Jump to content

Adf.ly redirectionq


Recommended Posts

Hi everyone.
Around 2~3 weeks ago, my browser started redirecting me to adfly. Did so for multiple sites, however, didn't include facebook or youtube. (don't use any other popular sites so don't know). 
I have basically done EVERYTHING I can to remove it but I couldn't even find it. 
Used Malwarebytes, ESET Nod_32, Spy Hunter, reset my browser, reset my router, and still the problem persists. I've tried everything that I could find on google and nothing helped out. Nothing I could find in appdata, temp etc. Also, no weird processes running or any weird programs installed. 
The redirection thing doesn't happen only on Google Chrome, but also on the steam client! 
Redirection link: http://adf.ly/352005/int/5.39.23.194/r.php?r=http%3A%2F%2Fmpgh.net%2F
Also, might want to note that every once in a while it spawns me the router login page out of nowhere. However, not the one for my original router. Usually ones with different text messages. The redirection thing happens every 1~4 minutes or so.
I'd really appreciate any help.Thanks in advance. 

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

 
Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt)  Please attach those logs to your reply.


 

Post those logs in your reply...

 

Thank you,

 

Kevin..

Link to post
Share on other sites

Still the same issue :/

Keeps on giving me "Error IO" every time I try to upload the FRST file. Also, kept on saying Connection failed for like 2 times so had to reload this page.

