In Progress Team Viewer Warning box and Problem submitting message

sportsmom2x2

Thread Starter
Joined
Sep 3, 2007
Messages
212
SystemLook 04.09.10 by jpshortstuff
Log created at 22:14 on 03/08/2020 by bailey
Administrator - Elevation successful

========== dir ==========

C:\Users\baile\AppData\Roaming\QTUpdate - Parameters: "(none)"

---Files---
lnk.bat --a---- 416 bytes [03:01 06/07/2020] [11:10 11/05/2020]
msi.dll.x --a---- 5647360 bytes [03:01 06/07/2020] [17:36 27/07/2020]
QTConnect.exe --a---- 24316592 bytes [03:01 06/07/2020] [05:25 09/08/2016]
TeamViewer.ini --a---- 130 bytes [03:01 06/07/2020] [22:47 16/08/2019]
TeamViewer_Desktop.exe --a---- 6609168 bytes [03:01 06/07/2020] [05:25 09/08/2016]
TeamViewer_Resource_en.dll --a---- 709904 bytes [03:01 06/07/2020] [05:27 09/08/2016]
TeamViewer_StaticRes.dll --a---- 981776 bytes [03:01 06/07/2020] [05:25 09/08/2016]
update.exe --a---- 5758046 bytes [03:01 06/07/2020] [14:28 29/06/2020]

---Folders---
None found.

-= EOF =-
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,918
You did the export of the log from MalwareBytes correctly but it's not the right log. I need to see the one from the scan done on August 4rd at 4:56 a.m. which found four items so please post that one.
 

sportsmom2x2

Thread Starter
Joined
Sep 3, 2007
Messages
212
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/3/20
Scan Time: 4:54 AM
Log File: 4af68a9e-d56f-11ea-b069-00ff4b07db70.json

-Software Information-
Version: 4.1.2.73
Components Version: 1.0.990
Update Package Version: 1.0.27863
License: Trial

-System Information-
OS: Windows 10 (Build 19041.388)
CPU: x64
File System: NTFS
User: YOGA720-15IKB\bailey

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 308051
Threats Detected: 5
Threats Quarantined: 5
Time Elapsed: 1 min, 4 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 1
Malware.AI.4224728563, C:\WINDOWS\BRANDING\MEDIASVC.PNG, Quarantined, 1000000, 0, , , ,

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 4
Malware.AI.4224728563, C:\WINDOWS\BRANDING\MEDIASVC.PNG, Quarantined, 1000000, 0, 1.0.27863, 24E0737E58EC2630FBD03DF3, dds, 00835681
Generic.Malware/Suspicious, C:\USERS\BAILE\APPDATA\LOCAL\TEMP\XS5WELAW7JEQO2SSOKLDMSUZFFLDDTW.EXE, Quarantined, 0, 392686, 1.0.27863, , shuriken,
Generic.Malware/Suspicious, C:\USERS\BAILE\APPDATA\LOCAL\TEMP\LDZXBSU2TN8ROWGPYKE1TPIL2O3SBV8.EXE, Quarantined, 0, 392686, 1.0.27863, , shuriken,
Generic.Malware/Suspicious, C:\USERS\SUPPORTACCOUNT\DESKTOP\JUL15.EXE, Quarantined, 0, 392686, 1.0.27863, , shuriken,

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,918
There are a couple of things that are a bit suspicious so I'm going to ask a Malware Specialist to examine the FRST logs.

But I also noticed you have remnants of AVG and Kaspersky. In the meantime, you can delete the following folders:

C:\Users\baile\AppData\Roaming\TeamViewer
C:\Users\baile\AppData\Roaming\QTUpdate
C:\Program Files (x86)\AVG
C:\Program Files\Common Files\AVG
C:\Program Files\Common Files\AV\Kaspersky Anti-Virus
C:\Windows\System32\Tasks\Kaspersky_Upgrade_{E7FE8BD6-07C8-4138-AB61-92AA886397EA}
 

sportsmom2x2

Thread Starter
Joined
Sep 3, 2007
Messages
212
I searched for the AVG and Kaspersky files, but must have deleted them after I contacted you and before you responded. I also have left over HP files from an HP printer that Is stock somewhere after uninstalled a 8600 printer1596670687352.png
 

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
902
Hi sportsmom2x2,

Welcome . :)

I'm currently reviewing your logs and will get back to you as soon as possible.
 

