Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-03-2017
Ran by Keylor Mo (administrator) on INCONNU-4C-0F-C (09-03-2017 19:01:31)
Running from C:\Users\Keylor Mo\Desktop
Loaded Profiles: Keylor Mo (Available Profiles: Keylor Mo)
Platform: Microsoft Windows 10 Pro Version 1607 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\ProgramData\Modem HDM EC156\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17012.10311.0_x86__8wekyb3d8bbwe\Music.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
(Valve) C:\Users\Keylor Mo\Desktop\Half-Life(www.fullypcgames.net)\hl.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [7549184 2015-10-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1024256 2015-10-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3536064 2016-04-27] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [483840 2016-07-16] (Microsoft Corporation)
HKLM\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [50343608 2016-10-11] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3952696 2016-08-05] (Tonec Inc.)
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\Run: [uTorrent] => C:\Users\Keylor Mo\AppData\Roaming\uTorrent\uTorrent.exe [1979072 2016-12-22] (BitTorrent Inc.)
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7347928 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {05f48815-b652-11e6-94bf-74e543d4082a} - "F:\AutoRun.exe"
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {05f488f5-b652-11e6-94bf-74e543d4082a} - "F:\AutoRun.exe"
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {05f48af8-b652-11e6-94bf-001e101f1859} - "F:\AutoRun.exe"
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {05f48c38-b652-11e6-94bf-001e101f1859} - "F:\AutoRun.exe"
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {05f48ca5-b652-11e6-94bf-001e101f1859} - "F:\AutoRun.exe"
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {09e1a3f6-f225-11e6-9504-b4b52f347934} - "F:\AutoRun.exe"
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {09e1a501-f225-11e6-9504-b4b52f347934} - "F:\AutoRun.exe"
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {2f2809d6-b678-11e6-94c0-74e543d4082a} - "F:\AutoRun.exe"
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {348b5588-b684-11e6-94c1-001e101f3efc} - "F:\AutoRun.exe"
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {40527e9c-d082-11e6-94cf-001e101f2c35} - "F:\AutoRun.exe"
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {786c02c3-cdde-11e6-94cb-001e101f6b67} - "F:\AutoRun.exe"
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {786c0335-cdde-11e6-94cb-001e101f6b67} - "F:\AutoRun.exe"
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {786c03f3-cdde-11e6-94cb-001e101f6b67} - "F:\AutoRun.exe"
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-1925041687-3826732043-3313555696-1002] => http=;ftp=;https=;
AutoConfigURL: [S-1-5-21-1925041687-3826732043-3313555696-1002] => http=;ftp=;https=;
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2cc7ffea-e7da-46a9-b554-ddceafc801da}: [NameServer] 192.168.50.58 192.168.60.55
Tcpip\..\Interfaces\{4817a43f-d0cb-44ce-a7d7-13dff186dea2}: [NameServer] 192.168.50.58 192.168.60.55
Tcpip\..\Interfaces\{5eccdab2-f5f9-47ee-a83d-600b804a862c}: [NameServer] 192.168.50.58 192.168.60.55
Tcpip\..\Interfaces\{e031c129-d52d-4cd0-88ec-c155be5c0931}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\Software\Microsoft\Internet Explorer\Main,Start Page = www.wana.ma
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-07-13] (Internet Download Manager, Tonec Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Edge:
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2016-12-16]
FireFox:
========
FF HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-08-03]
FF HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Keylor Mo\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Keylor Mo\AppData\Roaming\IDM\idmmzcc5 [2017-03-09] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-12] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw56VMFZJr47C0z0ohpLmZOB51y4kQu-CLOxJnpKtMS5iOLePmPVNr6jg9Nw4yMdxjbDDqQml2L_vI7obYV8mZB77aaRkxs4-30N80UgPL7NuO3olSI7Q5VrJCI2z5b8eJwdIATazhTCY1V-Z18UQNBGN3Vit
