 _____ C:\Users\nope\Downloads\adwcleaner_5.200.exe</p><p>2016-06-16 17:36 - 2016-06-16 17:36 - 00000000 ____D C:\KVRT_Data</p><p>2016-06-16 17:04 - 2016-06-16 17:14 - 98217296 _____ (Kaspersky Lab ZAO) C:\Users\nope\Downloads\KVRT.exe</p><p>2016-06-16 17:01 - 2016-06-16 17:01 - 00002318 _____ C:\Users\nope\Downloads\KMSpico Activator for Windows 8-7-Vista + Office 2013-2010 - MDL (2).torrent</p><p>2016-06-16 17:00 - 2016-06-16 17:00 - 00039068 _____ C:\Users\nope\Downloads\Microsoft Office 2013 SP1 Professional Plus 15.0.4719.1000.torrent</p><p>2016-06-16 17:00 - 2016-06-16 17:00 - 00000000 ____D C:\Users\nope\AppData\LocalLow\uTorrent</p><p>2016-06-16 15:58 - 2016-06-16 15:58 - 01089536 _____ C:\Users\nope\Downloads\MACRO Curs Indicatori macro si fluxul circular al venitului.ppt</p><p>2016-06-16 15:58 - 2016-06-16 15:58 - 01089536 _____ C:\Users\nope\Downloads\MACRO Curs Indicatori macro si fluxul circular al venitului (1).ppt</p><p>2016-06-16 15:42 - 2016-06-16 15:42 - 00007610 _____ C:\Users\nope\AppData\Local\Resmon.ResmonCfg</p><p>2016-06-14 22:16 - 2016-06-16 17:53 - 00000000 ____D C:\Users\nope\AppData\Roaming\Skype</p><p>2016-06-14 22:15 - 2016-06-14 22:15 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk</p><p>2016-06-14 22:15 - 2016-06-14 22:15 - 00000000 ___RD C:\Program Files (x86)\Skype</p><p>2016-06-14 22:15 - 2016-06-14 22:15 - 00000000 ____D C:\ProgramData\Skype</p><p>2016-06-14 22:15 - 2016-06-14 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype</p><p>2016-06-14 22:14 - 2016-06-14 22:14 - 41774720 _____ (Skype Technologies S.A.) C:\Users\nope\Downloads\SkypeSetupFull.exe</p><p>2016-06-14 15:05 - 2016-06-16 17:01 - 00000000 ____D C:\cacaturi</p><p>2016-06-14 15:05 - 2016-06-14 15:05 - 00002318 _____ C:\Users\nope\Downloads\KMSpico Activator for Windows 8-7-Vista + Office 2013-2010 - MDL (1).torrent</p><p>2016-06-14 15:04 - 2016-06-14 15:04 - 00000000 ___SD C:\Users\nope\AppData\LocalLow\Temp</p><p>2016-06-14 15:03 - 2016-06-14 15:03 - 00002640 _____ C:\Users\nope\Desktop\µTorrent.lnk</p><p>2016-06-14 15:03 - 2016-06-14 15:03 - 00002640 _____ C:\Users\nope\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk</p><p>2016-06-14 15:02 - 2016-06-16 17:33 - 00000000 ____D C:\Users\nope\AppData\Roaming\uTorrent</p><p>2016-06-14 15:01 - 2016-06-14 15:01 - 02530304 _____ (BitTorrent Inc.) C:\Users\nope\Downloads\uTorrent.exe</p><p>2016-06-14 15:01 - 2016-06-14 15:01 - 00002318 _____ C:\Users\nope\Downloads\KMSpico Activator for Windows 8-7-Vista + Office 2013-2010 - MDL.torrent</p><p>2016-06-14 12:54 - 2016-06-14 12:54 - 340297097 _____ C:\Windows\MEMORY.DMP</p><p>2016-06-14 12:54 - 2016-06-14 12:54 - 01653984 _____ C:\Windows\Minidump\061416-23056-01.dmp</p><p>2016-06-14 12:54 - 2016-06-14 12:54 - 00000000 ____D C:\Windows\Minidump</p><p>2016-06-14 00:16 - 2016-06-14 00:16 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\nope\Downloads\sh-remover (1).exe</p><p>2016-06-14 00:15 - 2016-06-14 00:15 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\nope\Downloads\sh-remover.exe</p><p>2016-06-14 00:05 - 2016-06-14 00:05 - 00000000 ____D C:\Windows\pss</p><p>2016-06-13 23:46 - 2016-06-13 23:46 - 00000304 _____ C:\Users\nope\Downloads\shpatch.bat</p><p>2016-06-13 23:08 - 2016-06-13 23:08 - 00000258 __RSH C:\Users\nope\ntuser.pol</p><p>2016-06-13 22:55 - 2016-06-13 22:55 - 00000000 ____D C:\ProgramData\Malwarebytes</p><p>2016-06-13 22:54 - 2016-06-13 22:54 - 22851472 _____ (Malwarebytes ) C:\Users\nope\Downloads\mbam-setup-2.2.1.1043.exe</p><p>2016-06-13 22:51 - 2016-06-13 22:51 - 00001536 __RSH C:\ProgramData\ntuser.pol</p><p>2016-06-13 22:50 - 2016-06-13 22:50 - 00001945 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk</p><p>2016-06-13 22:50 - 2016-06-13 22:50 - 00001939 _____ C:\Users\nope\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk</p><p>2016-06-13 22:50 - 2016-06-13 22:50 - 00001939 _____ C:\Users\nope\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr (64-bit).lnk</p><p>2016-06-13 22:50 - 2016-06-13 22:50 - 00001933 _____ C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk</p><p>2016-06-13 22:50 - 2016-06-13 22:50 - 00000000 ____D C:\Program Files (x86)\HPProtector</p><p>2016-06-13 16:41 - 2016-06-16 17:36 - 00000000 ____D C:\Program Files (x86)\SpeedFan</p><p>2016-06-13 16:41 - 2016-06-13 16:41 - 02218504 _____ C:\Users\nope\Downloads\instspeedfan451.exe</p><p>2016-06-13 16:41 - 2016-06-13 16:41 - 00001011 _____ C:\Users\nope\Desktop\SpeedFan.lnk</p><p>2016-06-13 16:41 - 2016-06-13 16:41 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo</p><p>2016-06-13 16:41 - 2016-06-13 16:41 - 00000000 ____D C:\Users\nope\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan</p><p>2016-06-12 21:22 - 2016-06-12 21:22 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf</p><p>2016-06-12 21:22 - 2016-06-12 21:22 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf</p><p>2016-06-12 