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
902
Hi sportsmom2x2

---------------------------------------------------
Farbar Recovery Scan Tool - Fix

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Code:
    Start::
    CreateRestorePoint:
    CloseProcesses:
    VirusTotal: C:\Users\baile\AppData\Roaming\QTUpdate\QTConnect.exe;C:\Users\baile\AppData\Roaming\fix.ps1
    Task: {1E649CDA-95E1-4B8C-B8E8-74E8382B8CFE} - \Lenovo\ImController\TimeBasedEvents\3578e401-7899-4505-bb7f-e2699d3bdc54 -> No File <==== ATTENTION
    Task: {5F2A695C-4652-4E66-9D0F-F4622437989B} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
    Task: {63861543-5211-4E66-8801-6EFD8591E965} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
    Task: {6DC127F4-26AE-4CF1-8B85-4750BA3F33C6} - \Lenovo\ImController\TimeBasedEvents\d8f8e894-3373-4d40-8917-bafb04fe4bb4 -> No File <==== ATTENTION
    Task: {7A3D0264-EDC8-4A0D-9047-006CB6A37F61} - \Lenovo\ImController\TimeBasedEvents\960dd729-c0eb-49c1-a0ce-ca278229e491 -> No File <==== ATTENTION
    Task: {8FD88D6A-AA33-4048-8CF1-9258C185DABA} - \Lenovo\ImController\TimeBasedEvents\fcb69c11-3619-4a54-9840-18dbb3be06b4 -> No File <==== ATTENTION
    Task: {DD27DF0B-4D9F-4AC3-997C-D0FE4E778AF9} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> DefaultScope {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
    SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
    Edge StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88fptxqjxp1acegikmwv4003219&param1=y6bdVFVIsvuYsgEClQfz8Gt8Oby4iBdjLq7%2Fysk4Phe5sV980wpeWqTlm5o9JII7iwwCvodvHVmpLIImL8j7rfbdJPlUwIIjqsZs2SjQQqCJvjS%2FQWY7KMbX%2FIbp9XkODOpZ1gnHRs3GPSypa6phnT6z2I1QoBwvRV%2FZDyyoVAPPPUsCDpVGq%2BpJ8sRZ0c7vOtazvH%2FdN4JThvEz%2B3sI%2BQIXutpSjLkz26%2BjMooTs0HZK%2FprPDR%2FVhBGYy41OTdWRLZ1nxtk9tzcE5AP%2Bso8ZX6rWFU6IgCN2KGbkqMOTzHtLQ6MgRDwf7aT8P66GsUbwrq9Mk7vfQzO8tvlB5sDEg%2F6d6juo%2F7hR5zLtsx3AxbWbHpmwcF7OSyZyPwkQyZejStlfM1yVRFc9JqPkXOpuA%3D%3D"
    Edge DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=88fptxqjxp1acegikmwv4003219&param1=y6bdVFVIsvuYsgEClQfz8Gt8Oby4iBdjLq7%2Fysk4Phe5sV980wpeWqTlm5o9JII7iwwCvodvHVmpLIImL8j7ralwMtuqAWhvzt1IOFaMAcIduuJdmZe%2F3qriGNINMsteBhsX4nTzv8if0sWGgtKnQxNjXsYijXol39mTSjbOqmQGwZ8RMfbrUvnq3hKH3vWcRSN%2B8ABxFsECMCz1XKVrVkyOwJKfeoKhKMw1Dn%2BTEmoGtgVW9dehbKtCdtpIoWP65Tth5bGSfnw84vm8nTEqhL2MAGSYkftDJ33biJjzoaSymfHtnBhah2XVBZH0FSMcE5jGZazMhgjPIEhW7jcaUKM2GbXMpgi72MqAZ%2B0DebAzV3ojaKV5fpXCFED0kSwhv%2FnEWk6KNggrPCE5szjO2A%3D%3D&p={searchTerms}
    Edge DefaultSearchKeyword: Default -> us.search.yahoo.com
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
    Folder: C:\WINDOWS\branding
    ExportKey: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TermService
    S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X]
    Folder: c:\ProgramData\t3460
    Folder: C:\Users\baile\AppData\Roaming\TeamViewer
    CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
    ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
    ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
    ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
    ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
    FirewallRules: [{26019E5A-38C6-4D59-A5BE-8BDD267EDF6F}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS5E63\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{6B0D2048-307F-4244-AA4F-F2E848B56A09}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS5E63\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{9C38DD02-D1E5-42D1-B4AC-B5184FD1F6C9}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS39E4\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{0BA55689-C33A-4822-9E64-B3B2B16C88F7}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS39E4\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{C9296C30-660F-4D19-A23C-EA4864E409CA}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS427F\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{13017506-C2BE-42D1-A758-995EDCCF0D55}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS427F\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{2576A27D-0033-45B0-A059-CDC6B6633429}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS3C0D\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{61D876BE-D09D-4574-8C61-A846F591D4C7}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS3C0D\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{6CA07FE1-40F3-43F8-AC26-4C66B624A746}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS35F8\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{1EA577F8-A4B3-4D77-A21E-CE16F2BAC4F0}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS35F8\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{DB3CDFC4-2BF6-4663-8BC3-5E4D862A5642}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS501F\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{938EFB33-83CF-496D-95BC-EBEDF2230A57}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS501F\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{2DE0C751-C20B-41D9-ACE9-FA286B5FD124}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe => No File
    FirewallRules: [{3966583E-9BD3-4AA7-ADEF-A8E228560145}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe => No File
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
 

