Solved Could I have a virus?

sportsmom2x2

Thread Starter
Joined
Sep 3, 2007
Messages
261
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2021
Ran by bailey (04-12-2021 07:42:42)
Running from C:\Users\baile\Desktop
Microsoft Windows 10 Home Version 20H2 19042.1348 (X64) (2020-06-17 22:58:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-260720292-2504253849-2348319339-500 - Administrator - Disabled)
Baile (S-1-5-21-260720292-2504253849-2348319339-1002 - Limited - Disabled)
bailey (S-1-5-21-260720292-2504253849-2348319339-1001 - Administrator - Enabled) => C:\Users\baile
DefaultAccount (S-1-5-21-260720292-2504253849-2348319339-503 - Limited - Disabled)
Guest (S-1-5-21-260720292-2504253849-2348319339-501 - Limited - Disabled)
supportaccount (S-1-5-21-260720292-2504253849-2348319339-1003 - Administrator - Enabled) => C:\Users\supportaccount
WDAGUtilityAccount (S-1-5-21-260720292-2504253849-2348319339-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Amazon Games (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 2.1.5699.1 - Amazon.com Services, Inc.)
Amazon Photos (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Amazon Photos) (Version: 6.5.0 - Amazon.com, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C3A282C9-4C8B-4A63-B449-3A064FB378D7}) (Version: 8.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CC046FB9-E84E-4092-B924-DBE33DA2BE75}) (Version: 8.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cortona3D Viewer (HKLM\...\{71C24FD8-9FA4-4727-B1CB-E22B1E6D8403}) (Version: 8.6.212 - ParallelGraphics)
Dolby Atmos Windows API SDK (HKLM\...\{1F4A261B-588C-4A43-B1F0-49365AC430C7}) (Version: 1.1.3.23 - Dolby Laboratories, Inc.)
Dolby Atmos Windows APP (HKLM\...\{3CCE82BF-69CF-4172-8AFE-1DACB991A62B}) (Version: 1.1.3.21 - Dolby Laboratories, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ExpressVPN (HKLM-x32\...\{57e033a5-c75e-4823-83af-c1b6b3b759ab}) (Version: 10.0.9.2 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B876CD0833}) (Version: 10.0.9.2 - ExpressVPN) Hidden
Fitbit Connect (HKLM-x32\...\{F76678F2-2FF6-40D7-9B16-A39B0A820ED2}) (Version: 1.0.3.5512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
Grammarly (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\GrammarlyForWindows) (Version: 1.5.45 - Grammarly)
Grammarly for Microsoft® Office Suite (HKLM\...\{DE46CC28-5477-4CFB-9AE2-8C7C111E3EE7}) (Version: 6.8.261 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\{ee962c45-b827-4262-a720-3a939910ce37}) (Version: 6.8.261 - Grammarly)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud Outlook (HKLM\...\{969F33A2-7E0F-43FC-8896-6EF0C028CA12}) (Version: 10.9.0.9 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation) Hidden
iTunes (HKLM\...\{653C59E1-B78D-4D82-9259-C14DFD9F6EFC}) (Version: 12.11.3.17 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logi Bolt (HKLM\...\LogiBolt) (Version: 1.01.415.0 - Logi)
Logitech Options (HKLM\...\LogiOptions) (Version: 9.40.86 - Logitech)
Luminar 4 (HKLM\...\Luminar 4) (Version: 4.3.0.7119 - Skylum)
Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.43 - Microsoft Corporation)
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.5397.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-260720292-2504253849-2348319339-1003\...\OneDriveSetup.exe) (Version: 20.124.0621.0006 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5397.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5397.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5397.1002 - Microsoft Corporation) Hidden