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1415150670&from=amt&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXU1EB1LRRYLLRRYL"
CHR Profile: C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default [2017-03-09]
CHR Extension: (Google Slides) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-08]
CHR Extension: (Google Docs) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-08]
CHR Extension: (Google Drive) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-08]
CHR Extension: (Skype Calling) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-01-08]
CHR Extension: (YouTube) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-08]
CHR Extension: (Adblock Plus) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-01-08]
CHR Extension: (Google Sheets) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-08]
CHR Extension: (Google Docs Offline) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-08]
CHR Extension: (AdBlock) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-25]
CHR Extension: (anonymoX) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpklikeghomkemdellmmkoifgfbakio [2017-02-11]
CHR Extension: (IDM Integration Module) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-01-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (OneClick Cleaner App) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadiaahhieelhhffeofkdchgfpjehjok [2017-01-08]
CHR Extension: (Gmail) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-08]
CHR Profile: C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-21]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-08-05]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AIPS; C:\Program Files\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [File not signed]
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [290224 2015-10-11] (Intel Corporation)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
S2 Modem HDM EC156. RunOuc; C:\Program Files\Modem HDM EC156\UpdateDog\ouc.exe [655712 2016-12-29] ()
S3 rpcapd; C:\Program Files\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [263936 2015-10-11] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [1887272 2016-10-03] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [227504 2016-04-27] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\WINDOWS\System32\drivers\athw8.sys [3228672 2016-07-16] (Qualcomm Atheros Communications, Inc.)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [521248 2016-06-25] (Qualcomm Atheros)
R1 cpuidlep; C:\WINDOWS\system32\Drivers\cpuidlep.sys [4484 2016-01-25] () [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [109184 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 MEI; C:\WINDOWS\System32\drivers\HECI.sys [55104 2015-10-11] (Intel Corporation)
R1 MpKsl1d7696c2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FB40D061-321B-49BF-90EF-7AEB0DEF7145}\MpKsl1d7696c2.sys [39168 2017-03-09] (Microsoft Corporation)
R1 MpKsl822586a5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{291864C2-02FA-4117-99D1-49926E79C60A}\MpKsl822586a5.sys [39168 2017-03-05] (Microsoft Corporation)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrd.sys [36896 2014-08-14] (NT Kernel Resources)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [239360 2015-10-11] (Realtek Semiconductor Corp.)
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [494080 2016-07-16] (Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [44216 2016-04-27] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161280 2016-07-16] (Microsoft Corporation)
S3 BstHdDrv; \??\C:\Program Files\Bluestacks\HD-Hypervisor-x86.sys [X]
S3 BstkDrv; \??\C:\Program Files\Bluestacks\BstkDrv.sys [X]
S3 hwusbdev; \SystemRoot\system32\DRIVERS\ewusbdev.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-09 19:01 - 2017-03-09 19:03 - 00016320 _____ C:\Users\Keylor Mo\Desktop\FRST.txt
2017-03-09 18:59 - 2017-03-09 19:01 - 00000000 ____D C:\FRST