sportsmom2x2

Thread Starter
Joined
Sep 3, 2007
Messages
212
Thank you


Fix result of Farbar Recovery Scan Tool (x64) Version: 08-08-2020
Ran by bailey (09-08-2020 00:29:28) Run:1
Running from C:\Users\baile\Desktop
Loaded Profiles: bailey
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
VirusTotal: C:\Users\baile\AppData\Roaming\QTUpdate\QTConnect.exe;C:\Users\baile\AppData\Roaming\fix.ps1
Task: {1E649CDA-95E1-4B8C-B8E8-74E8382B8CFE} - \Lenovo\ImController\TimeBasedEvents\3578e401-7899-4505-bb7f-e2699d3bdc54 -> No File <==== ATTENTION
Task: {5F2A695C-4652-4E66-9D0F-F4622437989B} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {63861543-5211-4E66-8801-6EFD8591E965} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {6DC127F4-26AE-4CF1-8B85-4750BA3F33C6} - \Lenovo\ImController\TimeBasedEvents\d8f8e894-3373-4d40-8917-bafb04fe4bb4 -> No File <==== ATTENTION
Task: {7A3D0264-EDC8-4A0D-9047-006CB6A37F61} - \Lenovo\ImController\TimeBasedEvents\960dd729-c0eb-49c1-a0ce-ca278229e491 -> No File <==== ATTENTION
Task: {8FD88D6A-AA33-4048-8CF1-9258C185DABA} - \Lenovo\ImController\TimeBasedEvents\fcb69c11-3619-4a54-9840-18dbb3be06b4 -> No File <==== ATTENTION
Task: {DD27DF0B-4D9F-4AC3-997C-D0FE4E778AF9} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> DefaultScope {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
Edge StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88fptxqjxp1acegikmwv4003219&param1=y6bdVFVIsvuYsgEClQfz8Gt8Oby4iBdjLq7%2Fysk4Phe5sV980wpeWqTlm5o9JII7iwwCvodvHVmpLIImL8j7rfbdJPlUwIIjqsZs2SjQQqCJvjS%2FQWY7KMbX%2FIbp9XkODOpZ1gnHRs3GPSypa6phnT6z2I1QoBwvRV%2FZDyyoVAPPPUsCDpVGq%2BpJ8sRZ0c7vOtazvH%2FdN4JThvEz%2B3sI%2BQIXutpSjLkz26%2BjMooTs0HZK%2FprPDR%2FVhBGYy41OTdWRLZ1nxtk9tzcE5AP%2Bso8ZX6rWFU6IgCN2KGbkqMOTzHtLQ6MgRDwf7aT8P66GsUbwrq9Mk7vfQzO8tvlB5sDEg%2F6d6juo%2F7hR5zLtsx3AxbWbHpmwcF7OSyZyPwkQyZejStlfM1yVRFc9JqPkXOpuA%3D%3D"
Edge DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=88fptxqjxp1acegikmwv4003219&param1=y6bdVFVIsvuYsgEClQfz8Gt8Oby4iBdjLq7%2Fysk4Phe5sV980wpeWqTlm5o9JII7iwwCvodvHVmpLIImL8j7ralwMtuqAWhvzt1IOFaMAcIduuJdmZe%2F3qriGNINMsteBhsX4nTzv8if0sWGgtKnQxNjXsYijXol39mTSjbOqmQGwZ8RMfbrUvnq3hKH3vWcRSN%2B8ABxFsECMCz1XKVrVkyOwJKfeoKhKMw1Dn%2BTEmoGtgVW9dehbKtCdtpIoWP65Tth5bGSfnw84vm8nTEqhL2MAGSYkftDJ33biJjzoaSymfHtnBhah2XVBZH0FSMcE5jGZazMhgjPIEhW7jcaUKM2GbXMpgi72MqAZ%2B0DebAzV3ojaKV5fpXCFED0kSwhv%2FnEWk6KNggrPCE5szjO2A%3D%3D&p={searchTerms}
Edge DefaultSearchKeyword: Default -> us.search.yahoo.com
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
Folder: C:\WINDOWS\branding
ExportKey: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TermService
S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X]
Folder: c:\ProgramData\t3460
Folder: C:\Users\baile\AppData\Roaming\TeamViewer
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
FirewallRules: [{26019E5A-38C6-4D59-A5BE-8BDD267EDF6F}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS5E63\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{6B0D2048-307F-4244-AA4F-F2E848B56A09}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS5E63\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9C38DD02-D1E5-42D1-B4AC-B5184FD1F6C9}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS39E4\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{0BA55689-C33A-4822-9E64-B3B2B16C88F7}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS39E4\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{C9296C30-660F-4D19-A23C-EA4864E409CA}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS427F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{13017506-C2BE-42D1-A758-995EDCCF0D55}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS427F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2576A27D-0033-45B0-A059-CDC6B6633429}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS3C0D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{61D876BE-D09D-4574-8C61-A846F591D4C7}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS3C0D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{6CA07FE1-40F3-43F8-AC26-4C66B624A746}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS35F8\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{1EA577F8-A4B3-4D77-A21E-CE16F2BAC4F0}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS35F8\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{DB3CDFC4-2BF6-4663-8BC3-5E4D862A5642}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS501F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{938EFB33-83CF-496D-95BC-EBEDF2230A57}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS501F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2DE0C751-C20B-41D9-ACE9-FA286B5FD124}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe => No File
FirewallRules: [{3966583E-9BD3-4AA7-ADEF-A8E228560145}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe => No File