Here's the text: 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
Ran by dell (administrator) on ILLUMINATIC (21-12-2015 03:05:35)
Running from C:\Users\dell\Downloads
Loaded Profiles: dell (Available Profiles: dell)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Zemana Ltd.) E:\Zemana AntiMalware\ZAM.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
() C:\Program Files (x86)\Etisalat USB Modem\AssistantServices.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Zemana Ltd.) E:\Zemana AntiMalware\ZAM.exe
() C:\Program Files (x86)\Razer\Comms\RazerComms.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\dell\AppData\Local\razer\InGameEngine\cache\RazerComms\RzCefRenderProcess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Razer, Inc.) C:\Users\dell\AppData\Local\razer\InGameEngine\cache\RazerComms\RzCefRenderProcess.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [155864 2013-12-10] ()
HKLM\...\Run: [Cm108Sound] => C:\WINDOWS\syswow64\RunDll32.exe C:\WINDOWS\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2793200 2013-12-30] (Synaptics Incorporated)
HKLM\...\Run: [ZAM] => E:\Zemana AntiMalware\ZAM.exe [12902304 2015-12-14] (Zemana Ltd.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1960336 2015-01-05] ()
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [uIExec] => C:\Program Files (x86)\Etisalat USB Modem\UIExec.exe [157440 2013-05-29] ()
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.)
HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2014-07-30] (CANON INC.)
HKU\S-1-5-21-191395837-1391361214-3845054031-1001\...\Run: [bitTorrent] => C:\Users\dell\AppData\Roaming\BitTorrent\BitTorrent.exe [1873952 2015-12-07] (BitTorrent Inc.)
HKU\S-1-5-21-191395837-1391361214-3845054031-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3098424 2015-08-19] (Nota Inc.)
HKU\S-1-5-21-191395837-1391361214-3845054031-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-191395837-1391361214-3845054031-1001\...\Run: [Razer Comms] => C:\Program Files (x86)\Razer\Comms\RazerComms.exe [7010112 2015-10-15] ()
HKU\S-1-5-21-191395837-1391361214-3845054031-1001\...\Policies\Explorer: [] 
ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll No File
Startup: C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-07-19]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 5.39.23.194 8.8.8.8
Tcpip\..\Interfaces\{0c0dc0dc-3e55-4c68-9c77-f97034121eac}: [NameServer] 208.67.222.222,208.67.220.220,192.168.1.1
Tcpip\..\Interfaces\{891935b6-6330-4082-be8a-4e5c220f3ca0}: [NameServer] 208.67.222.222,208.67.220.220,192.168.1.1
Tcpip\..\Interfaces\{891935b6-6330-4082-be8a-4e5c220f3ca0}: [DhcpNameServer] 5.39.23.194 8.8.8.8
Tcpip\..\Interfaces\{9dc585a9-2b38-4884-ae3f-fc4d95b2a0d0}: [NameServer] 208.67.222.222,208.67.220.220,
Tcpip\..\Interfaces\{deb4d9fb-0ac7-414f-b52f-42bdb319e43e}: [NameServer] 208.67.222.222,208.67.220.220,
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-191395837-1391361214-3845054031-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://fb.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-191395837-1391361214-3845054031-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll => No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll [2014-01-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-11-11] (VideoLAN)
FF Plugin HKU\S-1-5-21-191395837-1391361214-3845054031-1001: SkypePlugin -> C:\Users\dell\AppData\Local\SkypePlugin\7.9.0.56\npGatewayNpapi.dll [2015-10-22] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-191395837-1391361214-3845054031-1001: SkypePlugin64 -> C:\Users\dell\AppData\Local\SkypePlugin\7.9.0.56\npGatewayNpapi-x64.dll [2015-10-22] (Skype Technologies S.A.)
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2015-02-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - E:\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - E:\Fiddler2\FiddlerHook [2015-12-06] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2015-05-22] (Autodesk)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2521080 2015-11-19] (ESET)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6951992 2015-09-29] (GOG.com)
S2 HiPatchService; E:\Games\HiPatchService.exe [9728 2015-11-03] (Hi-Rez Studios) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-24] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2014-05-15] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Origin Client Service; E:\Games\Origin\OriginClientService.exe [2099720 2015-11-19] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-11-08] ()
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-09-23] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)
S2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [105112 2015-07-16] ()
R2 UI Assistant Service; C:\Program Files (x86)\Etisalat USB Modem\AssistantServices.exe [276224 2013-05-29] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAMSvc; E:\Zemana AntiMalware\ZAM.exe [12902304 2015-12-14] (Zemana Ltd.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-12] (Advanced Micro Devices, Inc.)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-10-30] (Microsoft Corporation)
U5 dc3d; C:\Windows\System32\Drivers\dc3d.sys [47616 2011-05-18] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263528 2015-11-16] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [14976 2015-07-30] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [186784 2015-11-16] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [170792 2015-11-16] (ESET)
S3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [5248 2010-01-27] () [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-21] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R2 NPF; C:\Windows\System32\Drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R2 NPF; C:\Windows\SysWOW64\Drivers\npf.sys [35088 2012-11-19] (CACE Technologies, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896744 2015-08-14] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129472 2015-09-09] (Razer, Inc.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-12-30] (Synaptics Incorporated)
S3 USBZTECCID; C:\Windows\system32\DRIVERS\ZTEusbccid.sys [18432 2012-03-13] (ZTE)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 X6va062; \??\C:\WINDOWS\SysWOW64\Drivers\X6va062 [21184 2015-12-20] ()
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [202144 2015-12-20] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [202144 2015-12-20] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-21 02:55 - 2015-08-26 16:29 - 00000000 ____D C:\Users\dell\Desktop\DnsJumper
2015-12-21 02:54 - 2015-12-21 02:54 - 00647111 _____ C:\Users\dell\Downloads\DnsJumper.zip
2015-12-21 02:08 - 2015-12-21 02:09 - 00051296 _____ C:\Users\dell\Downloads\Addition.txt
2015-12-21 02:07 - 2015-12-21 03:05 - 00018948 _____ C:\Users\dell\Downloads\FRST.txt
2015-12-21 01:21 - 2015-12-21 01:21 - 02370560 _____ (Farbar) C:\Users\dell\Downloads\FRST64.exe
2015-12-21 01:19 - 2015-12-21 01:54 - 00000000 ____D C:\AdwCleaner
2015-12-21 01:18 - 2015-12-21 01:19 - 01740288 _____ C:\Users\dell\Downloads\AdwCleaner.exe