2017-03-09 18:56 - 2017-03-09 18:56 - 01765888 _____ (Farbar) C:\Users\Keylor Mo\Desktop\FRST.exe
2017-03-09 17:31 - 2017-03-09 18:08 - 00000000 ____D C:\Users\Keylor Mo\Desktop\SS
2017-03-09 17:28 - 2017-03-09 18:26 - 00000000 ____D C:\ProgramData\SecTaskMan
2017-03-09 17:28 - 2017-03-09 17:28 - 00001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2017-03-09 17:28 - 2017-03-09 17:28 - 00001138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2017-03-09 17:28 - 2017-03-09 17:28 - 00001126 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2017-03-09 17:28 - 2017-03-09 17:28 - 00000000 ____D C:\Program Files\Security Task Manager
2017-03-09 17:27 - 2017-03-09 17:28 - 02967592 _____ C:\Users\Keylor Mo\Desktop\SecurityTaskManager_Setup.exe
2017-03-09 15:48 - 2017-03-09 15:48 - 04808730 _____ C:\Users\Keylor Mo\Desktop\harmony_by_rashadisrazzi-d7o0df4.zip
2017-03-09 04:05 - 2017-03-09 04:06 - 00000000 ____D C:\Users\Keylor Mo\AppData\Local\Steam
2017-03-09 03:55 - 2017-03-09 04:49 - 00000000 ____D C:\Program Files\Steam
2017-03-09 03:55 - 2017-03-09 04:28 - 00000000 ____D C:\Program Files\Common Files\Steam
2017-03-09 03:55 - 2017-03-09 03:55 - 00000954 _____ C:\Users\Public\Desktop\Steam.lnk
2017-03-09 03:55 - 2017-03-09 03:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-03-09 03:54 - 2017-03-09 03:54 - 01446792 _____ C:\Users\Keylor Mo\Desktop\SteamSetup.exe
2017-03-05 04:11 - 2017-03-05 04:13 - 76353241 _____ C:\Users\Keylor Mo\Desktop\snapchat-10-3-0-0.apk
2017-03-05 03:59 - 2017-03-05 04:02 - 00000000 ____D C:\Users\Keylor Mo\Desktop\phone
2017-02-26 14:47 - 2017-02-26 14:47 - 270785016 _____ C:\WINDOWS\MEMORY.DMP
2017-02-26 14:47 - 2017-02-26 14:47 - 00712916 _____ C:\WINDOWS\Minidump\022617-24625-01.dmp
2017-02-25 23:13 - 2017-03-09 18:57 - 00000000 ____D C:\Users\Keylor Mo\Desktop\Half-Life(www.fullypcgames.net)
2017-02-25 23:03 - 2017-02-25 23:13 - 246080971 _____ C:\Users\Keylor Mo\Desktop\Half-Life(www.fullypcgames.net).rar
2017-02-21 02:05 - 2017-02-21 02:06 - 00000000 ____D C:\Program Files\CCleaner
2017-02-21 02:05 - 2017-02-21 02:05 - 00000998 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-21 02:05 - 2017-02-21 02:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-21 01:36 - 2017-03-09 19:02 - 00000000 ____D C:\Users\Keylor Mo\AppData\Roaming\TS3Client
2017-02-21 01:36 - 2017-02-21 01:36 - 00001153 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2017-02-21 01:36 - 2017-02-21 01:36 - 00001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2017-02-21 01:36 - 2017-02-21 01:36 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-02-21 01:28 - 2017-02-21 01:54 - 72446852 _____ C:\Users\Keylor Mo\Desktop\Intel_hd_grahpics_win32_153332.zip
2017-02-21 01:28 - 2017-02-21 01:28 - 00000000 ____D C:\ProgramData\Intel
2017-02-21 01:27 - 2017-02-21 01:27 - 00000000 ____D C:\Users\Keylor Mo\AppData\Local\Intel
2017-02-21 01:26 - 2017-02-21 01:26 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-21 01:26 - 2017-02-21 01:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2017-02-21 01:21 - 2017-02-21 01:25 - 09955696 _____ (Intel) C:\Users\Keylor Mo\Desktop\Intel Driver Update Utility Installer.exe
2017-02-19 02:54 - 2017-02-24 19:20 - 00002041 _____ C:\Users\Keylor Mo\Desktop\Counter-Strike 1.6.lnk
2017-02-19 02:54 - 2017-02-19 02:54 - 00000000 ____D C:\Users\Keylor Mo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
2017-02-19 02:52 - 2017-02-19 02:55 - 00000000 ____D C:\Program Files\Counter-Strike 1.6 OMONAS
2017-02-18 03:36 - 2017-02-18 03:37 - 04448720 _____ C:\Users\Keylor Mo\Desktop\ts3_recording_17_02_18_3_36_55.wav
2017-02-18 01:46 - 2017-02-18 01:47 - 02031440 _____ C:\Users\Keylor Mo\Desktop\ts3_recording_17_02_18_1_46_48.wav
2017-02-15 00:38 - 2017-02-19 02:49 - 219570826 _____ () C:\Users\Keylor Mo\Desktop\counter-strike1.6s.exe