*****************

Restore point was successfully created.
Processes closed successfully.
"VirusTotal: C:\Users\baile\AppData\Roaming\QTUpdate\QTConnect.exe" => not found
VirusTotal: C:\Users\baile\AppData\Roaming\fix.ps1 => https://www.virustotal.com/gui/file...48c74ab4201101a4ae2c9ec1703a5ab5f9-1596950984
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E649CDA-95E1-4B8C-B8E8-74E8382B8CFE}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\3578e401-7899-4505-bb7f-e2699d3bdc54" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5F2A695C-4652-4E66-9D0F-F4622437989B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F2A695C-4652-4E66-9D0F-F4622437989B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63861543-5211-4E66-8801-6EFD8591E965}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63861543-5211-4E66-8801-6EFD8591E965}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Monitor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DC127F4-26AE-4CF1-8B85-4750BA3F33C6}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\d8f8e894-3373-4d40-8917-bafb04fe4bb4" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A3D0264-EDC8-4A0D-9047-006CB6A37F61}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\960dd729-c0eb-49c1-a0ce-ca278229e491" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FD88D6A-AA33-4048-8CF1-9258C185DABA}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\fcb69c11-3619-4a54-9840-18dbb3be06b4" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD27DF0B-4D9F-4AC3-997C-D0FE4E778AF9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD27DF0B-4D9F-4AC3-997C-D0FE4E778AF9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask" => removed successfully
"HKU\S-1-5-21-260720292-2504253849-2348319339-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} => removed successfully
"Edge StartupUrls" => removed successfully
"Edge DefaultSearchURL" => removed successfully
"Edge DefaultSearchKeyword" => removed successfully
HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect => removed successfully

========================= Folder: C:\WINDOWS\branding ========================

2014-11-11 13:00 - 2014-11-11 13:00 - 000055808 ____A [14D089B8DB4132011FBB1DDF3CC6EB97] (important) C:\WINDOWS\branding\mediasrv.png
2014-11-11 13:00 - 2014-11-11 13:00 - 000152418 ____A [49DE4C621A5A22A3CCB9AB69BD1A5DAF] () C:\WINDOWS\branding\wupsvc.jpg
2014-11-11 13:00 - 2014-11-11 13:00 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\branding\Basebrd
2019-12-07 04:08 - 2019-12-07 04:08 - 001479368 ____A [CC0583AEB44859E5106FA3DBBD3AE983] (Microsoft Corporation) C:\WINDOWS\branding\Basebrd\basebrd.dll
2019-12-07 04:49 - 2020-06-17 17:29 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\branding\Basebrd\en-US
2020-06-17 17:26 - 2020-06-17 17:26 - 000008192 ____A [1B9E9972B86244F32D32F50DEDCAF937] (Microsoft Corporation) C:\WINDOWS\branding\Basebrd\en-US\basebrd.dll.mui
2014-11-11 13:00 - 2014-11-11 13:00 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\branding\shellbrd
2019-12-07 04:08 - 2019-12-07 04:08 - 000962048 ____A [167726ADF6B1BD73B6D2C09AFB96E853] (Microsoft Corporation) C:\WINDOWS\branding\shellbrd\shellbrd.dll

