Professional Documents
Culture Documents
FRST
FRST
2019 01
Ran by crim (administrator) on CRIM-SEC (18-01-2019 11:15:14)
Running from C:\Users\crim\Downloads
Loaded Profiles: crim (Available Profiles: defaultuser0 & crim)
Platform: Windows 10 Home Single Language Version 1803 17134.523 (X64) Language:
English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-
recovery-scan-tool/
(If an entry is included in the fixlist, the process will be closed. The file will
not be moved.)
(If an entry is included in the fixlist, the registry item will be restored to
default or removed. The file will not be moved.)
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1609226357-2572486139-419568603-1001\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1609226357-2572486139-419568603-1001\Software\Microsoft\Internet
Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-1609226357-2572486139-419568603-1001 -> DefaultScope
{E1023BDD-202B-4650-8039-1E10398BCAA4} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program
Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} ->
C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-01-12]
(Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->
C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2019-01-11] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->
C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2019-01-11] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-
2923E76605DA} -> C:\Program Files\Microsoft
Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-12-12]
(Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program
Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} -
C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft
Office\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program
Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program
Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
[2019-01-12] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program
Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program
Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
[2019-01-12] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program
Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program
Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
[2019-01-12] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: c4cmaus0.default-1533118937090
FF ProfilePath:
C:\Users\crim\AppData\Roaming\Mozilla\Firefox\Profiles\c4cmaus0.default-
1533118937090 [2019-01-18]
FF Extension: (Avast SafePrice) -
C:\Users\crim\AppData\Roaming\Mozilla\Firefox\Profiles\c4cmaus0.default-
1533118937090\Extensions\sp@avast.com.xpi [2019-01-17]
FF Extension: (Avast Online Security) -
C:\Users\crim\AppData\Roaming\Mozilla\Firefox\Profiles\c4cmaus0.default-
1533118937090\Extensions\wrc@avast.com.xpi [2019-01-17]
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program
Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2019-01-11] (Oracle
Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program
Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2019-01-11] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft
Office\root\Office16\NPSPWRAP.DLL [2018-12-12] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program
Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 ->
C:\Program Files (x86)\Intel\Intel(R) Management Engine
Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files
(x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[2015-08-25] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft
Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
[2019-01-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft
Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-12-12]
(Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files
(x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files
(x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files
(x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\crim\AppData\Local\Google\Chrome\User Data\Default [2019-01-
18]
CHR Extension: (Slides) - C:\Users\crim\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-26]
CHR Extension: (Docs) - C:\Users\crim\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-26]
CHR Extension: (Google Drive) - C:\Users\crim\AppData\Local\Google\Chrome\User
Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-26]
CHR Extension: (YouTube) - C:\Users\crim\AppData\Local\Google\Chrome\User
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-26]
CHR Extension: (Avira Password Manager) -
C:\Users\crim\AppData\Local\Google\Chrome\User
Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2019-01-18]
CHR Extension: (Sheets) - C:\Users\crim\AppData\Local\Google\Chrome\User
Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-26]
CHR Extension: (Avira Browser Safety) -
C:\Users\crim\AppData\Local\Google\Chrome\User
Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2019-01-18]
CHR Extension: (Google Docs Offline) -
C:\Users\crim\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (Grammarly for Chrome) -
C:\Users\crim\AppData\Local\Google\Chrome\User
Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-01-18]
CHR Extension: (Search Manager) - C:\Users\crim\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2019-01-04]
CHR Extension: (Chrome Web Store Payments) -
C:\Users\crim\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-12]
CHR Extension: (Search Manager) - C:\Users\crim\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2019-01-04]
CHR Extension: (Gmail) - C:\Users\crim\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-26]
CHR Extension: (Chrome Media Router) -
C:\Users\crim\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-05]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] -
hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] -
hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1609226357-2572486139-419568603-
1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension:
[dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1609226357-2572486139-419568603-
1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension:
[nahhmpbckpgdidfnmfkfgiflpjijilce] -
hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1609226357-2572486139-419568603-
1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension:
[pilplloabdedfmialnfchjomjmpjcoej] -
hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] -
hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] -
hxxps://clients2.google.com/service/update2/crx
(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)
(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)
R3 btmaux; C:\WINDOWS\system32\DRIVERS\btmaux.sys [141624 2014-10-28] (Motorola
Solutions, Inc.)
S3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2019-01-18] (CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung
Electronics Co., Ltd.)
S3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [31824 2017-05-04] (ELAN
Microelectronic Corp.)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2018-
08-23] (Huawei Technologies Co., Ltd.)
R0 hswultpep; C:\WINDOWS\System32\drivers\hswultpep.sys [62968 2013-02-09] (Intel
Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-06-30]
(REALiX(tm))
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2018-08-23] (Huawei
Technologies Co., Ltd.) [File not signed]
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [967696 2018-10-17] (Intel
Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [141848 2018-10-17] (Intel
Corporation)
R3 int0800; C:\WINDOWS\System32\drivers\flashud.sys [51712 2015-05-07] (Intel
Corporation)
S3 LEMo602D; C:\WINDOWS\system32\DRIVERS\LEMo602D.sys [24064 2011-04-19] (Primax
Electronics Ltd.)
S3 LEub602D; C:\WINDOWS\system32\DRIVERS\LEub602D.sys [18944 2011-05-17] (Primax
Electronics Ltd.)
S3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw04.sys [3557864 2018-06-30] (Intel
Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [8714872 2019-01-14] (Intel
Corporation)
R3 nvlddmkm;
C:\WINDOWS\System32\DriverStore\FileRepository\nvlei.inf_amd64_d008df16fb086900\nvl
ddmkm.sys [20605496 2018-10-17] (NVIDIA Corporation)
S3 qcfilter; C:\WINDOWS\System32\drivers\qcusbfilter.sys [39936 2015-01-28]
(QUALCOMM Incorporated)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM
Incorporated)
S3 qcusbwwan; C:\WINDOWS\System32\drivers\qcusbwwan.sys [557112 2017-03-15]
(QUALCOMM Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1118648 2018-10-17] (Realtek
)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [430016 2018-10-17] (Realsil
Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [66264 2019-01-14]
(Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung
Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18]
(QUALCOMM Incorporated)
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [44976 2018-06-01]
(The OpenVPN Project)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896
2017-09-13] (The OpenVPN Project)
S3 usbser; C:\Windows\SysWOW64\drivers\usbser.sys [25600 2014-05-13] (Microsoft
Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-11] (Microsoft
Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-11]
(Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-11]
(Microsoft Corporation)
S4 IMFMBRProtect; \??\C:\Program Files (x86)\IObit\IObit Malware
Fighter\drivers\win10_amd64\IMFMBRProtect.sys [X]
S4 IMFSafeBox; \??\C:\Program Files (x86)\IObit\IObit Malware
Fighter\drivers\win10_amd64\IMFSafeBox.sys [X]
(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)