21:22 - 2016-06-12 21:22 - 00000000 ____D C:\Program Files\Synaptics</p><p>2016-06-12 21:21 - 2015-11-16 13:53 - 00761448 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll</p><p>2016-06-12 21:21 - 2015-11-16 13:53 - 00417384 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll</p><p>2016-06-12 21:21 - 2015-11-16 13:53 - 00263784 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll</p><p>2016-06-12 21:21 - 2015-11-16 13:53 - 00220776 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo20.dll</p><p>2016-06-12 21:21 - 2015-11-16 13:52 - 00585832 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys</p><p>2016-06-12 21:21 - 2015-11-16 13:52 - 00041576 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys</p><p>2016-06-12 21:21 - 2013-04-16 18:33 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll</p><p>2016-06-12 21:12 - 2016-06-12 21:12 - 00000000 ____D C:\SWSetup</p><p>2016-06-12 21:12 - 2016-06-12 21:12 - 00000000 ____D C:\ProgramData\HP HSPA+ Mobile Broadband</p><p>2016-06-12 21:11 - 2013-05-16 11:45 - 00552760 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe</p><p>2016-06-12 21:11 - 2006-01-12 15:52 - 00001904 ____N C:\Windows\system32\SetupBD.din</p><p>2016-06-12 21:08 - 2016-06-12 21:08 - 00000000 ____D C:\Intel</p><p>2016-06-12 21:08 - 2013-08-21 15:16 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll</p><p>2016-06-12 21:00 - 2011-10-20 11:24 - 00302296 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1y62x64.sys</p><p>2016-06-12 21:00 - 2011-09-29 01:49 - 00098496 _____ (Intel Corporation) C:\Windows\system32\NicInstY.dll</p><p>2016-06-12 21:00 - 2009-05-26 10:05 - 00036472 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll</p><p>2016-06-12 21:00 - 2009-03-05 16:52 - 00003315 _____ C:\Windows\system32\e1y62x64.din</p><p>2016-06-12 21:00 - 2007-12-14 13:06 - 00121440 _____ (Intel Corporation) C:\Windows\system32\e1000msg.dll</p><p>2016-06-12 20:42 - 2016-06-12 20:42 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys</p><p>2016-06-12 20:42 - 2016-06-12 20:42 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys</p><p>2016-06-12 20:42 - 2016-06-12 20:42 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll</p><p>2016-06-12 20:42 - 2016-06-12 20:42 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf</p><p>2016-06-12 20:41 - 2016-06-12 20:41 - 00000000 ___HD C:\Windows\system32\WLANProfiles</p><p>2016-06-12 20:41 - 2016-06-12 20:41 - 00000000 ____D C:\Users\nope\AppData\Roaming\Intel</p><p>2016-06-12 20:40 - 2016-06-12 21:08 - 00000000 ____D C:\Program Files (x86)\Intel</p><p>2016-06-12 20:40 - 2016-06-12 20:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless</p><p>2016-06-12 20:40 - 2016-06-12 20:40 - 00000000 ____D C:\ProgramData\Intel</p><p>2016-06-12 20:40 - 2016-06-12 20:40 - 00000000 ____D C:\Program Files\Common Files\Intel</p><p>2016-06-12 20:40 - 2016-06-12 20:40 - 00000000 ____D C:\Program Files (x86)\Cisco</p><p>2016-06-12 20:39 - 2016-06-12 20:41 - 00000000 ____D C:\Program Files\Intel</p><p>2016-06-12 20:39 - 2016-06-12 20:39 - 00000000 ____D C:\ProgramData\Package Cache</p><p>2016-06-12 20:37 - 2016-06-12 20:37 - 00000000 ____D C:\SWTOOLS</p><p>2016-06-12 19:44 - 2016-06-16 17:53 - 00002880 _____ C:\Windows\System32\Tasks\SlimDrivers Startup</p><p>2016-06-12 19:44 - 2016-06-16 17:53 - 00000432 _____ C:\Windows\Tasks\SlimDrivers Startup.job</p><p>2016-06-12 19:44 - 2016-06-12 19:44 - 00981592 _____ (SlimWare Utilities, Inc.) C:\Users\nope\Downloads\SlimDrivers-setup.exe</p><p>2016-06-12 19:44 - 2016-06-12 19:44 - 00002483 _____ C:\Users\Public\Desktop\SlimDrivers.lnk</p><p>2016-06-12 19:44 - 2016-06-12 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers</p><p>2016-06-12 19:44 - 2016-06-12 19:44 - 00000000 ____D C:\Program Files (x86)\SlimDrivers</p><p>2016-06-12 19:41 - 2016-06-12 19:42 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite</p><p>2016-06-12 19:41 - 2016-06-12 19:41 - 00270912 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys</p><p>2016-06-12 19:41 - 2016-06-12 19:41 - 00001954 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk</p><p>2016-06-12 19:41 - 2016-06-12 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite</p><p>2016-06-12 00:24 - 2016-06-12 00:24 - 00330853 _____ C:\Users\nope\Downloads\RealTemp_370.zip</p><p>2016-06-12 00:24 - 2016-06-12 00:24 - 00000000 ____D C:\Users\nope\Downloads\RealTemp_370</p><p>2016-06-11 23:18 - 2016-04-21 15:05 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe</p><p>2016-06-11 05:51 - 2016-06-11 04:54 - 00000000 ____D C:\Windows\Panther</p><p>2016-06-11 04:54 - 2016-06-11 04:54 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk</p><p>2016-06-11 04:54 - 2016-06-11 04:54 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk</p><p>2016-06-10 19:19 - 2016-06-13 20:41 - 00000000 ____D C:\Users\nope\AppData\Local\Microsoft Games</p><p>2016-06-10 19:19 - 2016-06-10 19:19 - 00000000 ____D C:\Users\nope\AppData\Roaming\DAEMON Tools Lite</p><p>2016-06-10 19:19 - 2016-06-10 19:19 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite</p><p>2016-06-10 19:14 - 2016-06-10 19:14 - 00000000 ____D C:\Users\nope\AppData\Roaming\WinRAR</p><p>2016-06-10 19:14 - 2016-06-10 19:14 - 00000000 ____D C:\Users\nope\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR</p><p>2016-06-10 19:14 - 2016-06-10 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR</p><p>2016-06-10 19:13 - 2016-06-10 19:14 - 00000000 ____D C:\Program Files (x86)\WinRAR</p><p>2016-06-10 19:13 - 2016-06-10 19:13 - 01841896 _____ C:\Users\nope\Downloads\wrar531.exe</p><p>2016-06-10 19:13 - 2016-06-10 19:13 - 01337860 _____ C:\Users\nope\Downloads\KMSpico.rar</p><p>2016-06-10 19:08 - 2016-06-16 18:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2016-06-10 19:08 - 2016-06-16 17:52 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2016-06-10 19:08 - 2016-06-11 23:57 - 00000000 ____D C:\Users\nope\AppData\Local\Google</p><p>2016-06-10 19:08 - 2016-06-10 19:14 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA</p><p>2016-06-10 19:08 - 2016-06-10 19:14 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore</p><p>2016-06-10 19:08 - 2016-06-10 19:09 - 00000000 ____D C:\Program Files (x86)\Google</p><p>2016-06-10 19:08 - 2016-06-10 19:08 - 00057560 _____ C:\Users\nope\AppData\Local\GDIPFONTCACHEV1.DAT</p><p>2016-06-10 19:08 - 2016-06-10 19:08 - 00000000 ____D C:\Users\nope\AppData\Local\Deployment</p><p>2016-06-10 19:08 - 2016-06-10 19:08 - 00000000 ____D C:\Users\nope\AppData\Local\Apps\2.0</p><p>2016-06-10 19:06 - 2016-06-10 19:06 - 00001095 _____ C:\Users\Public\Desktop\Digi Net Mobile.lnk</p><p>2016-06-10 19:06 - 2016-06-10 19:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf</p><p>2016-06-10 19:06 - 2016-06-10 19:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf</p><p>2016-06-10 19:06 - 2016-06-10 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digi Net Mobile</p><p>2016-06-10 19:05 - 2016-06-10 19:06 - 00000000 ____D C:\ProgramData\Digi Net Mobile</p><p>2016-06-10 19:05 - 2016-06-10 19:06 - 00000000 ____D C:\ProgramData\DatacardService</p><p>2016-06-10 19:05 - 2016-06-10 19:06 - 00000000 ____D C:\Program Files (x86)\Digi Net Mobile</p><p>2016-06-10 19:05 - 2016-06-10 19:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf</p><p>2016-06-10 19:05 - 2016-06-10 19:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf</p><p>2016-06-10 19:05 - 2012-04-26 06:04 - 00450048 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys</p><p>2016-06-10 19:05 - 2012-04-23 04:58 - 00238080 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys</p><p>2016-06-10 19:05 - 2012-04-23 04:57 - 00104448 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys</p><p>2016-06-10 19:05 - 2012-04-23 04:57 - 00090112 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys</p><p>2016-06-10 19:05 - 2012-04-23 04:57 - 00076800 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys</p><p>2016-06-10 19:05 - 2012-04-23 04:57 - 00030720 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys</p><p>2016-06-10 19:05 - 2011-12-31 04:20 - 00225920 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys</p><p>2016-06-10 19:05 - 2011-08-16 11:40 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll</p><p>2016-06-10 19:05 - 2011-08-16 11:40 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll</p><p>2016-06-10 19:05 - 2010-10-08 11:59 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys</p><p>2016-06-10 19:05 - 2010-09-26 13:09 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys</p><p>2016-06-10 19:05 - 2010-08-06 02:43 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys</p><p>2016-06-10 19:05 - 2010-07-27 04:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys</p><p>2016-06-10 19:05 - 2010-03-20 07:06 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys</p><p>2016-06-10 19:03 - 2016-06-16 18:18 - 00000000 ____D C:\Users\nope\AppData\Local\VirtualStore</p><p>2016-06-10 19:02 - 2016-06-13 23:08 - 00000000 ____D C:\Users\nope</p><p>2016-06-10 19:02 - 2016-06-10 19:02 - 00000020 ___SH C:\Users\nope\ntuser.ini</p><p>2016-06-10 19:02 - 2016-06-10 19:02 - 00000000 _SHDL C:\Users\nope\My Documents</p><p>2016-06-10 19:02 - 2016-06-10 19:02 - 00000000 _SHDL C:\Users\nope\Documents\My Videos</p><p>2016-06-10 19:02 - 2016-06-10 19:02 - 00000000 _SHDL C:\Users\nope\Documents\My Pictures</p><p>2016-06-10 19:02 - 2016-06-10 19:02 - 00000000 _SHDL C:\Users\nope\Documents\My Music</p><p>2016-06-10 19:02 - 2009-07-14 10:45 - 00000000 ____D C:\Users\nope\AppData\Roaming\Media Center Programs</p><p></p><p>==================== One Month Modified files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2016-06-16 18:40 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf</p><p>2016-06-16 17:56 - 2009-07-14 08:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI</p><p>2016-06-16 