2015-12-21 01:18 - 2015-12-21 01:19 - 01599336 _____ (Malwarebytes) C:\Users\dell\Downloads\JRT.exe
2015-12-21 00:55 - 2015-12-21 00:55 - 00770781 _____ C:\Users\dell\Downloads\Mastering PayPal.pdf
2015-12-21 00:53 - 2015-12-21 00:53 - 00527986 _____ C:\Users\dell\Documents\cover.pdf
2015-12-21 00:52 - 2015-12-21 00:52 - 00558177 _____ C:\Users\dell\Documents\IMG_20151221_0001.pdf
2015-12-20 23:08 - 2015-12-21 03:06 - 00012627 _____ C:\WINDOWS\ZAM.krnl.trace
2015-12-20 23:08 - 2015-12-21 02:57 - 00000119 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2015-12-20 23:08 - 2015-12-20 23:08 - 00202144 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2015-12-20 23:08 - 2015-12-20 23:08 - 00202144 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2015-12-20 23:08 - 2015-12-20 23:08 - 00000698 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2015-12-20 23:08 - 2015-12-20 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2015-12-20 23:07 - 2015-12-20 23:07 - 05298752 _____ ( ) C:\Users\dell\Downloads\Zemana.AntiMalware.Setup.exe
2015-12-20 23:07 - 2015-12-20 23:07 - 00000000 ____D C:\Users\dell\AppData\Local\Zemana
2015-12-20 22:01 - 2015-12-20 22:01 - 00000000 ____D C:\Users\dell\Documents\Elder Scrolls Online
2015-12-20 22:01 - 2015-12-20 22:01 - 00000000 ____D C:\ProgramData\Elder Scrolls Online
2015-12-19 17:09 - 2015-12-19 17:09 - 00284942 _____ C:\Users\dell\Downloads\Profit with CSGO.pdf
2015-12-19 02:10 - 2015-12-19 03:30 - 1897975818 _____ C:\Users\dell\Downloads\1st_term_data_(2nd_year)-2015-12-18.zip
2015-12-18 14:25 - 2015-12-20 16:33 - 00021184 _____ C:\WINDOWS\SysWOW64\Drivers\X6va062
2015-12-18 03:13 - 2015-12-07 06:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-18 03:13 - 2015-12-07 06:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-18 03:13 - 2015-12-07 06:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-18 03:13 - 2015-12-07 06:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-18 03:13 - 2015-12-07 06:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-18 03:13 - 2015-12-07 06:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-18 03:13 - 2015-12-07 06:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-18 03:13 - 2015-12-07 06:47 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-18 03:13 - 2015-12-07 06:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-18 03:13 - 2015-12-07 06:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-18 03:13 - 2015-12-07 06:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-18 03:13 - 2015-12-07 06:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-18 03:13 - 2015-12-07 06:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-18 03:13 - 2015-12-07 06:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-18 03:13 - 2015-12-07 06:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-18 03:13 - 2015-12-07 06:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-18 03:13 - 2015-12-07 06:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-18 03:13 - 2015-12-07 06:07 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-18 03:13 - 2015-12-07 06:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-18 03:13 - 2015-12-07 06:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-18 03:13 - 2015-12-07 06:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-18 03:13 - 2015-12-07 06:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-18 03:13 - 2015-12-07 06:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-18 03:13 - 2015-12-07 06:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-18 03:13 - 2015-12-07 06:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-18 03:13 - 2015-12-07 06:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-18 03:13 - 2015-12-07 06:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-18 03:13 - 2015-12-07 06:03 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-18 03:13 - 2015-12-07 06:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-18 03:13 - 2015-12-07 06:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-18 03:13 - 2015-12-07 06:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-18 03:13 - 2015-12-07 06:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-18 03:13 - 2015-12-07 06:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-18 03:13 - 2015-12-07 06:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-18 03:13 - 2015-12-07 06:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-18 03:13 - 2015-12-07 06:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-18 03:13 - 2015-12-07 05:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-18 03:13 - 2015-12-07 05:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-18 03:13 - 2015-12-07 05:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-18 03:13 - 2015-12-07 05:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-18 03:13 - 2015-12-07 05:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-18 03:13 - 2015-12-07 05:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-18 03:13 - 2015-12-07 05:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-18 03:13 - 2015-12-07 05:57 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2015-12-18 03:13 - 2015-12-07 05:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-18 03:13 - 2015-12-07 05:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-18 03:13 - 2015-12-07 05:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-18 03:13 - 2015-12-07 05:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-18 03:13 - 2015-12-07 05:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-18 03:13 - 2015-12-07 05:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-18 03:13 - 2015-12-07 05:54 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-18 03:13 - 2015-12-07 05:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-18 03:13 - 2015-12-07 05:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-18 03:13 - 2015-12-07 05:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-18 03:13 - 2015-12-07 05:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-18 03:13 - 2015-12-07 05:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-18 03:13 - 2015-12-07 05:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-18 03:13 - 2015-12-07 05:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-18 03:13 - 2015-12-07 05:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-12-18 03:13 - 2015-12-07 05:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-18 03:13 - 2015-12-07 05:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-18 03:13 - 2015-12-07 05:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-18 03:13 - 2015-12-07 05:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-18 03:13 - 2015-12-07 05:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-18 03:13 - 2015-12-07 05:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-18 03:13 - 2015-12-07 05:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-18 03:13 - 2015-12-07 05:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-18 03:13 - 2015-12-07 05:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-18 03:13 - 2015-12-07 05:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-18 03:13 - 2015-12-07 05:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-18 03:13 - 2015-12-07 05:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-18 03:13 - 2015-12-07 05:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-18 03:13 - 2015-12-07 05:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-17 22:53 - 2015-12-17 22:53 - 01788648 _____ C:\Users\dell\Downloads\Sixth-Lecture-5.rar