====== End of Folder: ======

================== ExportKey: ===================

[HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TermService]
"DependOnService"="RPCSS"
"Description"="@%SystemRoot%\System32\termsrv.dll,-267"
"DisplayName"="@%SystemRoot%\System32\termsrv.dll,-268"
"ErrorControl"="1"
"FailureActions"="80510100000000000000000003000000140000000100000060ea00000100000060ea00000000000060ea0000"
"ImagePath"="%SystemRoot%\System32\svchost.exe -k NetworkService"
"ObjectName"="NT Authority\NetworkService"
"RequiredPrivileges"="SeAssignPrimaryTokenPrivilege*SeAuditPrivilege*SeChangeNotifyPrivilege*SeCreateGlobalPrivilege*SeImpersonatePrivilege*SeIncreaseQuotaPrivilege"
"ServiceSidType"="1"
"Start"="2"
"Type"="16"
[HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TermService\Parameters]
"ServiceDll"="C:\WINDOWS\branding\mediasrv.png"
"ServiceDllUnloadOnStop"="1"
[HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TermService\Performance]
"Close"="CloseTSObject"
"Collect"="CollectTSObjectData"
"Collect Timeout"="1000"
"Library"="C:\Windows\System32\perfts.dll"
"Open"="OpenTSObject"
"Open Timeout"="1000"
"InstallType"="1"
"PerfIniFile"="tslabels.ini"
"First Counter"="6774"
"Last Counter"="6774"
"First Help"="6775"
"Last Help"="6775"
"Object List"="6774"

=== End of ExportKey ===
HKLM\System\CurrentControlSet\Services\ImControllerService => removed successfully
ImControllerService => service removed successfully

========================= Folder: c:\ProgramData\t3460 ========================


====== End of Folder: ======


========================= Folder: C:\Users\baile\AppData\Roaming\TeamViewer ========================

not found.

====== End of Folder: ======

HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{26019E5A-38C6-4D59-A5BE-8BDD267EDF6F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B0D2048-307F-4244-AA4F-F2E848B56A09}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9C38DD02-D1E5-42D1-B4AC-B5184FD1F6C9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0BA55689-C33A-4822-9E64-B3B2B16C88F7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9296C30-660F-4D19-A23C-EA4864E409CA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{13017506-C2BE-42D1-A758-995EDCCF0D55}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2576A27D-0033-45B0-A059-CDC6B6633429}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{61D876BE-D09D-4574-8C61-A846F591D4C7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6CA07FE1-40F3-43F8-AC26-4C66B624A746}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1EA577F8-A4B3-4D77-A21E-CE16F2BAC4F0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DB3CDFC4-2BF6-4663-8BC3-5E4D862A5642}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{938EFB33-83CF-496D-95BC-EBEDF2230A57}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2DE0C751-C20B-41D9-ACE9-FA286B5FD124}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3966583E-9BD3-4AA7-ADEF-A8E228560145}" => removed successfully


The system needed a reboot.