17:52 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT</p><p>2016-06-16 17:50 - 2009-07-14 07:45 - 00009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2016-06-16 17:50 - 2009-07-14 07:45 - 00009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2016-06-16 17:34 - 2009-07-14 07:45 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT</p><p>2016-06-14 16:50 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache</p><p>2016-06-13 22:51 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\GroupPolicy</p><p>2016-06-11 05:50 - 2009-07-14 08:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template</p><p>2016-06-11 05:50 - 2009-07-14 07:45 - 00000000 ____D C:\Windows\Setup</p><p>2016-06-11 04:54 - 2009-07-14 08:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games</p><p>2016-06-11 04:54 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\sysprep</p><p>2016-06-11 04:52 - 2009-07-14 10:46 - 00000000 ____D C:\Windows\CSC</p><p></p><p>==================== Files in the root of some directories =======</p><p></p><p>2016-06-16 15:42 - 2016-06-16 15:42 - 0007610 _____ () C:\Users\nope\AppData\Local\Resmon.ResmonCfg</p><p></p><p>Some files in TEMP:</p><p>====================</p><p>C:\Users\nope\AppData\Local\Temp\libeay32.dll</p><p>C:\Users\nope\AppData\Local\Temp\msvcr120.dll</p><p>C:\Users\nope\AppData\Local\Temp\scp2108.tmp.exe</p><p>C:\Users\nope\AppData\Local\Temp\sfamcc00001.dll</p><p>C:\Users\nope\AppData\Local\Temp\sfareca00001.dll</p><p>C:\Users\nope\AppData\Local\Temp\sfextra.dll</p><p>C:\Users\nope\AppData\Local\Temp\sqlite3.dll</p><p></p><p></p><p>==================== Bamital & volsnap =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\system32\winlogon.exe => File is digitally signed</p><p>C:\Windows\system32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\system32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\system32\services.exe => File is digitally signed</p><p>C:\Windows\system32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\system32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\system32\rpcss.dll => File is digitally signed</p><p>C:\Windows\system32\dnsapi.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed</p><p>C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2016-06-12 00:14</p><p></p><p>==================== End of FRST.txt ============================</p><p></p><p></p><p></p><p></p><p></p><p># AdwCleaner v5.200 - Logfile created 16/06/2016 at 18:39:20</p><p># Updated 14/06/2016 by ToolsLib</p><p># Database : 2016-06-16.2 [Server]</p><p># Operating system : Windows 7 Ultimate (X64)</p><p># Username : nope</p><p># Running from : C:\Users\nope\Downloads\adwcleaner_5.200.exe</p><p># Option : Scan</p><p># Support : [URL="https://toolslib.net/forum"]ToolsLib[/URL]</p><p></p><p>***** [ Services ] *****</p><p></p><p>Service Found : swdumon</p><p></p><p>***** [ Folders ] *****</p><p></p><p>Folder Found : C:\Users\nope\AppData\Local\slimware utilities inc</p><p></p><p>***** [ Files ] *****</p><p></p><p>File Found : C:\Windows\SysNative\drivers\swdumon.sys</p><p></p><p>***** [ DLL ] *****</p><p></p><p></p><p>***** [ WMI ] *****'[/code]</p></blockquote><p></p>
[QUOTE="LeSupport, post: 516115, member: 53395"] [code]Platform: Windows 7 Ultimate (X64) Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\ProgramData\Digi Net Mobile\OnlineUpdate\ouc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (HPP) C:\Program Files (x86)\HPProtector\HPProtectorSrv.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\nope\Downloads\adwcleaner_5.200.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-x64-V5.37.exe (Microsoft Corporation) C:\Windows\System32\MRT.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3857512 2015-11-16] (Synaptics Incorporated) HKU\S-1-5-21-3689709291-3500409165-2341359289-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd) HKU\S-1-5-21-3689709291-3500409165-2341359289-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53130368 2016-05-17] (Skype Technologies S.A.) HKU\S-1-5-21-3689709291-3500409165-2341359289-1000\...\MountPoints2: {2ae80ffe-318d-11e6-8879-002713b20253} - F:\AutoRun.exe HKU\S-1-5-21-3689709291-3500409165-2341359289-1000\...\MountPoints2: {be0ba0fa-2f24-11e6-9507-0026c6b142b4} - E:\AutoRun.exe HKU\S-1-5-21-3689709291-3500409165-2341359289-1000\...\MountPoints2: {be0ba10d-2f24-11e6-9507-0026c6b142b4} - F:\AutoRun.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-3689709291-3500409165-2341359289-1000] => cache.ase.ro:8080 Tcpip\Parameters: [DhcpNameServer] 193.231.252.1 213.154.124.1 Tcpip\..\Interfaces\{2F36780C-CC95-495A-B3A4-5376940CE737}: [NameServer] Tcpip\..\Interfaces\{3DEF25E2-F306-490C-96CD-7909F7CF85F5}: [NameServer] Tcpip\..