2015-12-17 22:27 - 2015-12-17 22:27 - 00000000 ____D C:\Users\dell\AppData\Local\ESET
2015-12-17 22:25 - 2015-12-17 22:25 - 00496075 _____ C:\Users\dell\Downloads\Tenth Lecture.pdf
2015-12-17 22:24 - 2015-12-17 22:24 - 00370079 _____ C:\Users\dell\Downloads\images.pdf
2015-12-17 22:10 - 2015-12-17 22:25 - 00000000 ____D C:\Users\dell\Desktop\New folder
2015-12-16 23:10 - 2015-11-04 12:56 - 00000000 ____D C:\Users\dell\Desktop\Blizzard Destroyer
2015-12-16 23:09 - 2015-12-16 23:09 - 01292925 _____ C:\Users\dell\Downloads\Blizzard Destroyer_mpgh.net.rar
2015-12-16 18:52 - 2015-12-16 18:52 - 00000895 _____ C:\Users\dell\Desktop\The Elder Scrolls Online.lnk
2015-12-16 18:52 - 2015-12-16 18:52 - 00000000 ____D C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
2015-12-16 18:51 - 2015-12-16 18:52 - 00000000 ___HD C:\Program Files (x86)\Zero G Registry
2015-12-16 18:51 - 2015-12-16 18:52 - 00000000 ____D C:\WINDOWS\jre
2015-12-16 18:49 - 2015-12-16 18:49 - 00000000 ___HD C:\Users\dell\InstallAnywhere
2015-12-16 18:44 - 2015-12-16 18:48 - 109567016 _____ (Zenimax Media Inc) C:\Users\dell\Downloads\Install_ESO.exe
2015-12-16 18:35 - 2015-12-16 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-12-16 18:35 - 2015-12-16 18:35 - 00000000 ____D C:\ProgramData\ESET
2015-12-16 18:35 - 2015-12-16 18:35 - 00000000 ____D C:\Program Files\ESET
2015-12-16 16:27 - 2015-12-16 16:28 - 00000000 ____D C:\Users\dell\Documents\PDF Files
2015-12-16 16:26 - 2015-12-16 16:29 - 00000000 ___HD C:\ProgramData\CanonIJMIG
2015-12-16 16:24 - 2015-12-16 16:26 - 00000000 ___HD C:\ProgramData\CanonIJScan
2015-12-16 16:16 - 2015-12-16 16:16 - 00000000 ___HD C:\ProgramData\CanonIJQuickMenu
2015-12-16 16:13 - 2015-12-16 16:26 - 00000000 ____D C:\Users\dell\AppData\Roaming\canon
2015-12-16 16:04 - 2015-12-16 16:04 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2015-12-16 16:04 - 2014-08-18 08:59 - 00092928 _____ C:\WINDOWS\SysWOW64\CNC1787D.TBL
2015-12-16 16:04 - 2014-07-08 11:09 - 00353792 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_CKL.dll
2015-12-16 16:04 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll
2015-12-16 16:03 - 2015-12-16 16:03 - 00002104 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
2015-12-16 16:03 - 2015-12-16 16:03 - 00000000 ____D C:\WINDOWS\system32\STRING
2015-12-16 16:03 - 2015-12-16 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX490 series User Registration
2015-12-16 16:03 - 2015-12-16 16:03 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2015-12-16 16:03 - 2014-07-11 10:20 - 00380928 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNMNPPM.DLL
2015-12-16 16:03 - 2014-07-11 10:20 - 00375296 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6PPM.DLL
2015-12-16 16:03 - 2014-07-11 10:20 - 00039424 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6UI.DLL
2015-12-16 15:57 - 2015-12-16 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-12-16 15:57 - 2015-12-16 15:57 - 00000000 ____D C:\Program Files\Canon
2015-12-16 15:56 - 2015-12-16 15:56 - 00002441 _____ C:\Users\Public\Desktop\Canon MX490 series On-screen Manual.lnk
2015-12-16 15:56 - 2015-12-16 15:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX490 series Manual
2015-12-16 15:55 - 2015-12-16 15:56 - 00000000 ___HD C:\Program Files\CanonBJ
2015-12-16 15:50 - 2015-12-16 16:29 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-12-16 15:49 - 2015-12-16 15:49 - 00000000 ___HD C:\ProgramData\CanonIJETV
2015-12-16 14:49 - 2015-12-16 16:16 - 00000000 ____D C:\Program Files (x86)\Canon
2015-12-16 12:42 - 2015-12-21 03:03 - 00000000 ____D C:\Users\dell\AppData\Local\CrashDumps
2015-12-16 10:18 - 2014-08-18 08:59 - 00092928 _____ C:\WINDOWS\system32\CNC1787D.TBL
2015-12-16 10:18 - 2014-07-08 11:10 - 00387584 _____ (CANON INC.) C:\WINDOWS\system32\CNC_CKL.dll
2015-12-16 10:18 - 2014-05-29 21:05 - 00312832 _____ (CANON INC.) C:\WINDOWS\system32\CNC_CKC.dll
2015-12-16 10:18 - 2014-05-29 21:05 - 00123392 _____ (CANON INC.) C:\WINDOWS\system32\CNC_CKI.dll
2015-12-16 10:18 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA6.dll
2015-12-16 10:16 - 2015-12-16 10:16 - 00000000 ___HD C:\ProgramData\CanonIJFAX
2015-12-16 10:16 - 2015-12-16 10:16 - 00000000 ___HD C:\ProgramData\CanonBJ
2015-12-16 10:16 - 2014-09-22 06:00 - 00303104 _____ (CANON INC.) C:\WINDOWS\system32\CNCALCK.DLL
2015-12-16 10:16 - 2014-09-10 05:00 - 00406528 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMCK.DLL
2015-12-16 02:50 - 2015-12-16 02:50 - 00000000 ____D C:\Users\dell\AppData\Local\razer
2015-12-16 02:49 - 2015-12-16 02:49 - 00001395 _____ C:\Users\Public\Desktop\Razer Comms.lnk
2015-12-16 02:49 - 2015-12-16 02:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-12-16 02:49 - 2015-09-23 00:36 - 00037184 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpmgrk.sys
2015-12-16 02:49 - 2015-09-09 01:56 - 00129472 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpnk.sys
2015-12-16 02:48 - 2015-12-16 02:50 - 00000000 ____D C:\ProgramData\Razer
2015-12-16 02:48 - 2015-12-16 02:49 - 00000000 ____D C:\Program Files (x86)\Razer
2015-12-16 02:43 - 2015-12-16 02:48 - 103158288 _____ (Razer Inc.) C:\Users\dell\Downloads\RazerComms5.12.31.exe
2015-12-14 01:01 - 2015-12-14 01:01 - 00002860 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-12-14 01:01 - 2015-12-14 01:01 - 00000873 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-14 01:01 - 2015-12-14 01:01 - 00000000 ____D C:\Program Files\CCleaner
2015-12-14 00:57 - 2015-12-14 01:00 - 06805512 _____ (Piriform Ltd) C:\Users\dell\Downloads\ccsetup512pro.exe
2015-12-11 18:53 - 2015-12-11 18:53 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-12-11 15:19 - 2015-12-11 15:19 - 00021184 _____ C:\WINDOWS\SysWOW64\Drivers\X6va062_2015.12.14.19.29.36
2015-12-11 13:43 - 2015-12-11 16:53 - 00000000 ____D C:\Users\dell\Desktop\swr meca18
2015-12-11 13:19 - 2015-12-11 13:41 - 532490083 _____ C:\Users\dell\Downloads\swr meca18.rar
2015-12-11 01:30 - 2015-12-16 12:17 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-11 01:26 - 2015-12-11 01:26 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-11 01:26 - 2015-12-11 01:26 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-11 01:26 - 2015-12-11 01:26 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-11 01:26 - 2015-12-11 01:26 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-11 01:26 - 2015-12-11 01:26 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-11 01:26 - 2015-12-11 01:26 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-11 01:26 - 2015-12-11 01:26 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32%
Link to post
Share on other sites