==== End of Fixlog 00:29:46 ====
 

sportsmom2x2

Thread Starter
Joined
Sep 3, 2007
Messages
212
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2020
Ran by bailey (09-08-2020 00:27:58)
Running from C:\Users\baile\Desktop
Windows 10 Home Version 2004 19041.388 (X64) (2020-06-17 22:58:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-260720292-2504253849-2348319339-500 - Administrator - Disabled)
Baile (S-1-5-21-260720292-2504253849-2348319339-1002 - Limited - Disabled)
bailey (S-1-5-21-260720292-2504253849-2348319339-1001 - Administrator - Enabled) => C:\Users\baile
DefaultAccount (S-1-5-21-260720292-2504253849-2348319339-503 - Limited - Disabled)
Guest (S-1-5-21-260720292-2504253849-2348319339-501 - Limited - Disabled)
supportaccount (S-1-5-21-260720292-2504253849-2348319339-1003 - Administrator - Enabled) => C:\Users\supportaccount
WDAGUtilityAccount (S-1-5-21-260720292-2504253849-2348319339-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.403 - Adobe)
Amazon Games (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 1.5.153.3 - Amazon.com Services, Inc.)
Amazon Photos (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Amazon Photos) (Version: 6.5.0 - Amazon.com, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C3A282C9-4C8B-4A63-B449-3A064FB378D7}) (Version: 8.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CC046FB9-E84E-4092-B924-DBE33DA2BE75}) (Version: 8.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cortona3D Viewer (HKLM\...\{71C24FD8-9FA4-4727-B1CB-E22B1E6D8403}) (Version: 8.6.212 - ParallelGraphics)
Dolby Atmos Windows API SDK (HKLM\...\{1F4A261B-588C-4A43-B1F0-49365AC430C7}) (Version: 1.1.3.23 - Dolby Laboratories, Inc.)
Dolby Atmos Windows APP (HKLM\...\{3CCE82BF-69CF-4172-8AFE-1DACB991A62B}) (Version: 1.1.3.21 - Dolby Laboratories, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Facebook Gameroom 1.23.7426.18586 (HKLM-x32\...\{58E3FB73-8B88-4807-A803-79B5ADA0136F}) (Version: 1.23.7426.18586 - Facebook)
Fitbit Connect (HKLM-x32\...\{F76678F2-2FF6-40D7-9B16-A39B0A820ED2}) (Version: 1.0.3.5512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 84.0.4147.105 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Grammarly (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\GrammarlyForWindows) (Version: 1.5.45 - Grammarly)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud Outlook (HKLM\...\{969F33A2-7E0F-43FC-8896-6EF0C028CA12}) (Version: 10.9.0.9 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation) Hidden
iTunes (HKLM\...\{9C96D8AC-EE43-4B47-877C-D11595511C8E}) (Version: 12.10.3.1 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo Migration Assistant (HKLM\...\Lenovo Migration Assistant_is1) (Version: 1.0.1.12 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.3.61.0 - Lenovo Group Ltd.)
Lenovo Yoga Mode Control (HKLM\...\{3F2E25D6-49D3-45D5-A7BD-13F5D6F64171}_is1) (Version: 2.0.0.9 - Lenovo)
Malwarebytes version 4.1.2.73 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.2.73 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 84.0.522.52 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.133.5 - )
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.5259.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\OneDriveSetup.exe) (Version: 20.124.0621.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5259.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5259.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5259.1000 - Microsoft Corporation) Hidden
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Polarr (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Polarr) (Version: 1.0.0 - Polarr, Inc.)
Polarr Photo Editor version 1.0.14 (HKLM-x32\...\Polarr Photo Editor_is1) (Version: 1.0.14 - CENTR MBR LLC)
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
UltraVPN (HKLM-x32\...\UltraVPN) (Version: 0.2.4 - UltraVPN)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-4) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-5) (Version: 1.0.42.0 - LunarG, Inc.)
Wacom Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-38 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.29-6 - Wacom Technology Corp.)
WD Backup (HKLM-x32\...\{09C422A7-0421-40A5-933A-9177BEDF9B3B}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{61ccf853-a113-4862-9d4a-6dd2b869c9db}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Bamboo Paper -> C:\Program Files\WindowsApps\D91E29CF.BambooPaper_1.7.13.0_x64__38kynpdw5g1aw [2020-03-31] (Wacom Europe GmbH)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.170.200.0_x86__kgqvnymyfvs32 [2020-06-13] (king.com)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-11-03] (Facebook Inc)
Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6mqt6hf9g46tw [2019-11-03] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_115.1.152.0_x64__v10z8vjag6ke6 [2020-05-29] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_11.2.18.0_x86__nzyj5cx40ttqa [2020-05-29] (Apple Inc.) [Startup Task]
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-02-28] (Instagram)
Journalist -> C:\Program Files\WindowsApps\49752MichaelS.Scherotter.Journalist_1.1.615.0_x64__9eg5g21zq32qm [2020-06-18] (Michael S. Scherotter)
LastPass: Free Password Manager -> C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.49.0.0_neutral__qq0fmhteeht3j [2020-06-05] (LastPass)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2019-11-03] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2004.12.0_x64__k1h2ywk1493x8 [2020-05-11] (LENOVO INC.)
Libby, by OverDrive -> C:\Program Files\WindowsApps\2FA138F6.LibbybyOverDrive_1.4.2.0_x64__daecb9042jmvt [2019-11-03] (OverDrive Inc.)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_550.7.119.0_x64__8xx8rvfyw5nnt [2020-06-09] (Facebook Inc) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-03] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-12] (Netflix, Inc.)
OverDrive - Library eBooks & Audiobooks -> C:\Program Files\WindowsApps\2FA138F6.OverDriveMediaConsole_3.8.0.5_neutral__daecb9042jmvt [2019-11-03] (OverDrive Inc.)
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2019-11-21] (Pandora Media Inc) [Startup Task]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c [2020-02-05] (Skype)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0 [2020-06-02] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxDTCM.dll [2017-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\baile\Desktop\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc
ShortcutWithArgument: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc

==================== Loaded Modules (Whitelisted) =============

2019-10-08 19:24 - 2019-10-08 19:33 - 262253568 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\App.dll
2019-10-08 19:24 - 2019-10-08 19:33 - 000875008 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\c++_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 000816640 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\CrossPortability_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 000053760 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\EGL_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 000087040 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\exif_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 000998400 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\ffmpeg_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 000829952 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\GLESv2_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 006719488 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\JavaScriptCore_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 000453120 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\OpenAL_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 064198144 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 001305600 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\pgl_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000040448 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\pthreadVC_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000113664 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\system_malloc_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000883200 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\System_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000368128 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\SystemResources_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000015872 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\unwind_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 021368832 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WebCore_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 004304384 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WebKit_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 001553408 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WebKitLegacy_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000095232 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WinMediaFoundation_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000013312 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WinPhoneBridge_osmeta.dll
2019-08-09 11:29 - 2019-08-09 11:30 - 000373760 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WP8MSVCBridge.dll
2019-08-09 11:29 - 2019-08-09 11:30 - 000147456 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WP8MSVCCommon.dll
2019-10-08 19:24 - 2019-10-08 20:44 - 000098304 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WRTBridge_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:44 - 000096768 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\z_osmeta.dll
2014-11-11 13:00 - 2014-11-11 13:00 - 000055808 _____ (important) [File not signed] c:\windows\branding\mediasrv.png
2020-07-14 16:21 - 2020-07-14 16:21 - 000040960 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\rfxvmt.dll
2020-06-25 19:49 - 2020-04-05 18:14 - 001662976 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Lenovo\VantageService\3.3.61.0\x64\SQLite.Interop.dll
2020-08-08 18:23 - 2020-05-30 19:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\SQLite.Interop.dll
2015-09-11 15:17 - 2015-09-11 15:17 - 001374208 ____R (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\baile\Downloads\LIBEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 16:03 - 2019-07-11 02:06 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts

2018-08-20 14:44 - 2018-08-20 16:07 - 000000442 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Control Panel\Desktop\\Wallpaper -> c:\users\baile\pictures\saved pictures\1 my kids and family\brady and ricki\2_devils lake j (8).jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: WTabletServiceISD => 2
MSCONFIG\Services: WTabletServicePro => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{FB915863-E8D0-430A-BAF4-DFE4634B338A}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{131D7F90-ACA0-4069-96D0-1F3A00E14292}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{26019E5A-38C6-4D59-A5BE-8BDD267EDF6F}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS5E63\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{6B0D2048-307F-4244-AA4F-F2E848B56A09}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS5E63\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{90C7A8A5-6209-46D1-99FB-57EFA975DEBF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4774C322-8F87-4DF5-914F-FA65DD7E57F1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7408D248-7459-4EB5-A88F-1C8685F8AB89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{83CFC735-8F34-4BD4-8A53-CF6EAA1C0D28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EFFD72D6-FE21-4012-9129-14D4B742DEDC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4C593CA2-C561-4BAD-8F26-105B3D35DFC2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AD08193A-210C-472B-8CD8-8B7834BCE82D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9E0CB921-F31D-40B0-AB1C-674623D491C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9C38DD02-D1E5-42D1-B4AC-B5184FD1F6C9}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS39E4\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{0BA55689-C33A-4822-9E64-B3B2B16C88F7}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS39E4\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{C9296C30-660F-4D19-A23C-EA4864E409CA}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS427F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{13017506-C2BE-42D1-A758-995EDCCF0D55}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS427F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2576A27D-0033-45B0-A059-CDC6B6633429}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS3C0D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{61D876BE-D09D-4574-8C61-A846F591D4C7}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS3C0D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{6CA07FE1-40F3-43F8-AC26-4C66B624A746}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS35F8\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{1EA577F8-A4B3-4D77-A21E-CE16F2BAC4F0}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS35F8\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{DB3CDFC4-2BF6-4663-8BC3-5E4D862A5642}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS501F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{938EFB33-83CF-496D-95BC-EBEDF2230A57}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS501F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{36DD490E-4979-44F3-BA93-6EE9F6DFE5AD}] => (Allow) C:\Users\baile\Downloads\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2DE0C751-C20B-41D9-ACE9-FA286B5FD124}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe => No File
FirewallRules: [{3966583E-9BD3-4AA7-ADEF-A8E228560145}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe => No File
FirewallRules: [{F110E177-1997-42B6-AB07-24234331214B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BB9E4FCE-C6D4-4D79-A5B5-6596087E3486}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{205AC0AE-3A23-4EFF-9D8D-1407C7350A9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FD7C4B0-A458-45A0-A28F-74DD83578761}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6733E1F9-EA29-4E45-9CFA-FD25A297EAB6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DB029122-856A-4900-896E-B5F828836049}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{804A7CAC-7F3A-4DBB-891F-7190D303AFB7}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\MigrationAssistant.exe (Lenovo -> )
FirewallRules: [{72732D93-EF99-4D73-BA99-C6A0CE94331C}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\MigrationAssistant.exe (Lenovo -> )
FirewallRules: [{FAF09736-6A4E-4DC2-B805-66E05FDBF34F}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe (Lenovo -> )
FirewallRules: [{99585B7F-5666-4DDC-8E2E-1589685D4EA1}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe (Lenovo -> )
FirewallRules: [{55F61B82-6001-4CBB-A25D-BB74FA7E0AB1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

18-07-2020 16:06:11 Scheduled Checkpoint
28-07-2020 00:34:32 Scheduled Checkpoint
01-08-2020 01:51:06 Installed Fitbit Connect

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (08/07/2020 08:28:47 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/07/2020 08:28:42 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/07/2020 08:28:37 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/07/2020 08:28:32 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/07/2020 08:28:27 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/07/2020 08:28:22 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/07/2020 08:28:16 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/07/2020 08:28:11 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.