2017-02-13 00:13 - 2017-02-13 00:14 - 00000683 _____ C:\Users\Keylor Mo\Desktop\T.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-09 16:43 - 2016-07-16 08:29 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-09 16:43 - 2016-07-16 08:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-09 16:02 - 2016-10-03 00:02 - 01836574 _____ C:\WINDOWS\system32\perfh00C.dat
2017-03-09 16:02 - 2016-10-03 00:02 - 00483866 _____ C:\WINDOWS\system32\perfc00C.dat
2017-03-09 16:02 - 2015-09-10 20:25 - 05133766 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-09 15:49 - 2015-10-11 18:47 - 00000000 ____D C:\Users\Keylor Mo\Downloads\Compressed
2017-03-09 15:37 - 2016-10-02 15:29 - 00000000 ____D C:\Users\Keylor Mo
2017-03-09 12:55 - 2016-10-02 15:21 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-09 04:47 - 2016-10-02 15:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-09 04:45 - 2015-10-11 18:47 - 00000000 ____D C:\Users\Keylor Mo\AppData\Roaming\DMCache
2017-03-08 19:41 - 2016-07-16 08:29 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-07 13:22 - 2016-11-13 01:44 - 00000000 ___RD C:\Users\Keylor Mo\Desktop\music Bitch
2017-03-05 08:12 - 2016-07-16 02:22 - 04718592 _____ C:\WINDOWS\system32\config\BBI
2017-03-05 04:10 - 2016-09-02 07:13 - 00000000 ____D C:\Users\Keylor Mo\AppData\Roaming\IDM
2017-02-26 14:47 - 2016-11-18 00:33 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-24 08:02 - 2015-09-10 20:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-24 07:59 - 2015-09-10 20:52 - 135086848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-23 20:49 - 2016-07-16 08:29 - 00000000 ____D C:\WINDOWS\ModemLogs
2017-02-22 22:15 - 2016-07-16 08:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 16:42 - 2015-10-11 18:04 - 00000000 ____D C:\Users\Keylor Mo\AppData\Local\Packages
2017-02-21 18:03 - 2015-12-03 17:32 - 00000368 _____ C:\WINDOWS\Tasks\DriverToolkit Autorun.job
2017-02-21 02:12 - 2016-07-16 08:28 - 00000000 ____D C:\WINDOWS\INF
2017-02-21 02:11 - 2016-09-24 05:03 - 00000000 ____D C:\Users\Keylor Mo\AppData\Roaming\uTorrent
2017-02-21 02:09 - 2016-10-03 00:20 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-21 01:55 - 2015-10-11 18:38 - 00000000 ____D C:\Program Files\Intel
2017-02-21 00:26 - 2016-10-02 15:25 - 00000000 ____D C:\WINDOWS\system32\RTCOM
2017-02-19 17:33 - 2015-10-11 18:04 - 00000000 ____D C:\Users\Keylor Mo\AppData\Local\VirtualStore
2017-02-16 00:23 - 2017-02-02 14:49 - 00000214 _____ C:\Users\Keylor Mo\Desktop\New Text Document.txt
2017-02-15 18:29 - 2016-06-08 00:30 - 00000000 ____D C:\Users\Keylor Mo\AppData\Local\ElevatedDiagnostics
==================== Files in the root of some directories =======
2016-01-21 01:39 - 2016-05-24 22:21 - 0000132 _____ () C:\Users\Keylor Mo\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-10-14 02:06 - 2016-10-29 23:53 - 0007597 _____ () C:\Users\Keylor Mo\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
2017-02-25 22:06 - 2017-02-25 22:06 - 1244513 _____ (AdworldInternet) C:\Users\Keylor Mo\AppData\Local\Temp\ICReinstall_Half_Life_1_Game_2142088615.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-03-02 18:50
==================== End of FRST.txt ============================
Ran by Keylor Mo (administrator) on INCONNU-4C-0F-C (09-03-2017 19:01:31)
Running from C:\Users\Keylor Mo\Desktop
Loaded Profiles: Keylor Mo (Available Profiles: Keylor Mo)
Platform: Microsoft Windows 10 Pro Version 1607 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\ProgramData\Modem HDM EC156\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17012.10311.0_x86__8wekyb3d8bbwe\Music.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
(Valve) C:\Users\Keylor Mo\Desktop\Half-Life(www.fullypcgames.net)\hl.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [7549184 2015-10-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1024256 2015-10-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3536064 2016-04-27] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [483840 2016-07-16] (Microsoft Corporation)
HKLM\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [50343608 2016-10-11] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3952696 2016-08-05] (Tonec Inc.)