The primary log from FRST (frst.txt) is not complete, also secondary log (addition.txt) is missing altogether? One other point, do you know of and trust the following IP address:

 

IP Address     5.39.23.194
IP Location     France France Roubaix Ovh Sas
ASN     France AS16276 OVH OVH SAS (registered Feb 15, 2001)
Whois Server     whois.ripe.net

 

Thank you,

 

Kevin

Link to post
Share on other sites

Nope. Got no idea what that IP is.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015

Ran by dell (administrator) on ILLUMINATIC (21-12-2015 16:42:42)
Running from C:\Users\dell\Downloads
Loaded Profiles: dell &  (Available Profiles: dell)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Zemana Ltd.) E:\Zemana AntiMalware\ZAM.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
() C:\Program Files (x86)\Etisalat USB Modem\AssistantServices.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Zemana Ltd.) E:\Zemana AntiMalware\ZAM.exe
() C:\Program Files (x86)\Razer\Comms\RazerComms.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\dell\AppData\Local\razer\InGameEngine\cache\RazerComms\RzCefRenderProcess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe
(Razer, Inc.) C:\Users\dell\AppData\Local\razer\InGameEngine\cache\RazerComms\RzCefRenderProcess.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) E:\Games\Steam\Steam.exe
(Valve Corporation) E:\Games\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) E:\Games\Steam\bin\steamwebhelper.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1512.47020.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [155864 2013-12-10] ()
HKLM\...\Run: [Cm108Sound] => C:\WINDOWS\syswow64\RunDll32.exe C:\WINDOWS\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2793200 2013-12-30] (Synaptics Incorporated)
HKLM\...\Run: [ZAM] => E:\Zemana AntiMalware\ZAM.exe [12902304 2015-12-14] (Zemana Ltd.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1960336 2015-01-05] ()
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [uIExec] => C:\Program Files (x86)\Etisalat USB Modem\UIExec.exe [157440 2013-05-29] ()
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.)
HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2014-07-30] (CANON INC.)
HKU\S-1-5-21-191395837-1391361214-3845054031-1001\...\Run: [bitTorrent] => C:\Users\dell\AppData\Roaming\BitTorrent\BitTorrent.exe [1873952 2015-12-07] (BitTorrent Inc.)
HKU\S-1-5-21-191395837-1391361214-3845054031-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3098424 2015-08-19] (Nota Inc.)
HKU\S-1-5-21-191395837-1391361214-3845054031-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-191395837-1391361214-3845054031-1001\...\Run: [Razer Comms] => C:\Program Files (x86)\Razer\Comms\RazerComms.exe [7010112 2015-10-15] ()
HKU\S-1-5-21-191395837-1391361214-3845054031-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-191395837-1391361214-3845054031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [bitTorrent] => C:\Users\dell\AppData\Roaming\BitTorrent\BitTorrent.exe [1873952 2015-12-07] (BitTorrent Inc.)
HKU\S-1-5-21-191395837-1391361214-3845054031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3098424 2015-08-19] (Nota Inc.)
HKU\S-1-5-21-191395837-1391361214-3845054031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-191395837-1391361214-3845054031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Razer Comms] => C:\Program Files (x86)\Razer\Comms\RazerComms.exe [7010112 2015-10-15] ()
HKU\S-1-5-21-191395837-1391361214-3845054031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [] 
ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll No File
Startup: C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-07-19]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 5.39.23.194 8.8.8.8
Tcpip\..\Interfaces\{0c0dc0dc-3e55-4c68-9c77-f97034121eac}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{891935b6-6330-4082-be8a-4e5c220f3ca0}: [DhcpNameServer] 5.39.23.194 8.8.8.8
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-191395837-1391361214-3845054031-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://fb.com/
HKU\S-1-5-21-191395837-1391361214-3845054031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://fb.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-191395837-1391361214-3845054031-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-191395837-1391361214-3845054031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll => No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll [2014-01-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-11-11] (VideoLAN)
FF Plugin HKU\S-1-5-21-191395837-1391361214-3845054031-1001: SkypePlugin -> C:\Users\dell\AppData\Local\SkypePlugin\7.9.0.56\npGatewayNpapi.dll [2015-10-22] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-191395837-1391361214-3845054031-1001: SkypePlugin64 -> C:\Users\dell\AppData\Local\SkypePlugin\7.9.0.56\npGatewayNpapi-x64.dll [2015-10-22] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-191395837-1391361214-3845054031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: SkypePlugin -> C:\Users\dell\AppData\Local\SkypePlugin\7.9.0.56\npGatewayNpapi.dll [2015-10-22] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-191395837-1391361214-3845054031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: SkypePlugin64 -> C:\Users\dell\AppData\Local\SkypePlugin\7.9.0.56\npGatewayNpapi-x64.dll [2015-10-22] (Skype Technologies S.A.)
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2015-02-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - E:\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - E:\Fiddler2\FiddlerHook [2015-12-06] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2015-05-22] (Autodesk)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2521080 2015-11-19] (ESET)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6951992 2015-09-29] (GOG.com)