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Polarr (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Polarr) (Version: 1.0.0 - Polarr, Inc.)
Polarr (HKU\S-1-5-21-260720292-2504253849-2348319339-1003\...\Polarr) (Version: 1.0.0 - Polarr, Inc.)
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-4) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-5) (Version: 1.0.42.0 - LunarG, Inc.)
Wacom Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-38 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.29-6 - Wacom Technology Corp.)
WD Backup (HKLM-x32\...\{09C422A7-0421-40A5-933A-9177BEDF9B3B}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{61ccf853-a113-4862-9d4a-6dd2b869c9db}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{014B7442-C784-45D3-A152-F7D2C651F28A}) (Version: 3.3.2110.22002 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\ZoomUMX) (Version: 5.4.3 (58891.1115) - Zoom Video Communications, Inc.)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2020-09-27] (Autodesk Inc.)
Bamboo Paper -> C:\Program Files\WindowsApps\D91E29CF.BambooPaper_2.0.23.0_x64__38kynpdw5g1aw [2021-11-18] (Wacom Europe GmbH)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2021.927.1.0_neutral__8xx8rvfyw5nnt [2021-10-01] (Facebook Inc)
Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6mqt6hf9g46tw [2020-09-27] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.4.265.0_x64__v10z8vjag6ke6 [2021-12-02] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa [2021-08-26] (Apple Inc.) [Startup Task]
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.19.0_neutral__8xx8rvfyw5nnt [2021-11-04] (Instagram)
Journalist -> C:\Program Files\WindowsApps\49752MichaelS.Scherotter.Journalist_1.1.631.0_x64__9eg5g21zq32qm [2021-07-27] (Michael S. Scherotter)
LastPass: Free Password Manager -> C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.69.0.0_neutral__qq0fmhteeht3j [2021-04-15] (LastPass)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2020-09-27] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2110.17.0_x64__k1h2ywk1493x8 [2021-11-18] (LENOVO INC.)
Libby, by OverDrive -> C:\Program Files\WindowsApps\2FA138F6.LibbybyOverDrive_1.4.2.0_x64__daecb9042jmvt [2020-09-27] (OverDrive Inc.)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1300.7.115.0_x64__8xx8rvfyw5nnt [2021-11-10] (Facebook Inc) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-09-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-09-27] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-31] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_51.10913.5796.0_x64__8wekyb3d8bbwe [2021-12-01] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-04-15] (Netflix, Inc.)
OverDrive - Library eBooks & Audiobooks -> C:\Program Files\WindowsApps\2FA138F6.OverDriveMediaConsole_3.8.0.5_neutral__daecb9042jmvt [2020-09-27] (OverDrive Inc.)
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2020-09-27] (Pandora Media Inc) [Startup Task]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-04-15] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-27] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0 [2021-11-26] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\baile\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.261\D457D793AD\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\baile\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.261\D457D793AD\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxDTCM.dll [2017-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\baile\Desktop\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc
ShortcutWithArgument: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc

==================== Loaded Modules (Whitelisted) =============

2015-09-11 14:17 - 2015-09-11 14:17 - 001374208 ____R (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\baile\Downloads\LIBEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKLM -> DefaultScope {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKLM-x32 -> DefaultScope {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2021-10-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-12-20] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 15:03 - 2019-07-11 01:06 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts

2018-08-20 13:44 - 2021-04-03 23:13 - 000000443 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Control Panel\Desktop\\Wallpaper -> c:\users\baile\pictures\saved pictures\1 my kids and family\brady and ricki\2_devils lake j (8).jpg
HKU\S-1-5-21-260720292-2504253849-2348319339-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: WTabletServiceISD => 2
MSCONFIG\Services: WTabletServicePro => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKLM\...\StartupApproved\Run32: => "Polarr"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{FB915863-E8D0-430A-BAF4-DFE4634B338A}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{131D7F90-ACA0-4069-96D0-1F3A00E14292}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F110E177-1997-42B6-AB07-24234331214B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BB9E4FCE-C6D4-4D79-A5B5-6596087E3486}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{205AC0AE-3A23-4EFF-9D8D-1407C7350A9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FD7C4B0-A458-45A0-A28F-74DD83578761}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6733E1F9-EA29-4E45-9CFA-FD25A297EAB6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DB029122-856A-4900-896E-B5F828836049}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E54CB9F1-20C0-41D4-8AFC-40C587F5A399}] => (Allow) C:\Users\baile\New folder\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{AB9F7C8B-357B-4AA5-8551-8FC526F6C262}] => (Allow) C:\Users\baile\New folder\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{CCCC2654-EEB2-49C0-9DE2-FA07E08758E9}] => (Allow) C:\Users\baile\New folder\steamapps\common\Rebel Forces\RebelForces.exe () [File not signed]
FirewallRules: [{1C84C52E-82C6-4AC8-8B61-CFEEDFDD7ECA}] => (Allow) C:\Users\baile\New folder\steamapps\common\Rebel Forces\RebelForces.exe () [File not signed]
FirewallRules: [{6BF03055-F70E-4244-BA2F-FDDEDF019799}] => (Allow) C:\Users\baile\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7BCF03C9-86FC-4BFF-B88D-B2A4FDD51DE7}] => (Allow) C:\Users\baile\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{4765E7B2-E045-474A-99DF-C6F971C7A6CC}] => (Allow) C:\Users\baile\New folder\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{E063C019-70C6-42D0-BE28-D7378F0FB7B2}] => (Allow) C:\Users\baile\New folder\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{5A2E9522-BC99-433F-AE07-12284CC5496A}] => (Allow) C:\Users\baile\Downloads\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3C50D189-BE36-4E84-9B49-16F1565345D5}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS7CE5\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{3D1EF359-1690-41E9-9DA7-380660E6D699}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS7CE5\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{E24BEBF0-7961-4468-8B36-B43B30E892DA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{109682B1-CB8C-4DC1-AA4F-97C5920A01F5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B01CC7BF-461C-4973-A65D-0DD1B8E89769}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F9164E6F-39EE-4E35-81D9-067E432681A2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{295D0A1D-BF67-4485-8A2C-696C625C6FD5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C8397B83-63B2-454C-A613-5C9FC72F3C3C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BAD8CBE0-42DE-4048-A44E-75645C494D20}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{22117095-6DD3-4BCD-A7A5-5B915E0F5875}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A904CBDE-DB1A-4FDC-B194-16FE6E6785F0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{87186114-5705-4BB8-9F4D-22A0BDE5453E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5031472B-E669-4227-A608-1A0D4EFCBDF0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B247D1C0-8D69-4620-9530-BBE6EC14CA12}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AF222F92-229C-422A-A80F-64C3E7F87B52}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{57382B5D-78B2-4D71-A607-7BC55AB1DC39}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)

==================== Restore Points =========================

19-11-2021 19:00:20 Scheduled Checkpoint
20-11-2021 02:42:31 AdwCleaner_BeforeCleaning_20/11/2021_02:42:31
28-11-2021 19:30:29 Scheduled Checkpoint
29-11-2021 17:45:27 Windows Modules Installer
30-11-2021 05:32:05 Installed Windows PC Health Check
04-12-2021 04:39:41 AdwCleaner_BeforeCleaning_04/12/2021_04:39:40
04-12-2021 05:23:59 Restore Point Created by FRST
04-12-2021 07:31:09 AdwCleaner_BeforeCleaning_04/12/2021_07:31:07
04-12-2021 07:37:07 AdwCleaner_BeforeCleaning_04/12/2021_07:37:07

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/04/2021 06:09:01 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (12/04/2021 06:08:56 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (12/04/2021 06:08:51 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (12/04/2021 06:08:46 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (12/04/2021 06:08:41 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (12/04/2021 06:08:36 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (12/04/2021 06:08:31 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (12/04/2021 06:08:26 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.


System errors:
=============
Error: (12/04/2021 07:37:25 AM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (12/04/2021 07:37:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The System Interface Foundation Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/04/2021 07:37:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Content Protection HECI Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/04/2021 07:37:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dolby DAX API Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/04/2021 07:37:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (12/04/2021 07:37:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Print Scan Doctor Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (12/04/2021 07:37:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel Bluetooth Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/04/2021 07:37:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Genuine Monitor Service service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
================
Date: 2021-12-03 23:17:44
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-12-02 19:11:17
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-12-01 20:40:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-29 19:05:47
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-29 17:45:15
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2021-11-24 00:44:29
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection.

Date: 2021-11-23 13:26:03
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2021-11-23 13:25:58
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: Real-time protection has stopped functioning for an unknown reason. Restart the service in order to recover.