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\Run: [uTorrent] => C:\Users\Keylor Mo\AppData\Roaming\uTorrent\uTorrent.exe [1979072 2016-12-22] (BitTorrent Inc.)
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7347928 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {05f48815-b652-11e6-94bf-74e543d4082a} - "F:\AutoRun.exe"
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {05f488f5-b652-11e6-94bf-74e543d4082a} - "F:\AutoRun.exe"
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {05f48af8-b652-11e6-94bf-001e101f1859} - "F:\AutoRun.exe"
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {05f48c38-b652-11e6-94bf-001e101f1859} - "F:\AutoRun.exe"
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {05f48ca5-b652-11e6-94bf-001e101f1859} - "F:\AutoRun.exe"
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {09e1a3f6-f225-11e6-9504-b4b52f347934} - "F:\AutoRun.exe"
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {09e1a501-f225-11e6-9504-b4b52f347934} - "F:\AutoRun.exe"
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {2f2809d6-b678-11e6-94c0-74e543d4082a} - "F:\AutoRun.exe"
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {348b5588-b684-11e6-94c1-001e101f3efc} - "F:\AutoRun.exe"
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {40527e9c-d082-11e6-94cf-001e101f2c35} - "F:\AutoRun.exe"
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {786c02c3-cdde-11e6-94cb-001e101f6b67} - "F:\AutoRun.exe"
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {786c0335-cdde-11e6-94cb-001e101f6b67} - "F:\AutoRun.exe"
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\MountPoints2: {786c03f3-cdde-11e6-94cb-001e101f6b67} - "F:\AutoRun.exe"
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-1925041687-3826732043-3313555696-1002] => http=;ftp=;https=;
AutoConfigURL: [S-1-5-21-1925041687-3826732043-3313555696-1002] => http=;ftp=;https=;
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2cc7ffea-e7da-46a9-b554-ddceafc801da}: [NameServer] 192.168.50.58 192.168.60.55
Tcpip\..\Interfaces\{4817a43f-d0cb-44ce-a7d7-13dff186dea2}: [NameServer] 192.168.50.58 192.168.60.55
Tcpip\..\Interfaces\{5eccdab2-f5f9-47ee-a83d-600b804a862c}: [NameServer] 192.168.50.58 192.168.60.55
Tcpip\..\Interfaces\{e031c129-d52d-4cd0-88ec-c155be5c0931}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\Software\Microsoft\Internet Explorer\Main,Start Page = www.wana.ma
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-07-13] (Internet Download Manager, Tonec Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Edge:
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2016-12-16]
FireFox:
========
FF HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-08-03]
FF HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Keylor Mo\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Keylor Mo\AppData\Roaming\IDM\idmmzcc5 [2017-03-09] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-12] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw56VMFZJr47C0z0ohpLmZOB51y4kQu-CLOxJnpKtMS5iOLePmPVNr6jg9Nw4yMdxjbDDqQml2L_vI7obYV8mZB77aaRkxs4-30N80UgPL7NuO3olSI7Q5VrJCI2z5b8eJwdIATazhTCY1V-Z18UQNBGN3Vit
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1415150670&from=amt&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXU1EB1LRRYLLRRYL"
CHR Profile: C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default [2017-03-09]
CHR Extension: (Google Slides) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-08]
CHR Extension: (Google Docs) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-08]