System errors:
=============
Error: (08/08/2020 04:41:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/08/2020 04:27:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/08/2020 04:27:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/08/2020 04:26:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/07/2020 08:35:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/07/2020 08:21:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/07/2020 08:20:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/07/2020 08:20:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.


Windows Defender:
===================================
Date: 2020-08-09 00:00:34.9820000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {D847B024-AACA-4DE9-9680-0E85806A37D6}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-08 22:59:08.8580000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {C9370AE4-792F-492B-AB7C-BCBB5037E5A1}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-08 20:33:36.4500000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {4D334B26-0505-434D-A4BA-81FBFD5442DD}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-08 18:18:37.0530000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {313525DD-E419-448A-B9A8-0EDB7CCA8746}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-06 23:58:53.4810000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {6251CDF6-26DD-4113-9B30-A86A77DAC833}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-06 14:44:43.7490000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.239.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-06 14:44:43.7490000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.239.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-06 14:44:43.7490000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.239.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-06 14:44:43.7330000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.239.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-06 14:44:43.7330000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.239.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2020-08-03 21:55:06.2810000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.5210000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.4600000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.2190000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.1990000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 19:57:57.9860000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 19:57:57.9170000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 19:57:57.8400000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 4MCN33WW(V2.05) 07/19/2018
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 62%
Total physical RAM: 8050.39 MB
Available physical RAM: 3018.08 MB
Total Virtual: 10226.39 MB
Available Virtual: 3220.02 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:83.07 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:12.17 GB) NTFS

\\?\Volume{f502dc90-57ed-4a7b-a2e2-fa55f122b281}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.47 GB) NTFS
\\?\Volume{d43090cd-ee40-4e84-a945-39394c9839b4}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A3FF1E49)

Partition: GPT.

==================== End of Addition.txt =======================
 

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
902
There are a few files I would like to check at VirusTotal. Please do the following


---------------------------------------------------
Farbar Recovery Scan Tool - Fix

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Code:
    Start::
    VirusTotal: C:\WINDOWS\branding\mediasrv.png;C:\WINDOWS\branding\wupsvc.jpg
    File: C:\WINDOWS\branding\mediasrv.png
    File: C:\WINDOWS\branding\wupsvc.jpg
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
 

sportsmom2x2

Thread Starter
Joined
Sep 3, 2007
Messages
212
Fix result of Farbar Recovery Scan Tool (x64) Version: 09-08-2020
Ran by bailey (09-08-2020 22:47:35) Run:2
Running from C:\Users\baile\Desktop
Loaded Profiles: bailey
Boot Mode: Normal
==============================================

fixlist content:
*****************
VirusTotal: C:\WINDOWS\branding\mediasrv.png;C:\WINDOWS\branding\wupsvc.jpg
File: C:\WINDOWS\branding\mediasrv.png
File: C:\WINDOWS\branding\wupsvc.jpg

*****************

VirusTotal: C:\WINDOWS\branding\mediasrv.png => https://www.virustotal.com/gui/file...9d19ceea28255e10a57cd8f667a039c28c-1597031257
VirusTotal: C:\WINDOWS\branding\wupsvc.jpg => https://www.virustotal.com/gui/file...16631ce050c11c68dbd9d7704f72aac965-1597031260

========================= File: C:\WINDOWS\branding\mediasrv.png ========================

C:\WINDOWS\branding\mediasrv.png
File not signed
MD5: 14D089B8DB4132011FBB1DDF3CC6EB97
Creation and modification date: 2014-11-11 13:00 - 2014-11-11 13:00
Size: 000055808
Attributes: ----A
Company Name: important
Internal Name: important
Original Name: important
Product: important
Description: important
File Version: 1.2.5.7
Product Version: 3.2.5.7
Copyright: Copyright (C) important solutions 2020
VirusTotal: 0

====== End of File: ======


========================= File: C:\WINDOWS\branding\wupsvc.jpg ========================

C:\WINDOWS\branding\wupsvc.jpg
File not signed
MD5: 49DE4C621A5A22A3CCB9AB69BD1A5DAF
Creation and modification date: 2014-11-11 13:00 - 2014-11-11 13:00
Size: 000152418
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


==== End of Fixlog 22:47:40 ====
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top