CodeIntegrity:
===============
Date: 2021-05-26 02:58:15
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\WindowManagementAPI.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-09-27 21:49:42
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\afunix.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-09-27 21:49:41
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\WdiWiFi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-09-27 21:49:41
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\BTHUSB.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-09-06 02:43:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO 4MCN33WW(V2.05) 07/19/2018
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 57%
Total physical RAM: 8050.39 MB
Available physical RAM: 3413.62 MB
Total Virtual: 11122.39 MB
Available Virtual: 6391.91 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:66.66 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:12.17 GB) NTFS

\\?\Volume{f502dc90-57ed-4a7b-a2e2-fa55f122b281}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.47 GB) NTFS
\\?\Volume{d43090cd-ee40-4e84-a945-39394c9839b4}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A3FF1E49)

Partition: GPT.

==================== End of Addition.txt =======================
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,778
Hi, sportsmom.

1. Malwarebytes setting

It seems that you didn't change the Malwarebytes settings as instructed here (see step 4 inside the code). Please do that.


2. Account in question

Do you recognize this account?

supportaccount (S-1-5-21-260720292-2504253849-2348319339-1003 - Administrator - Enabled) => C:\Users\supportaccount


3. Uninstall apps

Click on the Start menu, find the following apps, right click on each one and choose Uninstall.

Lenovo Account Portal
Lenovo Vantage


4. Question about Edge

Do you have the Sync option for Edge enabled? If yes, please turn it off.

Click on the 3 horizontal dots at the top right corner and choose Settings. With the Profiles tab selected, turn the Sync option off.


5. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.[/*]
Code:
Start::
CreateRestorePoint:
CloseProcesses:
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraVPN.lnk [2019-02-01]
ShortcutTarget: UltraVPN.lnk -> C:\Program Files (x86)\UltraVPN\UltraVPN.exe (No File)
Task: {2DFF51F1-CABB-4908-BA77-B2BAB7347C9C} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-260720292-2504253849-2348319339-1001 => C:\Users\baile\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe (No File)
Task: {7848135A-8EF5-4AFB-A798-B422DE4CA12A} - \Lenovo\ImController\TimeBasedEvents\d040a9c9-0bfd-4db9-b6f8-17b5843acf3a -> No File <==== ATTENTION
Task: {D86AA673-AC0D-47E7-ACC6-104447534C96} - \Lenovo\ImController\TimeBasedEvents\37eff6f5-1f0a-44d7-b67e-64146bc110ed -> No File <==== ATTENTION
Task: {DCEBA8D9-EDC4-48AA-97D8-C949C81E62BF} - \Lenovo\ImController\TimeBasedEvents\18be2cdc-ad9c-4df9-9c5c-34438fd4860a -> No File <==== ATTENTION
Edge StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88fptxqjxp1acegikmwv4003219&param1=y6bdVFVIsvuYsgEClQfz8Gt8Oby4iBdjLq7%2Fysk4Phe5sV980wpeWqTlm5o9JII7iwwCvodvHVmpLIImL8j7rfbdJPlUwIIjqsZs2SjQQqCJvjS%2FQWY7KMbX%2FIbp9XkODOpZ1gnHRs3GPSypa6phnT6z2I1QoBwvRV%2FZDyyoVAPPPUsCDpVGq%2BpJ8sRZ0c7vOtazvH%2FdN4JThvEz%2B3sI%2BQIXutpSjLkz26%2BjMooTs0HZK%2FprPDR%2FVhBGYy41OTdWRLZ1nxtk9tzcE5AP%2Bso8ZX6rWFU6IgCN2KGbkqMOTzHtLQ6MgRDwf7aT8P66GsUbwrq9Mk7vfQzO8tvlB5sDEg%2F6d6juo%2F7hR5zLtsx3AxbWbHpmwcF7OSyZyPwkQyZejStlfM1yVRFc9JqPkXOpuA%3D%3D"
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
2021-12-04 05:24 - 2020-06-17 16:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\TVT
2021-12-04 05:24 - 2020-06-17 16:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG
2021-12-04 05:18 - 2020-06-25 13:50 - 000000000 ____D C:\Program Files (x86)\Lenovo
2021-12-04 05:18 - 2020-06-17 16:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-12-04 05:18 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-12-04 05:18 - 2017-12-19 21:46 - 000000000 ____D C:\Users\baile\AppData\Local\Lenovo
FirewallRules: [{7BCF03C9-86FC-4BFF-B88D-B2A4FDD51DE7}] => (Allow) C:\Users\baile\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{3C50D189-BE36-4E84-9B49-16F1565345D5}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS7CE5\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{3D1EF359-1690-41E9-9DA7-380660E6D699}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS7CE5\HPDiagnosticCoreUI.exe => No File
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

In your next reply, please post:
  1. A reply for all my steps above.
  2. How is the computer running now?
 