CHR Extension: (Google Drive) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-08]
CHR Extension: (Skype Calling) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-01-08]
CHR Extension: (YouTube) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-08]
CHR Extension: (Adblock Plus) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-01-08]
CHR Extension: (Google Sheets) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-08]
CHR Extension: (Google Docs Offline) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-08]
CHR Extension: (AdBlock) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-25]
CHR Extension: (anonymoX) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpklikeghomkemdellmmkoifgfbakio [2017-02-11]
CHR Extension: (IDM Integration Module) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-01-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (OneClick Cleaner App) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadiaahhieelhhffeofkdchgfpjehjok [2017-01-08]
CHR Extension: (Gmail) - C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-08]
CHR Profile: C:\Users\Keylor Mo\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-21]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-08-05]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AIPS; C:\Program Files\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [File not signed]
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [290224 2015-10-11] (Intel Corporation)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
S2 Modem HDM EC156. RunOuc; C:\Program Files\Modem HDM EC156\UpdateDog\ouc.exe [655712 2016-12-29] ()
S3 rpcapd; C:\Program Files\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [263936 2015-10-11] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [1887272 2016-10-03] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [227504 2016-04-27] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\WINDOWS\System32\drivers\athw8.sys [3228672 2016-07-16] (Qualcomm Atheros Communications, Inc.)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [521248 2016-06-25] (Qualcomm Atheros)
R1 cpuidlep; C:\WINDOWS\system32\Drivers\cpuidlep.sys [4484 2016-01-25] () [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [109184 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 MEI; C:\WINDOWS\System32\drivers\HECI.sys [55104 2015-10-11] (Intel Corporation)
R1 MpKsl1d7696c2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FB40D061-321B-49BF-90EF-7AEB0DEF7145}\MpKsl1d7696c2.sys [39168 2017-03-09] (Microsoft Corporation)
R1 MpKsl822586a5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{291864C2-02FA-4117-99D1-49926E79C60A}\MpKsl822586a5.sys [39168 2017-03-05] (Microsoft Corporation)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrd.sys [36896 2014-08-14] (NT Kernel Resources)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [239360 2015-10-11] (Realtek Semiconductor Corp.)
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [494080 2016-07-16] (Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [44216 2016-04-27] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161280 2016-07-16] (Microsoft Corporation)
S3 BstHdDrv; \??\C:\Program Files\Bluestacks\HD-Hypervisor-x86.sys [X]
S3 BstkDrv; \??\C:\Program Files\Bluestacks\BstkDrv.sys [X]
S3 hwusbdev; \SystemRoot\system32\DRIVERS\ewusbdev.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-09 19:01 - 2017-03-09 19:03 - 00016320 _____ C:\Users\Keylor Mo\Desktop\FRST.txt
2017-03-09 18:59 - 2017-03-09 19:01 - 00000000 ____D C:\FRST
