FRST result (2nd part)
---------------------------------------------------------------------------------------------------------------------------------------
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6A5E1601-F08A-475E-B98E-5517B1BC501C}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://hao.360.cn/?a1004
HKU\S-1-5-21-3480955168-191862549-1513062737-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3480955168-191862549-1513062737-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ph/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-11-02] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-02] (Oracle America, Inc. -> Oracle Corporation)
DPF: {CAFEEFAC-0018-0000-00191-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_191-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2020-04-01]
FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxps://www.google.com/
FF NewTabOverride: Mozilla\Firefox\Profiles\nahd6ha2.default -> Enabled:
vb@yandex.ru
FF Extension: (Yandex.Market Adviser) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\
sovetnik-yandex@yandex.ru.xpi [2018-06-26] [UpdateUrl:hxxps://static.sovetnik.yandex.net/sovetnik/extension/firefox-webextension-yandex-update.json]
FF HKLM\...\Firefox\Extensions: [
adapter@gingersoftware.com] - C:\Program Files\Ginger\Mozilla\
adapter@gingersoftware.com
FF Extension: (Ginger) - C:\Program Files\Ginger\Mozilla\
adapter@gingersoftware.com [2017-09-17] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [firefox@gingersoftware.2.0.0.74.com] - C:\Program Files\Ginger\Mozilla\firefox@gingersoftware.2.0.0.74.com => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll [2013-07-09] (Adobe Systems Incorporated -> )
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2017-05-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2020-01-22] (Google LLC -> Google LLC)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2020-01-22] (Google LLC -> Google LLC)
FF Plugin:
@Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [No File]
FF Plugin:
@Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [No File]
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Users\User\Desktop\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
FF Plugin HKU\.DEFAULT: gingersoftware.com/gingerPlugin -> C:\Program Files\Ginger\GingerServices\GingerServicesProxy.dll [2015-08-31] (Ginger Software) [File not signed]
FF Plugin HKU\S-1-5-21-3480955168-191862549-1513062737-1000:
@Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [No File]
FF Plugin HKU\S-1-5-21-3480955168-191862549-1513062737-1000:
@Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [No File]
FF Plugin HKU\S-1-5-21-3480955168-191862549-1513062737-1000:
@Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [No File]
FF Plugin HKU\S-1-5-21-3480955168-191862549-1513062737-1000: gingersoftware.com/gingerPlugin -> C:\Program Files\Ginger\GingerServices\GingerServicesProxy.dll [2015-08-31] (Ginger Software) [File not signed]
Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2020-04-02]
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-02-03]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-02-03]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-02-03]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-02-03]
CHR Extension: (Adobe Acrobat) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-04-01]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-02-03]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-02-03]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-02-03]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-02-03]
CHR HKU\S-1-5-21-3480955168-191862549-1513062737-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [88136 2019-09-10] (Adobe Inc. -> Adobe Systems)
S3 AdobeUpdateService; C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818136 2018-09-13] (Adobe Systems Incorporated -> Adobe Inc.)
R2 AGMService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGMService.exe [3374160 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [3103824 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE [143424 2013-04-15] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
S3 GingerUpdateService; C:\Program Files\Ginger\GingerUpdateService\GingerUpdateService.exe [527360 2015-08-31] (Ginger Software) [File not signed]
R2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [206528 2017-07-12] (McAfee, Inc. -> McAfee, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [5547464 2020-04-01] (Malwarebytes Inc -> Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 SuperKillerSrv; C:\Program Files\360\360Safe\firstaid\fix\Dsmain.exe /srv [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [27896 2014-04-28] (Lenovo (Beijing) Limited -> Lenovo Corporation)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3376128 2016-11-28] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [176856 2016-01-26] (Broadcom Corporation -> Broadcom Corporation.)
S3 BstkDrv; C:\Program Files\BlueStacks\BstkDrv.sys [220216 2017-11-06] (Bluestack Systems, Inc. -> Bluestack System Inc. )
R3 btwampfl; C:\Windows\System32\DRIVERS\btwampfl.sys [510168 2016-01-26] (Broadcom Corporation -> Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [71208 2010-11-15] (Broadcom Corporation -> Broadcom Corporation.)
R3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [11776 2012-04-03] (Microsoft Windows Hardware Compatibility Publisher -> Cypress Semiconductor, Inc.)