S2 HiPatchService; E:\Games\HiPatchService.exe [9728 2015-11-03] (Hi-Rez Studios) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-24] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2014-05-15] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Origin Client Service; E:\Games\Origin\OriginClientService.exe [2099720 2015-11-19] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-11-08] ()
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-09-23] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)
S2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [105112 2015-07-16] ()
R2 UI Assistant Service; C:\Program Files (x86)\Etisalat USB Modem\AssistantServices.exe [276224 2013-05-29] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAMSvc; E:\Zemana AntiMalware\ZAM.exe [12902304 2015-12-14] (Zemana Ltd.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-12] (Advanced Micro Devices, Inc.)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-10-30] (Microsoft Corporation)
U5 dc3d; C:\Windows\System32\Drivers\dc3d.sys [47616 2011-05-18] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263528 2015-11-16] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [14976 2015-07-30] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [186784 2015-11-16] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [170792 2015-11-16] (ESET)
S3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [5248 2010-01-27] () [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-21] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R2 NPF; C:\Windows\System32\Drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R2 NPF; C:\Windows\SysWOW64\Drivers\npf.sys [35088 2012-11-19] (CACE Technologies, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896744 2015-08-14] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129472 2015-09-09] (Razer, Inc.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-12-30] (Synaptics Incorporated)
S3 USBZTECCID; C:\Windows\system32\DRIVERS\ZTEusbccid.sys [18432 2012-03-13] (ZTE)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 X6va062; \??\C:\WINDOWS\SysWOW64\Drivers\X6va062 [21184 2015-12-20] ()
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [202144 2015-12-20] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [202144 2015-12-20] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-21 03:09 - 2015-12-21 03:09 - 00097480 _____ C:\Users\dell\Desktop\FRST.txt
2015-12-21 02:55 - 2015-08-26 16:29 - 00000000 ____D C:\Users\dell\Desktop\DnsJumper
2015-12-21 02:54 - 2015-12-21 02:54 - 00647111 _____ C:\Users\dell\Downloads\DnsJumper.zip
2015-12-21 02:08 - 2015-12-21 02:09 - 00051296 _____ C:\Users\dell\Downloads\Addition.txt
2015-12-21 02:07 - 2015-12-21 16:42 - 00021091 _____ C:\Users\dell\Downloads\FRST.txt
2015-12-21 01:21 - 2015-12-21 01:21 - 02370560 _____ (Farbar) C:\Users\dell\Downloads\FRST64.exe
2015-12-21 01:19 - 2015-12-21 01:54 - 00000000 ____D C:\AdwCleaner
2015-12-21 01:18 - 2015-12-21 01:19 - 01740288 _____ C:\Users\dell\Downloads\AdwCleaner.exe
2015-12-21 01:18 - 2015-12-21 01:19 - 01599336 _____ (Malwarebytes) C:\Users\dell\Downloads\JRT.exe
2015-12-21 00:55 - 2015-12-21 00:55 - 00770781 _____ C:\Users\dell\Downloads\Mastering PayPal.pdf
2015-12-21 00:53 - 2015-12-21 00:53 - 00527986 _____ C:\Users\dell\Documents\cover.pdf
2015-12-21 00:52 - 2015-12-21 00:52 - 00558177 _____ C:\Users\dell\Documents\IMG_20151221_0001.pdf
2015-12-20 23:08 - 2015-12-21 16:42 - 00236958 _____ C:\WINDOWS\ZAM.krnl.trace
2015-12-20 23:08 - 2015-12-21 03:46 - 00000695 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2015-12-20 23:08 - 2015-12-20 23:08 - 00202144 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2015-12-20 23:08 - 2015-12-20 23:08 - 00202144 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2015-12-20 23:08 - 2015-12-20 23:08 - 00000698 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2015-12-20 23:08 - 2015-12-20 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2015-12-20 23:07 - 2015-12-20 23:07 - 05298752 _____ ( ) C:\Users\dell\Downloads\Zemana.AntiMalware.Setup.exe
2015-12-20 23:07 - 2015-12-20 23:07 - 00000000 ____D C:\Users\dell\AppData\Local\Zemana
2015-12-20 22:01 - 2015-12-20 22:01 - 00000000 ____D C:\Users\dell\Documents\Elder Scrolls Online
2015-12-20 22:01 - 2015-12-20 22:01 - 00000000 ____D C:\ProgramData\Elder Scrolls Online
2015-12-19 17:09 - 2015-12-19 17:09 - 00284942 _____ C:\Users\dell\Downloads\Profit with CSGO.pdf
2015-12-19 02:10 - 2015-12-19 03:30 - 1897975818 _____ C:\Users\dell\Downloads\1st_term_data_(2nd_year)-2015-12-18.zip
2015-12-18 14:25 - 2015-12-20 16:33 - 00021184 _____ C:\WINDOWS\SysWOW64\Drivers\X6va062