2017-03-09 18:56 - 2017-03-09 18:56 - 01765888 _____ (Farbar) C:\Users\Keylor Mo\Desktop\FRST.exe
2017-03-09 17:31 - 2017-03-09 18:08 - 00000000 ____D C:\Users\Keylor Mo\Desktop\SS
2017-03-09 17:28 - 2017-03-09 18:26 - 00000000 ____D C:\ProgramData\SecTaskMan
2017-03-09 17:28 - 2017-03-09 17:28 - 00001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2017-03-09 17:28 - 2017-03-09 17:28 - 00001138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2017-03-09 17:28 - 2017-03-09 17:28 - 00001126 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2017-03-09 17:28 - 2017-03-09 17:28 - 00000000 ____D C:\Program Files\Security Task Manager
2017-03-09 17:27 - 2017-03-09 17:28 - 02967592 _____ C:\Users\Keylor Mo\Desktop\SecurityTaskManager_Setup.exe
2017-03-09 15:48 - 2017-03-09 15:48 - 04808730 _____ C:\Users\Keylor Mo\Desktop\harmony_by_rashadisrazzi-d7o0df4.zip
2017-03-09 04:05 - 2017-03-09 04:06 - 00000000 ____D C:\Users\Keylor Mo\AppData\Local\Steam
2017-03-09 03:55 - 2017-03-09 04:49 - 00000000 ____D C:\Program Files\Steam
2017-03-09 03:55 - 2017-03-09 04:28 - 00000000 ____D C:\Program Files\Common Files\Steam
2017-03-09 03:55 - 2017-03-09 03:55 - 00000954 _____ C:\Users\Public\Desktop\Steam.lnk
2017-03-09 03:55 - 2017-03-09 03:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-03-09 03:54 - 2017-03-09 03:54 - 01446792 _____ C:\Users\Keylor Mo\Desktop\SteamSetup.exe
2017-03-05 04:11 - 2017-03-05 04:13 - 76353241 _____ C:\Users\Keylor Mo\Desktop\snapchat-10-3-0-0.apk
2017-03-05 03:59 - 2017-03-05 04:02 - 00000000 ____D C:\Users\Keylor Mo\Desktop\phone
2017-02-26 14:47 - 2017-02-26 14:47 - 270785016 _____ C:\WINDOWS\MEMORY.DMP
2017-02-26 14:47 - 2017-02-26 14:47 - 00712916 _____ C:\WINDOWS\Minidump\022617-24625-01.dmp
2017-02-25 23:13 - 2017-03-09 18:57 - 00000000 ____D C:\Users\Keylor Mo\Desktop\Half-Life(www.fullypcgames.net)
2017-02-25 23:03 - 2017-02-25 23:13 - 246080971 _____ C:\Users\Keylor Mo\Desktop\Half-Life(www.fullypcgames.net).rar
2017-02-21 02:05 - 2017-02-21 02:06 - 00000000 ____D C:\Program Files\CCleaner
2017-02-21 02:05 - 2017-02-21 02:05 - 00000998 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-21 02:05 - 2017-02-21 02:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-21 01:36 - 2017-03-09 19:02 - 00000000 ____D C:\Users\Keylor Mo\AppData\Roaming\TS3Client
2017-02-21 01:36 - 2017-02-21 01:36 - 00001153 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2017-02-21 01:36 - 2017-02-21 01:36 - 00001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2017-02-21 01:36 - 2017-02-21 01:36 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-02-21 01:28 - 2017-02-21 01:54 - 72446852 _____ C:\Users\Keylor Mo\Desktop\Intel_hd_grahpics_win32_153332.zip
2017-02-21 01:28 - 2017-02-21 01:28 - 00000000 ____D C:\ProgramData\Intel
2017-02-21 01:27 - 2017-02-21 01:27 - 00000000 ____D C:\Users\Keylor Mo\AppData\Local\Intel
2017-02-21 01:26 - 2017-02-21 01:26 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-21 01:26 - 2017-02-21 01:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2017-02-21 01:21 - 2017-02-21 01:25 - 09955696 _____ (Intel) C:\Users\Keylor Mo\Desktop\Intel Driver Update Utility Installer.exe
2017-02-19 02:54 - 2017-02-24 19:20 - 00002041 _____ C:\Users\Keylor Mo\Desktop\Counter-Strike 1.6.lnk
2017-02-19 02:54 - 2017-02-19 02:54 - 00000000 ____D C:\Users\Keylor Mo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
2017-02-19 02:52 - 2017-02-19 02:55 - 00000000 ____D C:\Program Files\Counter-Strike 1.6 OMONAS