Last edited:

sportsmom2x2

Thread Starter
Joined
Sep 3, 2007
Messages
261
Account in question

Do you recognize this account?

supportaccount (S-1-5-21-260720292-2504253849-2348319339-1003 - Administrator - Enabled) => C:\Users\supportaccount
I don't know what this is. My account should be the only account. I should be the administrator
 

sportsmom2x2

Thread Starter
Joined
Sep 3, 2007
Messages
261
Run Malwarebytes (Scan mode)
  • Open Malware you have already installed.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, ALL the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.

    That is weird because I did do this, in fact double checked . They were little switches that were all blue, correct. Not boxes to check. Under the title Window Security center is not checked, so it was not blue.

  • I will go back and do it again.
 

sportsmom2x2

Thread Starter
Joined
Sep 3, 2007
Messages
261
Is this how you want it to look? Please see attached pic

Edge Sync option for Edge enabled Must not be. Says to sync sign on.

Lenovo Account Portal
Lenovo Vantage
Are uninstalled. I will wait to hear what to do different on the Malwarebytes before I proceed with # 5. thank you
 

Attachments

sportsmom2x2

Thread Starter
Joined
Sep 3, 2007
Messages
261
If threats are not found, click View Report and proceed to the two last steps below. No threats were found after the first scan with the changes--
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,778
Yes, Malwarebytes is set correctly. In your Addition log above, it was shown that Malwarebytes was set to be registered in the Windows Center. This prevents Windows Defender to enable its self.

Please go on to step 5.
 