2015-12-18 03:13 - 2015-12-07 06:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-18 03:13 - 2015-12-07 06:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-18 03:13 - 2015-12-07 06:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-18 03:13 - 2015-12-07 06:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-18 03:13 - 2015-12-07 06:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-18 03:13 - 2015-12-07 06:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-18 03:13 - 2015-12-07 06:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-18 03:13 - 2015-12-07 06:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-18 03:13 - 2015-12-07 06:47 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-18 03:13 - 2015-12-07 06:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-18 03:13 - 2015-12-07 06:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-18 03:13 - 2015-12-07 06:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-18 03:13 - 2015-12-07 06:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-18 03:13 - 2015-12-07 06:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-18 03:13 - 2015-12-07 06:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-18 03:13 - 2015-12-07 06:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-18 03:13 - 2015-12-07 06:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-18 03:13 - 2015-12-07 06:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-18 03:13 - 2015-12-07 06:07 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-18 03:13 - 2015-12-07 06:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-18 03:13 - 2015-12-07 06:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-18 03:13 - 2015-12-07 06:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-18 03:13 - 2015-12-07 06:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-18 03:13 - 2015-12-07 06:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-18 03:13 - 2015-12-07 06:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-18 03:13 - 2015-12-07 06:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-18 03:13 - 2015-12-07 06:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-18 03:13 - 2015-12-07 06:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-18 03:13 - 2015-12-07 06:03 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-18 03:13 - 2015-12-07 06:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-18 03:13 - 2015-12-07 06:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-18 03:13 - 2015-12-07 06:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-18 03:13 - 2015-12-07 06:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-18 03:13 - 2015-12-07 06:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-18 03:13 - 2015-12-07 06:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-18 03:13 - 2015-12-07 06:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-18 03:13 - 2015-12-07 06:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-18 03:13 - 2015-12-07 05:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-18 03:13 - 2015-12-07 05:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-18 03:13 - 2015-12-07 05:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-18 03:13 - 2015-12-07 05:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-18 03:13 - 2015-12-07 05:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-18 03:13 - 2015-12-07 05:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-18 03:13 - 2015-12-07 05:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-18 03:13 - 2015-12-07 05:57 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2015-12-18 03:13 - 2015-12-07 05:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-18 03:13 - 2015-12-07 05:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-18 03:13 - 2015-12-07 05:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-18 03:13 - 2015-12-07 05:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-18 03:13 - 2015-12-07 05:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-18 03:13 - 2015-12-07 05:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-18 03:13 - 2015-12-07 05:54 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-18 03:13 - 2015-12-07 05:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-18 03:13 - 2015-12-07 05:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-18 03:13 - 2015-12-07 05:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-18 03:13 - 2015-12-07 05:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-18 03:13 - 2015-12-07 05:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-18 03:13 - 2015-12-07 05:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-18 03:13 - 2015-12-07 05:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-18 03:13 - 2015-12-07 05:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-12-18 03:13 - 2015-12-07 05:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-18 03:13 - 2015-12-07 05:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-18 03:13 - 2015-12-07 05:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-18 03:13 - 2015-12-07 05:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-18 03:13 - 2015-12-07 05:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-18 03:13 - 2015-12-07 05:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-18 03:13 - 2015-12-07 05:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-18 03:13 - 2015-12-07 05:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-18 03:13 - 2015-12-07 05:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-18 03:13 - 2015-12-07 05:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-18 03:13 - 2015-12-07 05:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-18 03:13 - 2015-12-07 05:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-18 03:13 - 2015-12-07 05:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-18 03:13 - 2015-12-07 05:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-17 22:53 - 2015-12-17 22:53 - 01788648 _____ C:\Users\dell\Downloads\Sixth-Lecture-5.rar
2015-12-17 22:27 - 2015-12-17 22:27 - 00000000 ____D C:\Users\dell\AppData\Local\ESET
2015-12-17 22:25 - 2015-12-17 22:25 - 00496075 _____ C:\Users\dell\Downloads\Tenth Lecture.pdf
2015-12-17 22:24 - 2015-12-17 22:24 - 00370079 _____ C:\Users\dell\Downloads\images.pdf
2015-12-17 22:10 - 2015-12-17 22:25 - 00000000 ____D C:\Users\dell\Desktop\New folder
2015-12-16 23:10 - 2015-11-04 12:56 - 00000000 ____D C:\Users\dell\Desktop\Blizzard Destroyer
2015-12-16 23:09 - 2015-12-16 23:09 - 01292925 _____ C:\Users\dell\Downloads\Blizzard Destroyer_mpgh.net.rar