\Interfaces\{9E15EEA7-7493-4640-A140-C10607B255E3}: [DhcpNameServer] 193.231.252.1 213.154.124.1 Internet Explorer: ================== HKU\S-1-5-21-3689709291-3500409165-2341359289-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.ro/ Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation) FireFox: ======== FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-10] (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://[URL="http://www.google.ca/"]www.google.ca/[/URL] CHR StartupUrls: Default -> "hxxps://[URL="http://www.google.ro/"]www.google.ro/[/URL]" CHR Profile: C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-10] CHR Extension: (Google Docs) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-10] CHR Extension: (Google Drive) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-10] CHR Extension: (YouTube) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-10] CHR Extension: (Google Sheets) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-10] CHR Extension: (Google Docs Offline) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-11] CHR Extension: (AdBlock) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-10] CHR Extension: (Chrome Web Store Payments) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-10] CHR Extension: (Gmail) - C:\Users\nope\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-10] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 Digi Net Mobile. RunOuc; C:\Program Files (x86)\Digi Net Mobile\UpdateDog\ouc.exe [655712 2012-03-16] () R2 HPProtector Service; C:\Program Files (x86)\HPProtector\HPProtectorSrv.exe [2294432 2016-06-13] (HPP) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-12-03] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386160 2012-12-03] (Intel® Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2016-06-12] (DT Soft Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [238080 2012-04-23] (Huawei Technologies Co., Ltd.) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [41576 2015-11-16] (Synaptics Incorporated) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2016-06-16] (SlimWare Utilities, Inc.) S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-16 18:41 - 2016-06-16 18:42 - 00009434 _____ C:\Users\nope\Downloads\FRST.txt 2016-06-16 18:41 - 2016-06-16 18:41 - 00000000 ____D C:\FRST 2016-06-16 18:40 - 2016-06-16 18:40 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-06-16 18:40 - 2016-06-16 18:40 - 02385920 _____ (Farbar) C:\Users\nope\Downloads\FRST64.exe 2016-06-16 18:40 - 2016-06-16 18:40 - 00000000 ____D C:\Windows\system32\MRT 2016-06-16 18:40 - 2016-06-16 18:40 - 00000000 ____D C:\Windows\LastGood 2016-06-16 18:22 - 2016-06-16 18:22 - 00007168 _____ (Microsoft Corporation) C:\Users\nope\Downloads\DllHost.exe 2016-06-16 18:17 - 2016-06-16 18:17 - 00388608 _____ (Trend Micro Inc.) C:\Users\nope\Downloads\HijackThis.exe 2016-06-16 18:14 - 2012-06-03 01:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-06-16 18:14 - 2012-06-03 01:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-06-16 18:14 - 2012-06-03 01:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2016-06-16 18:14 - 2012-06-03 01:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-06-16 18:14 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-06-16 18:14 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-06-16 18:12 - 2016-06-16 18:13 - 00002004 _____ C:\Users\nope\Desktop\Rkill.txt 2016-06-16 18:10 - 2016-06-16 18:11 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\nope\Downloads\rkill.exe 2016-06-16 17:52 - 2016-06-16 17:52 - 00016056 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys 2016-06-16 17:52 - 2016-06-16 17:52 - 00000000 ____D C:\Users\nope\AppData\Local\SlimWare Utilities Inc 2016-06-16 17:41 - 2016-06-16 18:39 - 00000000 ____D C:\AdwCleaner 2016-06-16 17:41 - 2016-06-16 17:41 - 03703360 _____ C:\Users\nope\Downloads\adwcleaner_5.200.exe 2016-06-16 17:36 - 2016-06-16 17:36 - 00000000 ____D C:\KVRT_Data 2016-06-16 17:04 - 2016-06-16 17:14 - 98217296 _____ (Kaspersky Lab ZAO) C:\Users\nope\Downloads\KVRT.exe 2016-06-16 17:01 - 2016-06-16 17:01 - 00002318 _____ C:\Users\nope\Downloads\KMSpico Activator for Windows 8-7-Vista + Office 2013-2010 - MDL (2).torrent 2016-06-16 17:00 - 2016-06-16 17:00 - 00039068 _____ C:\Users\nope\Downloads\Microsoft Office 2013 SP1 Professional Plus 15.0.4719.1000.torrent 2016-06-16 17:00 - 2016-06-16 17:00 - 00000000 ____D C:\Users\nope\AppData\LocalLow\uTorrent 2016-06-16 15:58 - 2016-06-16 15:58 - 01089536 _____ C:\Users\nope\Downloads\MACRO Curs Indicatori macro si fluxul circular al venitului.ppt 2016-06-16 15:58 - 2016-06-16 15:58 - 01089536 _____ C:\Users\nope\Downloads\MACRO Curs Indicatori macro si fluxul circular al venitului (1).ppt 2016-06-16 15:42 - 2016-06-16 15:42 - 00007610 _____ C:\Users\nope\AppData\Local\Resmon.ResmonCfg 2016-06-14 22:16 - 2016-06-16 17:53 - 00000000 ____D C:\Users\nope\AppData\Roaming\Skype 2016-06-14 22:15 - 2016-06-14 22:15 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk 2016-06-14 22:15 - 2016-06-14 