sportsmom2x2

Thread Starter
Joined
Sep 3, 2007
Messages
261
Fix result of Farbar Recovery Scan Tool (x64) Version: 01-12-2021
Ran by bailey (04-12-2021 10:00:45) Run:8
Running from C:\Users\baile\Desktop
Loaded Profiles: bailey & supportaccount
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraVPN.lnk [2019-02-01]
ShortcutTarget: UltraVPN.lnk -> C:\Program Files (x86)\UltraVPN\UltraVPN.exe (No File)
Task: {2DFF51F1-CABB-4908-BA77-B2BAB7347C9C} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-260720292-2504253849-2348319339-1001 => C:\Users\baile\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe (No File)
Task: {7848135A-8EF5-4AFB-A798-B422DE4CA12A} - \Lenovo\ImController\TimeBasedEvents\d040a9c9-0bfd-4db9-b6f8-17b5843acf3a -> No File <==== ATTENTION
Task: {D86AA673-AC0D-47E7-ACC6-104447534C96} - \Lenovo\ImController\TimeBasedEvents\37eff6f5-1f0a-44d7-b67e-64146bc110ed -> No File <==== ATTENTION
Task: {DCEBA8D9-EDC4-48AA-97D8-C949C81E62BF} - \Lenovo\ImController\TimeBasedEvents\18be2cdc-ad9c-4df9-9c5c-34438fd4860a -> No File <==== ATTENTION
Edge StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88fptxqjxp1acegikmwv4003219&param1=y6bdVFVIsvuYsgEClQfz8Gt8Oby4iBdjLq7%2Fysk4Phe5sV980wpeWqTlm5o9JII7iwwCvodvHVmpLIImL8j7rfbdJPlUwIIjqsZs2SjQQqCJvjS%2FQWY7KMbX%2FIbp9XkODOpZ1gnHRs3GPSypa6phnT6z2I1QoBwvRV%2FZDyyoVAPPPUsCDpVGq%2BpJ8sRZ0c7vOtazvH%2FdN4JThvEz%2B3sI%2BQIXutpSjLkz26%2BjMooTs0HZK%2FprPDR%2FVhBGYy41OTdWRLZ1nxtk9tzcE5AP%2Bso8ZX6rWFU6IgCN2KGbkqMOTzHtLQ6MgRDwf7aT8P66GsUbwrq9Mk7vfQzO8tvlB5sDEg%2F6d6juo%2F7hR5zLtsx3AxbWbHpmwcF7OSyZyPwkQyZejStlfM1yVRFc9JqPkXOpuA%3D%3D"
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
2021-12-04 05:24 - 2020-06-17 16:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\TVT
2021-12-04 05:24 - 2020-06-17 16:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG
2021-12-04 05:18 - 2020-06-25 13:50 - 000000000 ____D C:\Program Files (x86)\Lenovo
2021-12-04 05:18 - 2020-06-17 16:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-12-04 05:18 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-12-04 05:18 - 2017-12-19 21:46 - 000000000 ____D C:\Users\baile\AppData\Local\Lenovo
FirewallRules: [{7BCF03C9-86FC-4BFF-B88D-B2A4FDD51DE7}] => (Allow) C:\Users\baile\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{3C50D189-BE36-4E84-9B49-16F1565345D5}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS7CE5\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{3D1EF359-1690-41E9-9DA7-380660E6D699}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS7CE5\HPDiagnosticCoreUI.exe => No File
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraVPN.lnk => moved successfully
"C:\Program Files (x86)\UltraVPN\UltraVPN.exe" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2DFF51F1-CABB-4908-BA77-B2BAB7347C9C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DFF51F1-CABB-4908-BA77-B2BAB7347C9C}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-260720292-2504253849-2348319339-1001 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Service Bridge\S-1-5-21-260720292-2504253849-2348319339-1001" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7848135A-8EF5-4AFB-A798-B422DE4CA12A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7848135A-8EF5-4AFB-A798-B422DE4CA12A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\d040a9c9-0bfd-4db9-b6f8-17b5843acf3a" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D86AA673-AC0D-47E7-ACC6-104447534C96}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D86AA673-AC0D-47E7-ACC6-104447534C96}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\37eff6f5-1f0a-44d7-b67e-64146bc110ed" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCEBA8D9-EDC4-48AA-97D8-C949C81E62BF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCEBA8D9-EDC4-48AA-97D8-C949C81E62BF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\18be2cdc-ad9c-4df9-9c5c-34438fd4860a" => removed successfully
"Edge StartupUrls" => removed successfully
HKLM\System\CurrentControlSet\Services\ImControllerService => removed successfully
ImControllerService => service removed successfully
C:\WINDOWS\system32\Tasks\TVT => moved successfully
C:\WINDOWS\system32\Tasks\AVG => moved successfully
C:\Program Files (x86)\Lenovo => moved successfully
C:\WINDOWS\system32\Tasks\Lenovo => moved successfully
C:\WINDOWS\ImmersiveControlPanel => moved successfully
C:\Users\baile\AppData\Local\Lenovo => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7BCF03C9-86FC-4BFF-B88D-B2A4FDD51DE7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3C50D189-BE36-4E84-9B49-16F1565345D5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3D1EF359-1690-41E9-9DA7-380660E6D699}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22077314 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 919257 B
Edge => 0 B
Chrome => 316662806 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 3992 B
baile => 27173816 B
supportaccount => 27173816 B

RecycleBin => 8622059 B
EmptyTemp: => 384 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:01:19 ====
 

sportsmom2x2

Thread Starter
Joined
Sep 3, 2007
Messages
261
All completed per above. It was running much quicker.
What was the support account?
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,778
OK! :)

1. Check Edge

Open Edge and tell me what's the startup page URL.

2. Check supportaccount

Go to C:\Users\supportaccount and check if there is anything you recognize inside the account's folders.

If not:
  • Go to Control Panel (write Control Panel in the Search area and choose it from the items appeared).
  • Choose Users accounts > Users accounts > Manage other account
  • Choose support account and choose Delete account
  • Choose to delete everything and restart
  • Let me know if everything went fine
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,778
Although Yahoo is a legitimate search engine, many times users can experience undesirable redirects to it - due to rogue software, called browser hijackers, having infiltrated the browser and/or system.

I tried removing it twice and it returns. Is this your choice?
 

sportsmom2x2

Thread Starter
Joined
Sep 3, 2007
Messages
261
C:\Users\supportaccount Empty folders that are replicas of other folders I have except for the last one. The last one's name is ntuser.dat with 1,536 KB. I can't open it.
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top