S1 epp; C:\Users\User\Desktop\bin32\epp.sys [118248 2020-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Emsisoft Ltd)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [351048 2014-04-02] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [503048 2015-05-29] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27376 2015-05-29] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-07-18] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [178952 2020-04-02] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [213912 2020-04-02] (Malwarebytes Inc -> Malwarebytes)
S3 RHeBd1; D:\2c5012bf\RHeBd1.sys [888880 2020-02-05] (Beijing Qihu Technology Co., Ltd. -> )
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [174464 2010-04-21] (Microsoft Windows Hardware Compatibility Publisher -> SMI)
S3 FsWriteBack; \??\C:\Windows\system32\drivers\FsWriteBack.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-04-02 14:44 - 2020-04-02 14:48 - 000026648 _____ C:\Users\User\Desktop\FRST.txt
2020-04-02 14:43 - 2020-04-02 14:47 - 000000000 ____D C:\FRST
2020-04-02 14:22 - 2020-04-02 14:25 - 002008064 _____ (Farbar) C:\Users\User\Desktop\FRST (1).exe
2020-04-02 13:19 - 2020-04-02 13:21 - 035919018 _____ C:\Users\User\Downloads\windows6.1-kb4474419-v3-x86_0f687d50402790f340087c576886501b3223bec6.msu
2020-04-02 13:18 - 2020-04-02 13:19 - 004217422 _____ C:\Users\User\Downloads\windows6.1-kb4490628-x86_3cdb3df55b9cd7ef7fcb24fc4e237ea287ad0992.msu
2020-04-02 11:42 - 2020-04-02 11:43 - 000319839 _____ C:\Users\User\Downloads\IE11-Windows6.1-KB3025390-x86.msu
2020-04-02 11:37 - 2020-04-02 11:50 - 331377414 _____ C:\Users\User\Downloads\windows6.1-kb3125574-v4-x86_ba1ff5537312561795cc04db0b02fbb0a74b2cbd.msu
2020-04-02 11:05 - 2020-04-02 11:05 - 000213912 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-04-02 11:05 - 2020-04-02 11:05 - 000178952 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-04-02 10:48 - 2020-04-02 10:48 - 000000000 ____D C:\Windows\system32\SPReview
2020-04-02 09:59 - 2010-11-20 04:36 - 001077248 _____ (Microsoft Corporation) C:\Windows\system32\Narrator.exe
2020-04-02 09:59 - 2010-11-20 04:36 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\NAPHLPR.DLL
2020-04-02 09:59 - 2010-11-20 04:32 - 005066752 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWSnapin.dll
2020-04-02 09:59 - 2010-11-20 04:30 - 003966848 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2020-04-02 09:59 - 2010-11-20 04:30 - 003911040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-04-02 09:59 - 2010-11-20 04:30 - 001290112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2020-04-02 09:59 - 2010-11-20 04:30 - 001211264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2020-04-02 09:59 - 2010-11-20 04:30 - 000712576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2020-04-02 09:59 - 2010-11-20 04:30 - 000520064 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2020-04-02 09:59 - 2010-11-20 04:30 - 000245632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2020-04-02 09:59 - 2010-11-20 04:30 - 000240000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2020-04-02 09:59 - 2010-11-20 04:30 - 000173440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2020-04-02 09:59 - 2010-11-20 04:30 - 000148864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2020-04-02 09:59 - 2010-11-20 04:30 - 000143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2020-04-02 09:59 - 2010-11-20 04:30 - 000130432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys
2020-04-02 09:59 - 2010-11-20 04:30 - 000117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2020-04-02 09:59 - 2010-11-20 04:30 - 000085376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys
2020-04-02 09:59 - 2010-11-20 04:30 - 000078208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2020-04-02 09:59 - 2010-11-20 04:30 - 000067456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2020-04-02 09:59 - 2010-11-20 04:30 - 000056192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2020-04-02 09:59 - 2010-11-20 04:30 - 000028032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys
2020-04-02 09:59 - 2010-11-20 04:29 - 002217856 _____ (Microsoft Corporation) C:\Windows\system32\bootres.dll
2020-04-02 09:59 - 2010-11-20 04:29 - 000274304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2020-04-02 09:59 - 2010-11-20 04:29 - 000194432 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2020-04-02 09:59 - 2010-11-20 04:29 - 000194432 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2020-04-02 09:59 - 2010-11-20 04:29 - 000187776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2020-04-02 09:59 - 2010-11-20 04:29 - 000137088 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2020-04-02 09:59 - 2010-11-20 04:29 - 000132992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2020-04-02 09:59 - 2010-11-20 04:29 - 000101760 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2020-04-02 09:59 - 2010-11-20 04:24 - 001288488 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2020-04-02 09:59 - 2010-11-20 04:24 - 000271664 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2020-04-02 09:59 - 2010-11-20 04:23 - 000144768 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2020-04-02 09:59 - 2010-11-20 04:21 - 002755072 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2020-04-02 09:59 - 2010-11-20 04:21 - 002157568 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
2020-04-02 09:59 - 2010-11-20 04:21 - 002146304 _____ (Microsoft Corporation) C:\Windows\system32\SyncCenter.dll
2020-04-02 09:59 - 2010-11-20 04:21 - 001667584 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2020-04-02 09:59 - 2010-11-20 04:21 - 001619456 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2020-04-02 09:59 - 2010-11-20 04:21 - 001328128 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2020-04-02 09:59 - 2010-11-20 04:21 - 001229824 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2020-04-02 09:59 - 2010-11-20 04:21 - 001227776 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2020-04-02 09:59 - 2010-11-20 04:21 - 001159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2020-04-02 09:59 - 2010-11-20 04:21 - 001128448 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2020-04-02 09:59 - 2010-11-20 04:21 - 001115136 _____ (Microsoft Corporation) C:\Windows\system32\RacEngn.dll
2020-04-02 09:59 - 2010-11-20 04:21 - 001063936 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2020-04-02 09:59 - 2010-11-20 04:21 - 000974336 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2020-04-02 09:59 - 2010-11-20 04:21 - 000933376 _____ (Microsoft Corporation) C:\Windows\system32\Vault.dll