2017-02-18 03:36 - 2017-02-18 03:37 - 04448720 _____ C:\Users\Keylor Mo\Desktop\ts3_recording_17_02_18_3_36_55.wav
2017-02-18 01:46 - 2017-02-18 01:47 - 02031440 _____ C:\Users\Keylor Mo\Desktop\ts3_recording_17_02_18_1_46_48.wav
2017-02-15 00:38 - 2017-02-19 02:49 - 219570826 _____ () C:\Users\Keylor Mo\Desktop\counter-strike1.6s.exe
2017-02-13 00:13 - 2017-02-13 00:14 - 00000683 _____ C:\Users\Keylor Mo\Desktop\T.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-09 16:43 - 2016-07-16 08:29 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-09 16:43 - 2016-07-16 08:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-09 16:02 - 2016-10-03 00:02 - 01836574 _____ C:\WINDOWS\system32\perfh00C.dat
2017-03-09 16:02 - 2016-10-03 00:02 - 00483866 _____ C:\WINDOWS\system32\perfc00C.dat
2017-03-09 16:02 - 2015-09-10 20:25 - 05133766 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-09 15:49 - 2015-10-11 18:47 - 00000000 ____D C:\Users\Keylor Mo\Downloads\Compressed
2017-03-09 15:37 - 2016-10-02 15:29 - 00000000 ____D C:\Users\Keylor Mo
2017-03-09 12:55 - 2016-10-02 15:21 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-09 04:47 - 2016-10-02 15:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-09 04:45 - 2015-10-11 18:47 - 00000000 ____D C:\Users\Keylor Mo\AppData\Roaming\DMCache
2017-03-08 19:41 - 2016-07-16 08:29 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-07 13:22 - 2016-11-13 01:44 - 00000000 ___RD C:\Users\Keylor Mo\Desktop\music Bitch
2017-03-05 08:12 - 2016-07-16 02:22 - 04718592 _____ C:\WINDOWS\system32\config\BBI
2017-03-05 04:10 - 2016-09-02 07:13 - 00000000 ____D C:\Users\Keylor Mo\AppData\Roaming\IDM
2017-02-26 14:47 - 2016-11-18 00:33 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-24 08:02 - 2015-09-10 20:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-24 07:59 - 2015-09-10 20:52 - 135086848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-23 20:49 - 2016-07-16 08:29 - 00000000 ____D C:\WINDOWS\ModemLogs
2017-02-22 22:15 - 2016-07-16 08:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 16:42 - 2015-10-11 18:04 - 00000000 ____D C:\Users\Keylor Mo\AppData\Local\Packages
2017-02-21 18:03 - 2015-12-03 17:32 - 00000368 _____ C:\WINDOWS\Tasks\DriverToolkit Autorun.job
2017-02-21 02:12 - 2016-07-16 08:28 - 00000000 ____D C:\WINDOWS\INF
2017-02-21 02:11 - 2016-09-24 05:03 - 00000000 ____D C:\Users\Keylor Mo\AppData\Roaming\uTorrent
2017-02-21 02:09 - 2016-10-03 00:20 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-21 01:55 - 2015-10-11 18:38 - 00000000 ____D C:\Program Files\Intel
2017-02-21 00:26 - 2016-10-02 15:25 - 00000000 ____D C:\WINDOWS\system32\RTCOM
2017-02-19 17:33 - 2015-10-11 18:04 - 00000000 ____D C:\Users\Keylor Mo\AppData\Local\VirtualStore
2017-02-16 00:23 - 2017-02-02 14:49 - 00000214 _____ C:\Users\Keylor Mo\Desktop\New Text Document.txt
2017-02-15 18:29 - 2016-06-08 00:30 - 00000000 ____D C:\Users\Keylor Mo\AppData\Local\ElevatedDiagnostics
==================== Files in the root of some directories =======
2016-01-21 01:39 - 2016-05-24 22:21 - 0000132 _____ () C:\Users\Keylor Mo\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-10-14 02:06 - 2016-10-29 23:53 - 0007597 _____ () C:\Users\Keylor Mo\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
2017-02-25 22:06 - 2017-02-25 22:06 - 1244513 _____ (AdworldInternet) C:\Users\Keylor Mo\AppData\Local\Temp\ICReinstall_Half_Life_1_Game_2142088615.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-03-02 18:50
==================== End of FRST.txt ============================