Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.11.2018
Ran by CvP (administrator) on CVP-LAPTOP (25-11-2018 14:18:39)
Running from C:\Users\CvP\Desktop
Loaded Profiles: CvP (Available Profiles: defaultuser0 & CvP)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
() C:\Program Files (x86)\MobileBrServ\mbbService.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Lenovo\LenovoUtility\utility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\SDXHelper.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Failed to access process -> MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18383328 2017-10-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493984 2017-10-05] (Realtek Semiconductor)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2017-06-28] ()
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493984 2017-10-05] (Realtek Semiconductor)
HKLM-x32\...\Run: [{C06C7DD7-9611-42E8-9254-7FC6A9E26160}] => C:\Program Files (x86)\D-com 3.5G\UUShell.exe [122112 2014-05-15] ()
HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\...\RunOnce: [Uninstall 18.065.0329.0002\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\CvP\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64"
HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\...\RunOnce: [Uninstall 18.065.0329.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\CvP\AppData\Local\Microsoft\OneDrive\18.065.0329.0002"
HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\...\RunOnce: [Uninstall 18.172.0826.0010\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\CvP\AppData\Local\Microsoft\OneDrive\18.172.0826.0010\amd64"
HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\...\RunOnce: [Uninstall 18.172.0826.0010] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\CvP\AppData\Local\Microsoft\OneDrive\18.172.0826.0010"
HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\...\MountPoints2: {7b2927fb-40a3-11e8-83e0-a0afbd54e407} - "D:\AutoRun.exe"
HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\...\MountPoints2: {843df894-0e28-11e8-83db-a0afbd54e407} - "D:\Windows\AutoRun.exe"
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{2ec7cd78-26c6-4b4f-a4f7-5acb607b645f}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{351a44b8-59e5-4cd1-ba76-aa59d8c031ef}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{6b505802-728f-416c-aeca-43e9035680d8}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{6dfe5cc8-d63b-47ef-90a9-006599aad4dd}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{ff65ecd1-2b32-4166-9b2e-77aeb5161aff}: [DhcpNameServer] 169.254.110.57
Internet Explorer:
==================
HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://
www.lenovo.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-11-25] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-23] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-23] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-23] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-23] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: qhz8sq3j.default-1540378548864
FF ProfilePath: C:\Users\CvP\AppData\Roaming\Mozilla\Firefox\Profiles\qhz8sq3j.default-1540378548864 [2018-11-25]
FF Plugin-x32:
@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-02] (Intel Corporation)
FF Plugin-x32:
@intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-02] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-11-23] (Microsoft Corporation)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [680288 2016-12-06] (Lenovo)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9669920 2018-11-02] (Microsoft Corporation)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-07] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-11] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2017-05-16] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [71040 2018-11-16] (Lenovo Group Ltd.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887784 2015-09-03] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\Program Files (x86)\MobileBrServ\mbbservice.exe [242264 2016-03-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324576 2017-10-05] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [267328 2017-05-16] (Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-11-21] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-11-21] (Microsoft Corporation)
R2 ZDServ; C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe [432384 2014-05-15] ()
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55816 2015-08-12] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-12] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-12] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [7407096 2017-05-16] (Intel Corporation)
S3 massfilter; C:\WINDOWS\System32\drivers\ztembbmassfilter.sys [15360 2012-11-22] (MBB Incorporated)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-25] (Malwarebytes)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3526400 2017-03-09] (Intel Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [337920 2017-05-07] (Realtek Semiconductor Corp.)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3057920 2015-10-08] (Realtek Semiconductor Corp.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (QUALCOMM Incorporated)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2015-10-15] (Intel Corporation)
R3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2017-09-29] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-11-21] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-11-21] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-11-21] (Microsoft Corporation)
S3 ZTEusbmdm6k; C:\WINDOWS\system32\DRIVERS\ztembbusbmdm.sys [123264 2012-11-23] (ZTE Incorporated)