22:15 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-06-14 22:15 - 2016-06-14 22:15 - 00000000 ____D C:\ProgramData\Skype 2016-06-14 22:15 - 2016-06-14 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-06-14 22:14 - 2016-06-14 22:14 - 41774720 _____ (Skype Technologies S.A.) C:\Users\nope\Downloads\SkypeSetupFull.exe 2016-06-14 15:05 - 2016-06-16 17:01 - 00000000 ____D C:\cacaturi 2016-06-14 15:05 - 2016-06-14 15:05 - 00002318 _____ C:\Users\nope\Downloads\KMSpico Activator for Windows 8-7-Vista + Office 2013-2010 - MDL (1).torrent 2016-06-14 15:04 - 2016-06-14 15:04 - 00000000 ___SD C:\Users\nope\AppData\LocalLow\Temp 2016-06-14 15:03 - 2016-06-14 15:03 - 00002640 _____ C:\Users\nope\Desktop\µTorrent.lnk 2016-06-14 15:03 - 2016-06-14 15:03 - 00002640 _____ C:\Users\nope\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2016-06-14 15:02 - 2016-06-16 17:33 - 00000000 ____D C:\Users\nope\AppData\Roaming\uTorrent 2016-06-14 15:01 - 2016-06-14 15:01 - 02530304 _____ (BitTorrent Inc.) C:\Users\nope\Downloads\uTorrent.exe 2016-06-14 15:01 - 2016-06-14 15:01 - 00002318 _____ C:\Users\nope\Downloads\KMSpico Activator for Windows 8-7-Vista + Office 2013-2010 - MDL.torrent 2016-06-14 12:54 - 2016-06-14 12:54 - 340297097 _____ C:\Windows\MEMORY.DMP 2016-06-14 12:54 - 2016-06-14 12:54 - 01653984 _____ C:\Windows\Minidump\061416-23056-01.dmp 2016-06-14 12:54 - 2016-06-14 12:54 - 00000000 ____D C:\Windows\Minidump 2016-06-14 00:16 - 2016-06-14 00:16 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\nope\Downloads\sh-remover (1).exe 2016-06-14 00:15 - 2016-06-14 00:15 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\nope\Downloads\sh-remover.exe 2016-06-14 00:05 - 2016-06-14 00:05 - 00000000 ____D C:\Windows\pss 2016-06-13 23:46 - 2016-06-13 23:46 - 00000304 _____ C:\Users\nope\Downloads\shpatch.bat 2016-06-13 23:08 - 2016-06-13 23:08 - 00000258 __RSH C:\Users\nope\ntuser.pol 2016-06-13 22:55 - 2016-06-13 22:55 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-06-13 22:54 - 2016-06-13 22:54 - 22851472 _____ (Malwarebytes ) C:\Users\nope\Downloads\mbam-setup-2.2.1.1043.exe 2016-06-13 22:51 - 2016-06-13 22:51 - 00001536 __RSH C:\ProgramData\ntuser.pol 2016-06-13 22:50 - 2016-06-13 22:50 - 00001945 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk 2016-06-13 22:50 - 2016-06-13 22:50 - 00001939 _____ C:\Users\nope\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk 2016-06-13 22:50 - 2016-06-13 22:50 - 00001939 _____ C:\Users\nope\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr (64-bit).lnk 2016-06-13 22:50 - 2016-06-13 22:50 - 00001933 _____ C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk 2016-06-13 22:50 - 2016-06-13 22:50 - 00000000 ____D C:\Program Files (x86)\HPProtector 2016-06-13 16:41 - 2016-06-16 17:36 - 00000000 ____D C:\Program Files (x86)\SpeedFan 2016-06-13 16:41 - 2016-06-13 16:41 - 02218504 _____ C:\Users\nope\Downloads\instspeedfan451.exe 2016-06-13 16:41 - 2016-06-13 16:41 - 00001011 _____ C:\Users\nope\Desktop\SpeedFan.lnk 2016-06-13 16:41 - 2016-06-13 16:41 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo 2016-06-13 16:41 - 2016-06-13 16:41 - 00000000 ____D C:\Users\nope\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan 2016-06-12 21:22 - 2016-06-12 21:22 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf 2016-06-12 21:22 - 2016-06-12 21:22 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf 2016-06-12 21:22 - 2016-06-12 21:22 - 00000000 ____D C:\Program Files\Synaptics 2016-06-12 21:21 - 2015-11-16 13:53 - 00761448 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll 2016-06-12 21:21 - 2015-11-16 13:53 - 00417384 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll 2016-06-12 21:21 - 2015-11-16 13:53 - 00263784 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll 2016-06-12 21:21 - 2015-11-16 13:53 - 00220776 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo20.dll 2016-06-12 21:21 - 2015-11-16 13:52 - 00585832 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys 2016-06-12 21:21 - 2015-11-16 13:52 - 00041576 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys 2016-06-12 21:21 - 2013-04-16 18:33 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll 2016-06-12 21:12 - 2016-06-12 21:12 - 00000000 ____D C:\SWSetup 2016-06-12 21:12 - 2016-06-12 21:12 - 00000000 ____D C:\ProgramData\HP HSPA+ Mobile Broadband 2016-06-12 21:11 - 2013-05-16 11:45 - 00552760 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe 2016-06-12 21:11 - 2006-01-12 15:52 - 00001904 ____N C:\Windows\system32\SetupBD.din 2016-06-12 21:08 - 2016-06-12 21:08 - 00000000 ____D C:\Intel 2016-06-12 21:08 - 2013-08-21 15:16 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll 2016-06-12 21:00 - 2011-10-20 11:24 - 00302296 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1y62x64.sys 2016-06-12 21:00 - 2011-09-29 01:49 - 00098496 _____ (Intel Corporation) C:\Windows\system32\NicInstY.dll 