2015-12-16 18:52 - 2015-12-16 18:52 - 00000895 _____ C:\Users\dell\Desktop\The Elder Scrolls Online.lnk
2015-12-16 18:52 - 2015-12-16 18:52 - 00000000 ____D C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
2015-12-16 18:51 - 2015-12-16 18:52 - 00000000 ___HD C:\Program Files (x86)\Zero G Registry
2015-12-16 18:51 - 2015-12-16 18:52 - 00000000 ____D C:\WINDOWS\jre
2015-12-16 18:49 - 2015-12-16 18:49 - 00000000 ___HD C:\Users\dell\InstallAnywhere
2015-12-16 18:44 - 2015-12-16 18:48 - 109567016 _____ (Zenimax Media Inc) C:\Users\dell\Downloads\Install_ESO.exe
2015-12-16 18:35 - 2015-12-16 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-12-16 18:35 - 2015-12-16 18:35 - 00000000 ____D C:\ProgramData\ESET
2015-12-16 18:35 - 2015-12-16 18:35 - 00000000 ____D C:\Program Files\ESET
2015-12-16 16:27 - 2015-12-16 16:28 - 00000000 ____D C:\Users\dell\Documents\PDF Files
2015-12-16 16:26 - 2015-12-16 16:29 - 00000000 ___HD C:\ProgramData\CanonIJMIG
2015-12-16 16:24 - 2015-12-16 16:26 - 00000000 ___HD C:\ProgramData\CanonIJScan
2015-12-16 16:16 - 2015-12-16 16:16 - 00000000 ___HD C:\ProgramData\CanonIJQuickMenu
2015-12-16 16:13 - 2015-12-16 16:26 - 00000000 ____D C:\Users\dell\AppData\Roaming\canon
2015-12-16 16:04 - 2015-12-16 16:04 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2015-12-16 16:04 - 2014-08-18 08:59 - 00092928 _____ C:\WINDOWS\SysWOW64\CNC1787D.TBL
2015-12-16 16:04 - 2014-07-08 11:09 - 00353792 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_CKL.dll
2015-12-16 16:04 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll
2015-12-16 16:03 - 2015-12-16 16:03 - 00002104 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
2015-12-16 16:03 - 2015-12-16 16:03 - 00000000 ____D C:\WINDOWS\system32\STRING
2015-12-16 16:03 - 2015-12-16 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX490 series User Registration
2015-12-16 16:03 - 2015-12-16 16:03 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2015-12-16 16:03 - 2014-07-11 10:20 - 00380928 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNMNPPM.DLL
2015-12-16 16:03 - 2014-07-11 10:20 - 00375296 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6PPM.DLL
2015-12-16 16:03 - 2014-07-11 10:20 - 00039424 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6UI.DLL
2015-12-16 15:57 - 2015-12-16 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-12-16 15:57 - 2015-12-16 15:57 - 00000000 ____D C:\Program Files\Canon
2015-12-16 15:56 - 2015-12-16 15:56 - 00002441 _____ C:\Users\Public\Desktop\Canon MX490 series On-screen Manual.lnk
2015-12-16 15:56 - 2015-12-16 15:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX490 series Manual
2015-12-16 15:55 - 2015-12-16 15:56 - 00000000 ___HD C:\Program Files\CanonBJ
2015-12-16 15:50 - 2015-12-16 16:29 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-12-16 15:49 - 2015-12-16 15:49 - 00000000 ___HD C:\ProgramData\CanonIJETV
2015-12-16 14:49 - 2015-12-16 16:16 - 00000000 ____D C:\Program Files (x86)\Canon
2015-12-16 12:42 - 2015-12-21 03:03 - 00000000 ____D C:\Users\dell\AppData\Local\CrashDumps
2015-12-16 10:18 - 2014-08-18 08:59 - 00092928 _____ C:\WINDOWS\system32\CNC1787D.TBL
2015-12-16 10:18 - 2014-07-08 11:10 - 00387584 _____ (CANON INC.) C:\WINDOWS\system32\CNC_CKL.dll
2015-12-16 10:18 - 2014-05-29 21:05 - 00312832 _____ (CANON INC.) C:\WINDOWS\system32\CNC_CKC.dll
2015-12-16 10:18 - 2014-05-29 21:05 - 00123392 _____ (CANON INC.) C:\WINDOWS\system32\CNC_CKI.dll
2015-12-16 10:18 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA6.dll
2015-12-16 10:16 - 2015-12-16 10:16 - 00000000 ___HD C:\ProgramData\CanonIJFAX
2015-12-16 10:16 - 2015-12-16 10:16 - 00000000 ___HD C:\ProgramData\CanonBJ
2015-12-16 10:16 - 2014-09-22 06:00 - 00303104 _____ (CANON INC.) C:\WINDOWS\system32\CNCALCK.DLL
2015-12-16 10:16 - 2014-09-10 05:00 - 00406528 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMCK.DLL
2015-12-16 02:50 - 2015-12-16 02:50 - 00000000 ____D C:\Users\dell\AppData\Local\razer
2015-12-16 02:49 - 2015-12-16 02:49 - 00001395 _____ C:\Users\Public\Desktop\Razer Comms.lnk
2015-12-16 02:49 - 2015-12-16 02:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-12-16 02:49 - 2015-09-23 00:36 - 00037184 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpmgrk.sys
2015-12-16 02:49 - 2015-09-09 01:56 - 00129472 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpnk.sys
Link to post
Share on other sites

Can you run DNS Jumper again as per reply #4 as the ip address has not been corrected..

 

Next,

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....
 

Probably easier if you attach the logs...

 

To attach files or images etc.. Select "More Reply Options" tab under the reply box, a new reply window will open. Select "Browse" to locate the file you want, double click direct on that file to upload, then select "Attach This File" to do just that. Repeat if required...
 

Link to post
Share on other sites

Ok thanks for the update, you mention earlier Chrome and steam affected. Do not use steam for now, reset Chrome with clean install, see if that stops redirection...

 

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Remove all synced data from Chrome go here: http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/ follow those instructions...

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Navigate to C:\Users\Your user name\Appdata\Local  from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)

How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Install Google Chrome from here: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb
 

Does the redirect stop in Chrome?

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.