R3 ZTEusbnmea; C:\WINDOWS\system32\DRIVERS\ztembbusbnmea.sys [123264 2012-11-23] (ZTE Incorporated)
S3 ZTEusbser6K; C:\WINDOWS\system32\DRIVERS\ztembbusbser6k.sys [123264 2012-11-23] (ZTE Incorporated)
R3 ZTEusbvoice; C:\WINDOWS\system32\DRIVERS\ztembbusbvoice.sys [123264 2012-11-23] (ZTE Incorporated)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-11-25 14:18 - 2018-11-25 14:24 - 000016663 _____ C:\Users\CvP\Desktop\FRST.txt
2018-11-25 14:18 - 2018-11-25 14:18 - 000000000 ____D C:\FRST
2018-11-25 14:17 - 2018-11-25 14:16 - 002416640 _____ (Farbar) C:\Users\CvP\Desktop\FRST64.exe
2018-11-25 14:16 - 2018-11-25 14:16 - 002416640 _____ (Farbar) C:\Users\CvP\Downloads\FRST64.exe
2018-11-25 12:41 - 2018-11-25 12:41 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-11-25 12:41 - 2018-11-25 12:41 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-25 12:41 - 2018-11-25 12:41 - 000000000 ____D C:\Users\CvP\AppData\Local\mbamtray
2018-11-25 12:41 - 2018-11-25 12:41 - 000000000 ____D C:\Users\CvP\AppData\Local\mbam
2018-11-25 12:40 - 2018-11-25 12:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-25 12:40 - 2018-11-25 12:40 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-25 12:40 - 2018-11-25 12:40 - 000000000 ____D C:\Program Files\Malwarebytes
2018-11-25 12:40 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-11-25 12:34 - 2018-11-25 12:39 - 080548384 _____ (Malwarebytes ) C:\Users\CvP\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7999.exe
2018-11-25 11:46 - 2018-11-25 11:46 - 000008704 ___SH C:\Users\CvP\Desktop\Thumbs.db
2018-11-25 05:33 - 2018-11-16 02:44 - 000206208 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.CoreTypes.dll
2018-11-25 05:33 - 2018-11-16 02:44 - 000130432 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.Utilities.dll
2018-11-25 05:33 - 2018-11-16 02:44 - 000097664 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.ImController.ImClient.dll
2018-11-25 05:33 - 2018-11-16 02:44 - 000043904 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.ImController.EventLogging.dll
2018-11-23 15:02 - 2018-11-23 15:02 - 014474808 _____ C:\Users\CvP\Downloads\RogueKillerCMD_portable64.exe
2018-11-21 15:21 - 2018-06-08 14:09 - 000130808 _____ (Microsoft Corporation) C:\WINDOWS\system32\osrss.dll
2018-11-06 14:04 - 2018-11-21 15:25 - 000000000 ____D C:\Program Files\rempl
2018-11-06 14:04 - 2018-09-13 15:36 - 000025248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Luadgmgt.dll
2018-11-03 09:18 - 2018-11-03 09:18 - 000000000 ____D C:\Program Files (x86)\MobileBrServ
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-11-25 14:12 - 2018-02-07 00:56 - 000000000 ____D C:\WINDOWS\rescache
2018-11-25 14:11 - 2018-02-06 17:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-25 14:08 - 2018-02-07 00:45 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-25 13:51 - 2018-02-07 00:56 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-11-25 12:40 - 2018-02-07 00:56 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-25 12:40 - 2018-02-07 00:56 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-25 12:40 - 2018-02-07 00:56 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-25 12:36 - 2017-06-28 09:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-11-25 12:13 - 2017-12-28 09:18 - 000000000 ___RD C:\Users\CvP\3D Objects
2018-11-25 11:22 - 2018-02-06 17:51 - 000000000 ____D C:\Users\CvP\AppData\Local\Packages
2018-11-25 11:02 - 2018-02-07 00:53 - 000000000 ____D C:\WINDOWS\INF
2018-11-25 11:02 - 2017-12-28 19:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-11-23 14:55 - 2018-04-12 11:45 - 000000000 ____D C:\Users\CvP\AppData\LocalLow\Mozilla
2018-11-21 17:26 - 2018-02-27 06:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-11-21 17:25 - 2018-02-26 07:34 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-21 17:15 - 2018-02-26 07:33 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-21 15:11 - 2018-02-12 10:08 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3539046531-3616625713-1300800389-1001
2018-11-21 15:11 - 2018-02-06 17:55 - 000002409 _____ C:\Users\CvP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-11-21 15:11 - 2017-12-28 19:57 - 000000000 ___RD C:\Users\CvP\OneDrive
2018-11-16 02:44 - 2018-04-06 16:43 - 000425344 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2018-11-16 02:44 - 2018-04-06 16:43 - 000104832 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2018-11-16 02:44 - 2017-12-28 09:30 - 000104832 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.CoInstaller.dll
2018-11-16 02:44 - 2017-12-28 09:30 - 000053632 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.InfInstaller.exe
2018-11-13 10:02 - 2018-02-12 09:59 - 000000000 ____D C:\Program Files (x86)\D-com 3.5G
2018-11-13 09:50 - 2018-02-22 13:31 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-11-06 15:32 - 2018-02-06 17:49 - 001061002 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-04 09:41 - 2018-04-12 11:45 - 000000000 ____D C:\Users\CvP\AppData\Roaming\Mozilla
2018-11-04 09:40 - 2018-04-12 11:45 - 000001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-04 09:40 - 2018-04-12 11:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-04 09:40 - 2018-04-12 11:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-04 09:38 - 2018-02-12 10:01 - 000012273 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2018-11-03 11:11 - 2018-02-06 17:28 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-11-03 11:11 - 2017-12-28 19:54 - 000000000 __SHD C:\Users\CvP\IntelGraphicsProfiles
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-11-25 14:09
==================== End of FRST.txt ============================
perloc