2016-06-12 21:00 - 2009-05-26 10:05 - 00036472 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll 2016-06-12 21:00 - 2009-03-05 16:52 - 00003315 _____ C:\Windows\system32\e1y62x64.din 2016-06-12 21:00 - 2007-12-14 13:06 - 00121440 _____ (Intel Corporation) C:\Windows\system32\e1000msg.dll 2016-06-12 20:42 - 2016-06-12 20:42 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2016-06-12 20:42 - 2016-06-12 20:42 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys 2016-06-12 20:42 - 2016-06-12 20:42 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll 2016-06-12 20:42 - 2016-06-12 20:42 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2016-06-12 20:41 - 2016-06-12 20:41 - 00000000 ___HD C:\Windows\system32\WLANProfiles 2016-06-12 20:41 - 2016-06-12 20:41 - 00000000 ____D C:\Users\nope\AppData\Roaming\Intel 2016-06-12 20:40 - 2016-06-12 21:08 - 00000000 ____D C:\Program Files (x86)\Intel 2016-06-12 20:40 - 2016-06-12 20:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless 2016-06-12 20:40 - 2016-06-12 20:40 - 00000000 ____D C:\ProgramData\Intel 2016-06-12 20:40 - 2016-06-12 20:40 - 00000000 ____D C:\Program Files\Common Files\Intel 2016-06-12 20:40 - 2016-06-12 20:40 - 00000000 ____D C:\Program Files (x86)\Cisco 2016-06-12 20:39 - 2016-06-12 20:41 - 00000000 ____D C:\Program Files\Intel 2016-06-12 20:39 - 2016-06-12 20:39 - 00000000 ____D C:\ProgramData\Package Cache 2016-06-12 20:37 - 2016-06-12 20:37 - 00000000 ____D C:\SWTOOLS 2016-06-12 19:44 - 2016-06-16 17:53 - 00002880 _____ C:\Windows\System32\Tasks\SlimDrivers Startup 2016-06-12 19:44 - 2016-06-16 17:53 - 00000432 _____ C:\Windows\Tasks\SlimDrivers Startup.job 2016-06-12 19:44 - 2016-06-12 19:44 - 00981592 _____ (SlimWare Utilities, Inc.) C:\Users\nope\Downloads\SlimDrivers-setup.exe 2016-06-12 19:44 - 2016-06-12 19:44 - 00002483 _____ C:\Users\Public\Desktop\SlimDrivers.lnk 2016-06-12 19:44 - 2016-06-12 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers 2016-06-12 19:44 - 2016-06-12 19:44 - 00000000 ____D C:\Program Files (x86)\SlimDrivers 2016-06-12 19:41 - 2016-06-12 19:42 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite 2016-06-12 19:41 - 2016-06-12 19:41 - 00270912 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys 2016-06-12 19:41 - 2016-06-12 19:41 - 00001954 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2016-06-12 19:41 - 2016-06-12 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2016-06-12 00:24 - 2016-06-12 00:24 - 00330853 _____ C:\Users\nope\Downloads\RealTemp_370.zip 2016-06-12 00:24 - 2016-06-12 00:24 - 00000000 ____D C:\Users\nope\Downloads\RealTemp_370 2016-06-11 23:18 - 2016-04-21 15:05 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-06-11 05:51 - 2016-06-11 04:54 - 00000000 ____D C:\Windows\Panther 2016-06-11 04:54 - 2016-06-11 04:54 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2016-06-11 04:54 - 2016-06-11 04:54 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2016-06-10 19:19 - 2016-06-13 20:41 - 00000000 ____D C:\Users\nope\AppData\Local\Microsoft Games 2016-06-10 19:19 - 2016-06-10 19:19 - 00000000 ____D C:\Users\nope\AppData\Roaming\DAEMON Tools Lite 2016-06-10 19:19 - 2016-06-10 19:19 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite 2016-06-10 19:14 - 2016-06-10 19:14 - 00000000 ____D C:\Users\nope\AppData\Roaming\WinRAR 2016-06-10 19:14 - 2016-06-10 19:14 - 00000000 ____D C:\Users\nope\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-06-10 19:14 - 2016-06-10 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-06-10 19:13 - 2016-06-10 19:14 - 00000000 ____D C:\Program Files (x86)\WinRAR 2016-06-10 19:13 - 2016-06-10 19:13 - 01841896 _____ C:\Users\nope\Downloads\wrar531.exe 2016-06-10 19:13 - 2016-06-10 19:13 - 01337860 _____ C:\Users\nope\Downloads\KMSpico.rar 2016-06-10 19:08 - 2016-06-16 18:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-10 19:08 - 2016-06-16 17:52 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-10 19:08 - 2016-06-11 23:57 - 00000000 ____D C:\Users\nope\AppData\Local\Google 2016-06-10 19:08 - 2016-06-10 19:14 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-06-10 19:08 - 2016-06-10 19:14 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-06-10 19:08 - 2016-06-10 19:09 - 00000000 ____D C:\Program Files (x86)\Google 2016-06-10 19:08 - 2016-06-10 19:08 - 00057560 _____ C:\Users\nope\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-10 19:08 - 2016-06-10 19:08 - 00000000 ____D C:\Users\nope\AppData\Local\Deployment 2016-06-10 19:08 - 2016-06-10 19:08 - 00000000 ____D C:\Users\nope\AppData\Local\Apps\2.0 2016-06-10 19:06 - 2016-06-10 19:06 - 00001095 _____ C:\Users\Public\Desktop\Digi Net Mobile.lnk 2016-06-10 19:06 - 2016-06-10 19:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf 2016-06-10 19:06 - 2016-06-10 19:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf 2016-06-10 19:06 - 2016-06-10 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digi Net Mobile 2016-06-10 19:05 - 2016-06-10 19:06 - 00000000 ____D C:\ProgramData\Digi Net Mobile 2016-06-10 19:05 - 2016-06-10 19:06 - 00000000 ____D C:\ProgramData\DatacardService 2016-06-10 19:05 - 2016-06-10 19:06 - 00000000 ____D C:\Program Files (x86)\Digi Net Mobile 2016-06-10 19:05 - 2016-06-10 19:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2016-06-10 19:05 - 2016-06-10 19:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf 2016-06-10 19:05 - 2012-04-26 06:04 - 00450048 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys 2016-06-10 19:05 - 2012-04-23 04:58 - 00238080 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys 2016-06-10 19:05 - 2012-04-23 04:57 - 00104448 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys 2016-06-10 19:05 - 2012-04-23 04:57 - 00090112 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys 2016-06-10 19:05 - 2012-04-23 04:57 - 00076800 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys 2016-06-10 19:05 - 2012-04-23 04:57 - 00030720 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys 2016-06-10 19:05 - 2011-12-31 04:20 - 00225920 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys 2016-06-10 19:05 - 2011-08-16 11:40 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll 2016-06-10 19:05 - 2011-08-16 11:40 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll 2016-06-10 19:05 - 2010-10-08 11:59 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys 2016-06-10 19:05 - 2010-09-26 13:09 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys 2016-06-10 19:05 - 2010-08-06 02:43 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys 2016-06-10 19:05 - 2010-07-27 04:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys 2016-06-10 19:05 - 2010-03-20 07:06 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys 2016-06-10 19:03 - 2016-06-16 18:18 - 00000000 ____D C:\Users\nope\AppData\Local\VirtualStore 2016-06-10 19:02 - 2016-06-13 23:08 - 00000000 ____D C:\Users\nope 2016-06-10 19:02 - 2016-06-10 19:02 - 00000020 ___SH C:\Users\nope\ntuser.ini 2016-06-10 19:02 - 2016-06-10 19:02 - 00000000 _SHDL C:\Users\nope\My Documents 2016-06-10 19:02 - 2016-06-10 19:02 - 00000000 _SHDL C:\Users\nope\Documents\My Videos 2016-06-10 19:02 - 2016-06-10 19:02 - 00000000 _SHDL C:\Users\nope\Documents\My Pictures 2016-06-10 19:02 - 2016-06-10 19:02 - 00000000 _SHDL C:\Users\nope\Documents\My Music 2016-06-10 19:02 - 2009-07-14 10:45 - 00000000 ____D C:\Users\nope\AppData\Roaming\Media Center Programs ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-16 18:40 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf 2016-06-16 17:56 - 2009-07-14 08:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI 2016-06-16 17:52 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-06-16 17:50 - 2009-07-14 07:45 - 00009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-06-16 17:50 - 2009-07-14 07:45 - 00009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-06-16 17:34 - 2009-07-14 07:45 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT 2016-06-14 16:50 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache 2016-06-13 22:51 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\GroupPolicy 2016-06-11 05:50 - 2009-07-14 08:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template 2016-06-11 05:50 - 2009-07-14 07:45 - 00000000 ____D C:\Windows\Setup 2016-06-11 04:54 - 2009-07-14 08:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-06-11 04:54 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\sysprep 2016-06-11 04:52 - 2009-07-14 10:46 - 00000000 ____D C:\Windows\CSC ==================== Files in the root of some directories ======= 2016-06-16 15:42 - 2016-06-16 15:42 - 0007610 _____ () C:\Users\nope\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== C:\Users\nope\AppData\Local\Temp\libeay32.dll C:\Users\nope\AppData\Local\Temp\msvcr120.dll C:\Users\nope\AppData\Local\Temp\scp2108.tmp.exe C:\Users\nope\AppData\Local\Temp\sfamcc00001.dll C:\Users\nope\AppData\Local\Temp\sfareca00001.dll C:\Users\nope\AppData\Local\Temp\sfextra.dll C:\Users\nope\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-06-12 00:14 ==================== End of FRST.txt ============================ # AdwCleaner v5.200 - Logfile created 16/06/2016 at 18:39:20 # Updated 14/06/2016 by ToolsLib # Database : 2016-06-16.2 [Server] # Operating system : Windows 7 Ultimate (X64) # Username : nope # Running from : C:\Users\nope\Downloads\adwcleaner_5.200.exe # Option : Scan # Support : [URL="https://toolslib.net/forum"]ToolsLib[/URL] ***** [ Services ] ***** Service Found : swdumon ***** [ Folders ] ***** Folder Found : C:\Users\nope\AppData\Local\slimware utilities inc ***** [ Files ] ***** File Found : C:\Windows\SysNative\drivers\swdumon.sys ***** [ DLL ] ***** ***** [ WMI ] *****'[/code] [/QUOTE]
Insert quotes…
Verification
Post reply
Top